GEOPRIV M. Thomson Internet-Draft Andrew Intended status: Standards Track May 27, 2010 Expires: November 28, 2010 Using HTTP GET with HTTP-Enabled Location Delivery (HELD) draft-thomson-geopriv-held-get-02 Abstract This document describes how an HTTP GET request to an HTTP-Enabled Location Delivery (HELD) resource is handled by the server responsible for that resource. This ensures that requests generated by user agents that are unaware of the special status of a URI do not result in unhelpful responses and enables the use of HTTP GET for location configuration and dereference. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 28, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as Thomson Expires November 28, 2010 [Page 1] Internet-Draft HELD GET May 2010 described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. HTTP GET Behaviour . . . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6.1. Normative References . . . . . . . . . . . . . . . . . . . 4 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 Thomson Expires November 28, 2010 [Page 2] Internet-Draft HELD GET May 2010 1. Introduction The HTTP-Enabled Location Delivery (HELD) protocol [I-D.ietf-geopriv-http-location-delivery] prohibits the use of the HTTP GET method. It does this because a HELD request is not always safe and idempotent [RFC2616], an attribute necessary for use of GET. The behaviour that is expected when a client makes an HTTP GET request to the a HELD URI is therefore undefined. GET is the method assumed by generic user agents, therefore unless context identifies an "https:" URI as a HELD URI, such a user agent might simply send an HTTP GET. Rather than providing an HTTP 405 (Method Not Allowed) response indicating that POST is the only permitted method, this document describes a way for a LIS to provide a HELD location response if it receives an HTTP GET request. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. HTTP GET Behaviour A HELD URI is an "https:" or "http:" URI that is either the product of LIS discovery [I-D.ietf-geopriv-lis-discovery] or a location URI generated by a LIS [I-D.winterbottom-geopriv-deref-protocol]. An HTTP GET request to a HELD URI produces a HELD response as if the following HELD request had been sent using HTTP POST: geodetic civic If the URI is a location URI, this request complies with the limited profile of HELD described in [I-D.winterbottom-geopriv-deref-protocol]. However, a location URI MUST NOT be provided in response to a location dereferencing request. HTTP GET requests must be safe and idempotent - that is, there are no side-effects of making the request and repeating the request does not change the result. If the response provides a location object, this does not pose a problem. Changes in the location information do not Thomson Expires November 28, 2010 [Page 3] Internet-Draft HELD GET May 2010 occur as a result of requests, they are a result of a change in the value of the resource (the resource being the location of the Target). To ensure that these requests are idempotent, a LIS MUST NOT generate a location URI as a result of serving a GET request. However, if a location URI for the target already exists, it MAY be provided. This approach only works as long as the location URI operates on the "authorization by possession" authorization model ([RFC5808]). 4. Security Considerations The security considerations of HELD [I-D.ietf-geopriv-http-location-delivery] apply. This document introduces no further security considerations. 5. IANA Considerations This document has no IANA actions. [RFC Editor: please remove this section prior to publication.] 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [I-D.ietf-geopriv-http-location-delivery] Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, "HTTP Enabled Location Delivery (HELD)", draft-ietf-geopriv-http- location-delivery-16 (work in progress), August 2009. Thomson Expires November 28, 2010 [Page 4] Internet-Draft HELD GET May 2010 6.2. Informative References [RFC5808] Marshall, R., "Requirements for a Location-by-Reference Mechanism", RFC 5808, May 2010. [I-D.ietf-geopriv-lis-discovery] Thomson, M. and J. Winterbottom, "Discovering the Local Location Information Server (LIS)", draft-ietf-geopriv-lis- discovery-15 (work in progress), March 2010. [I-D.winterbottom-geopriv-deref-protocol] Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M., and M. Dawson, "A Location Dereferencing Protocol Using HELD", draf t-winterbottom-geopriv- deref-protocol-05 (work in progress), January 2010. Author's Address Martin Thomson Andrew Andrew Building (39) University of Wollongong Northfields Avenue Wollongong, NSW 2522 AU Phone: +61 2 4221 2915 EMail: martin.thomson@andrew.com URI: http://www.andrew.com/ Thomson Expires November 28, 2010 [Page 5]