idnits 2.17.1 draft-ietf-appsawg-http-problem-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 606 has weird spacing: '...element type ...' == Line 607 has weird spacing: '...element title...' == Line 608 has weird spacing: '...element detai...' == Line 609 has weird spacing: '...element statu...' == Line 610 has weird spacing: '...element insta...' == (1 more instance...) -- The document date (January 20, 2016) is 3009 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 18 ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 5988 (Obsoleted by RFC 8288) Summary: 4 errors (**), 0 flaws (~~), 7 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Nottingham 3 Internet-Draft Akamai 4 Intended status: Standards Track E. Wilde 5 Expires: July 23, 2016 January 20, 2016 7 Problem Details for HTTP APIs 8 draft-ietf-appsawg-http-problem-03 10 Abstract 12 This document defines a "problem detail" as a way to carry machine- 13 readable details of errors in a HTTP response, to avoid the need to 14 define new error response formats for HTTP APIs. 16 Note to Readers 18 This draft should be discussed on the apps-discuss mailing list [1]. 20 This section is to be removed before publication. 22 Note to RFC Editor 24 Please replace all occurrences of "XXXX" with the final RFC number 25 chosen for this draft. 27 This section is to be removed before publication. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on July 23, 2016. 46 Copyright Notice 48 Copyright (c) 2016 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 64 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. The Problem Details JSON Object . . . . . . . . . . . . . . . 4 66 3.1. Problem Details Object Members . . . . . . . . . . . . . 5 67 3.2. Extension Members . . . . . . . . . . . . . . . . . . . . 6 68 4. Defining New Problem Types . . . . . . . . . . . . . . . . . 7 69 4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 8 70 4.2. Pre-Defined Problem Types . . . . . . . . . . . . . . . . 8 71 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 72 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 73 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 74 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 75 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 76 8.2. Informative References . . . . . . . . . . . . . . . . . 12 77 Appendix A. HTTP Problems and XML . . . . . . . . . . . . . . . 13 78 Appendix B. Using Problem Details with Other Formats . . . . . . 15 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 81 1. Introduction 83 HTTP [RFC7230] status codes are sometimes not sufficient to convey 84 enough information about an error to be helpful. While humans behind 85 Web browsers can be informed about the nature of the problem with an 86 HTML [W3C.REC-html5-20141028] response body, non-human consumers of 87 so-called "HTTP APIs" are usually not. 89 This specification defines simple JSON [RFC7159] and XML 90 [W3C.REC-xml-20081126] document formats to suit this purpose. They 91 are designed to be reused by HTTP APIs, which can identify distinct 92 "problem types" specific to their needs. 94 Thus, API clients can be informed of both the high-level error class 95 (using the status code) and the finer-grained details of the problem 96 (using one of these formats). 98 For example, consider a response that indicates that the client's 99 account doesn't have enough credit. The 403 Forbidden status code 100 might be deemed most appropriate to use, as it will inform HTTP- 101 generic software (such as client libraries, caches and proxies) of 102 the general semantics of the response. 104 However, that doesn't give the API client enough information about 105 why the request was forbidden, the applicable account balance, or how 106 to correct the problem. If these details are included in the 107 response body in a machine-readable format, the client can treat it 108 appropriately; for example, triggering a transfer of more credit into 109 the account. 111 This specification does this by identifying a specific type of 112 problem (e.g., "out of credit") with a URI [RFC3986]; HTTP APIs can 113 do this by nominating new URIs under their control, or by reusing 114 existing ones. 116 Additionally, problems can contain other information, such as a URI 117 that identifies the specific occurrence of the problem (effectively 118 giving an identifier to the concept "The time Joe didn't have enough 119 credit last Thursday"), which can be useful for support or forensic 120 purposes. 