Using HTTP GET with HTTP-Enabled Location Delivery (HELD)
draft-thomson-geopriv-held-get-02

Abstract

This document describes how an HTTP GET request to an HTTP-Enabled Location Delivery (HELD) resource is handled by the server responsible for that resource. This ensures that requests generated by user agents that are unaware of the special status of a URI do not result in unhelpful responses and enables the use of HTTP GET for location configuration and dereference.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

This Internet-Draft will expire on November 28, 2010.

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1.  Introduction
2.  Terminology
3.  HTTP GET Behaviour
4.  Security Considerations
5.  IANA Considerations
6.  References
    6.1.  Normative References
    6.2.  Informative References

1.  Introduction

The HTTP-Enabled Location Delivery (HELD) protocol (Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, “HTTP Enabled Location Delivery (HELD),” August 2009.) [I‑D.ietf‑geopriv‑http‑location‑delivery] prohibits the use of the HTTP GET method. It does this because a HELD request is not always safe and idempotent (Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” June 1999.) [RFC2616], an attribute necessary for use of GET.

The behaviour that is expected when a client makes an HTTP GET request to the a HELD URI is therefore undefined. GET is the method assumed by generic user agents, therefore unless context identifies an https: URI as a HELD URI, such a user agent might simply send an HTTP GET.

Rather than providing an HTTP 405 (Method Not Allowed) response indicating that POST is the only permitted method, this document describes a way for a LIS to provide a HELD location response if it receives an HTTP GET request.

2.  Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).

3.  HTTP GET Behaviour

A HELD URI is an https: or http: URI that is either the product of LIS discovery (Thomson, M. and J. Winterbottom, “Discovering the Local Location Information Server (LIS),” March 2010.) [I‑D.ietf‑geopriv‑lis‑discovery] or a location URI generated by a LIS [I‑D.winterbottom‑geopriv‑deref‑protocol] (Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M., and M. Dawson, “A Location Dereferencing Protocol Using HELD,” January 2010.).

An HTTP GET request to a HELD URI produces a HELD response as if the following HELD request had been sent using HTTP POST:

  <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
    <locationType exact="false">
      geodetic civic
    </locationType>
  </locationRequest>

If the URI is a location URI, this request complies with the limited profile of HELD described in [I‑D.winterbottom‑geopriv‑deref‑protocol] (Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M., and M. Dawson, “A Location Dereferencing Protocol Using HELD,” January 2010.). However, a location URI MUST NOT be provided in response to a location dereferencing request.

HTTP GET requests must be safe and idempotent - that is, there are no side-effects of making the request and repeating the request does not change the result. If the response provides a location object, this does not pose a problem. Changes in the location information do not occur as a result of requests, they are a result of a change in the value of the resource (the resource being the location of the Target).

To ensure that these requests are idempotent, a LIS MUST NOT generate a location URI as a result of serving a GET request. However, if a location URI for the target already exists, it MAY be provided. This approach only works as long as the location URI operates on the "authorization by possession" authorization model ([RFC5808] (Marshall, R., “Requirements for a Location-by-Reference Mechanism,” May 2010.)).

4.  Security Considerations

The security considerations of HELD (Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, “HTTP Enabled Location Delivery (HELD),” August 2009.) [I‑D.ietf‑geopriv‑http‑location‑delivery] apply. This document introduces no further security considerations.

5.  IANA Considerations

This document has no IANA actions.

[RFC Editor: please remove this section prior to publication.]

6.  References

6.1. Normative References

6.2. Informative References

Author's Address