122 The data model for problem details is a JSON [RFC7159] object; when 123 formatted as a JSON document, it uses the "application/problem+json" 124 media type. Appendix A defines how to express them in an equivalent 125 XML format, which uses the "application/problem+xml" media type. 127 Note that problem details are (naturally) not the only way to convey 128 the details of a problem in HTTP; if the response is still a 129 representation of a resource, for example, it's often preferable to 130 accommodate describing the relevant details in that application's 131 format. Likewise, in many situations, there is an appropriate HTTP 132 status code that does not require extra detail to be conveyed. 134 Instead, the aim of this specification is to define common error 135 formats for those applications that need one, so that they aren't 136 required to define their own, or worse, tempted to re-define the 137 semantics of existing HTTP status codes. Even if an application 138 chooses not to use it to convey errors, reviewing its design can help 139 guide the design decisions faced when conveying errors in an existing 140 format. 142 2. Requirements 144 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 145 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 146 document are to be interpreted as described in [RFC2119]. 148 3. The Problem Details JSON Object 150 The canonical model for problem details is a JSON [RFC7159] object. 152 When serialised as a JSON document, that format is identified with 153 the "application/problem+json" media type. 155 For example, a HTTP response carrying JSON problem details: 157 HTTP/1.1 403 Forbidden 158 Content-Type: application/problem+json 159 Content-Language: en 161 { 162 "type": "https://example.com/probs/out-of-credit", 163 "title": "You do not have enough credit.", 164 "detail": "Your current balance is 30, but that costs 50.", 165 "instance": "/account/12345/msgs/abc", 166 "balance": 30, 167 "accounts": ["/account/12345", 168 "/account/67890"] 169 } 171 Here, the out-of-credit problem (identified by its type URI) 172 indicates the reason for the 403 in "title", gives a reference for 173 the specific problem occurrence with "instance", gives occurrence- 174 specific details in "detail", and adds two extensions; "balance" 175 conveys the account's balance, and "accounts" gives links where the 176 account can be topped up. 178 The ability to convey problem-specific extensions allows more than 179 one problem to be conveyed. For example: 181 HTTP/1.1 400 Bad Request 182 Content-Type: application/problem+json 183 Content-Language: en 185 { 186 "type": "https://example.net/validation-error", 187 "title": "Your request parameters didn't validate.", 188 "invalid-params": [ { 189 "name": "age", 190 "reason": "must be a positive integer" 191 }, 192 { 193 "name": "color", 194 "reason": "must be 'green', 'red' or 'blue'"} 195 ] 196 } 198 Note that this requires each of the sub-problems to be similar enough 199 to use the same HTTP status code. If they do not, the 207 (Multi- 200 Status) [RFC4918] code could be used to encapsulate multiple status 201 messages. 203 3.1. Problem Details Object Members 205 A problem details object can have the following members: 207 o "type" (string) - A URI reference [RFC3986] that identifies the 208 problem type. When dereferenced, it is encouraged to provide 209 human-readable documentation for the problem type (e.g., using 210 HTML [W3C.REC-html5-20141028]). When this member is not present, 211 its value is assumed to be "about:blank". 213 o "title" (string) - A short, human-readable summary of the problem 214 type. It SHOULD NOT change from occurrence to occurrence of the 215 problem, except for purposes of localisation (e.g., using 216 proactive content negotiation; see [RFC7231], Section 3.4). 218 o "status" (number) - The HTTP status code ([RFC7231], Section 6) 219 generated by the origin server for this occurrence of the problem. 221 o "detail" (string) - An human readable explanation specific to this 222 occurrence of the problem. 224 o "instance" (string) - A URI reference that identifies the specific 225 occurrence of the problem. It may or may not yield further 226 information if dereferenced. 228 Consumers MUST use the type string as the primary identifier for the 229 problem type; the title string is advisory, and included only for 230 users who are not aware of the semantics of the URI, and don't have 231 the ability to discover them (e.g., offline log analysis). Consumers 232 SHOULD NOT automatically dereference the type URI. 234 The status member, if present, is only advisory; it conveys the HTTP 235 status code used for the convenience of the consumer. Generators 236 MUST use the same status code in the actual HTTP response, to assure 237 that generic HTTP software that does not understand this format still 238 behaves correctly. See Section 5 for further caveats regarding its 239 use. 241 Consumers can use the status member to determine what the original 242 status code used by the generator was, in cases where it has been 243 changed (e.g., by an intermediary or cache), and when message bodies 244 are persisted without HTTP information. Generic HTTP software will 245 still use the HTTP status code. 247 The detail member, if present, ought to focus on helping the client 248 correct the problem, rather than giving debugging information. 250 Consumers SHOULD NOT parse the detail member for information; 251 extensions are more suitable and less error-prone ways to obtain such 252 information. 254 Note that both "type" and "instance" accept relative URIs; this means 255 that they must be resolved relative to the document's base URI, as 256 per [RFC3986], Section 5. 258 3.2. Extension Members 260 Problem type definitions MAY extend the problem details object with 261 additional members. 263 For example, our "out of credit" problem above defines two such 264 extensions, "balance" and "accounts" to convey additional, problem- 265 specific information. 267 Clients consuming problem details MUST ignore any such extensions 268 that they don't recognise; this allows problem types to evolve and 269 include additional information in the future. 271 Note that because extensions are effectively name spaced by the 272 problem type, it is not possible to define new "standard" members 273 without defining a new media type. 275 4. Defining New Problem Types 277 When an HTTP API needs to define a response that indicates an error 278 condition, it might be appropriate to do so by defining a new problem 279 type. 281 Before doing so, it's important to understand what they are good for, 282 and what's better left to other mechanisms. 284 Problem details are not a debugging tool for the underlying 285 implementation; rather, they are a way to expose greater detail about 286 the HTTP interface itself. Designers of new problem types need to 287 carefully consider the Security Considerations (Section 5); in 288 particular the risk of exposing attack vectors by exposing 289 implementation internals through error messages. 291 Likewise, truly generic problems - i.e., conditions that could 292 potentially apply to any resource on the Web - are usually better 293 expressed as plain status codes. For example, a "write access 294 disallowed" problem is probably unnecessary, since a 403 Forbidden 295 status code in response to a PUT request is self-explanatory. 297 Finally, an application might have a more appropriate way to carry an 298 error in a format that it already defines. Problem details are 299 intended to avoid the necessity of establishing new "fault" or 300 "error" document formats, not to replace existing domain-specific 301 formats. 303 That said, it is possible to add support for problem details to 304 existing HTTP APIs using HTTP content negotiation (e.g., using the 305 Accept request header to indicate a preference for this format; see 306 [RFC7231], Section 5.3.2). 308 New problem type definitions MUST document: 310 1. A type URI (typically, with the "http" or "https" scheme), 312 2. A title that appropriately describes it (think short), and 314 3. The HTTP status code for it to be used with. 316 Problem type definitions MAY specify the use of the Retry-After 317 response header ([RFC7231], Section 7.1.3) in appropriate 318 circumstances. 320 A problem's type URI SHOULD resolve to HTML [W3C.REC-html5-20141028] 321 documentation that explains how to resolve the problem. 323 A problem type definition MAY specify additional members on the 324 Problem Details object. For example, an extension might use typed 325 links [RFC5988] to another resource that can be used by machines to 326 resolve the problem. 328 If such additional members are defined, their names SHOULD start with 329 a letter (ALPHA, as per [RFC5234], Appendix B.1) and SHOULD consist 330 of characters from ALPHA, DIGIT (Ibid.), and "_" (so that it can be 331 serialized in formats other than JSON), and SHOULD be three 332 characters or longer. 334 4.1. Example 336 For example, if you are publishing an HTTP API to your online 337 shopping cart, you might need to indicate that the user is out of 338 credit (our example from above), and therefore cannot make the 339 purchase. 341 If you already have an application-specific format that can 342 accommodate this information, it's probably best to do that. 343 However, if you don't, you might consider using one of the problem 344 details formats; JSON if your API is JSON-based, or XML if it uses 345 that format. 347 To do so, you might look for an already-defined type URI that suits 348 your purposes. If one is available, you can reuse that URI. 350 If one isn't available, you could mint and document a new type URI 351 (which ought to be under your control and stable over time), an 352 appropriate title and the HTTP status code that it will be used with, 353 along with what it means and how it should be handled. 355 In summary: an instance URI will always identify a specific 356 occurrence of a problem. On the other hand, type URIs can be reused 357 if an appropriate description of a problem type is already available 358 someplace else, or they can be created for new problem types. 360 4.2. Pre-Defined Problem Types 362 This specification reserves the use of one URI as a problem type: 364 The "about:blank" URI [RFC6694], when used as a problem type, 365 indicates that the problem has no additional semantics beyond that of 366 the HTTP status code. 368 When "about:blank" is used, the title SHOULD be the same as the 369 recommended HTTP status phrase for that code (e.g., "Not Found" for 370 404, and so on), although it MAY be localized to suit client 371 preferences (expressed with the Accept-Language request header). 373 Please note that according to how the "type" member is defined 374 (Section 3.1), the "about:blank" URI is the default value for that 375 member. Consequently, any problem details object not carrying an 376 explicit "type" member implicitly uses this URI. 378 5. Security Considerations 380 When defining a new problem type, the information included must be 381 carefully vetted. Likewise, when actually generating a problem - 382 however it is serialized - the details given must also be 383 scrutinized. 385 Risks include leaking information that can be exploited to compromise 386 the system, access to the system, or the privacy of users of the 387 system. 389 Generators providing links to occurrence information are encouraged 390 to avoid making implementation details such as a stack dump available 391 through the HTTP interface, since this can expose sensitive details 392 of the server implementation, its data, and so on. 394 The "status" member duplicates the information available in the HTTP 395 status code itself, thereby bringing the possibility of disagreement 396 between the two. Their relative precedence is not clear, since a 397 disagreement might indicate that (for example) an intermediary has 398 modified the HTTP status code in transit (e.g., by a proxy or cache). 400 As such, those defining problem types as well as generators and 401 consumers of problems need to be aware that generic software (such as 402 proxies, load balancers, firewalls, virus scanners) are unlikely to 403 know of or respect the status code conveyed in this member. 405 6. IANA Considerations 407 This specification defines two new Internet media types [RFC6838]: 409 Type name: application 411 Subtype name: problem+json 413 Required parameters: None 415 Optional parameters: None; unrecognised parameters should be ignored 417 Encoding considerations: Same as [RFC7159] 418 Security considerations: see Section 5 of this document 420 Interoperability considerations: None 422 Published specification: [this document] 424 Applications that use this media type: HTTP 426 Fragment identifier considerations: Same as for application/json 427 ([RFC7159]) 429 Additional information: 431 Deprecated alias names for this type: n/a 433 Magic number(s): n/a 435 File extension(s): n/a 437 Macintosh file type code(s): n/a 439 Person and email address to contact for further information: Mark No 440 ttingham 442 Intended usage: COMMON 444 Restrictions on usage: None. 446 Author: Mark Nottingham 448 Change controller: IESG 450 Type name: application 452 Subtype name: problem+xml 454 Required parameters: None 456 Optional parameters: None; unrecognised parameters should be ignored 458 Encoding considerations: Same as [RFC7303] 460 Security considerations: see Section 5 of this document 462 Interoperability considerations: None 464 Published specification: [this document] 465 Applications that use this media type: HTTP 467 Fragment identifier considerations: Same as for application/xml (as 468 specified by Section 5 of [RFC7303]) 470 Additional information: 472 Deprecated alias names for this type: n/a 474 Magic number(s): n/a 476 File extension(s): n/a 478 Macintosh file type code(s): n/a 480 Person and email address to contact for further information: Mark No 481 ttingham 483 Intended usage: COMMON 485 Restrictions on usage: None. 487 Author: Mark Nottingham 489 Change controller: IESG 491 7. Acknowledgements 493 The authors would like to thank Jan Algermissen, Mike Amundsen, Subbu 494 Allamaraju, Roy Fielding, Eran Hammer, Sam Johnston, Mike McCall, 495 Julian Reschke, and James Snell for review of this specification. 497 8. References 499 8.1. Normative References 501 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 502 Requirement Levels", BCP 14, RFC 2119, 503 DOI 10.17487/RFC2119, March 1997, 504 . 506 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 507 Resource Identifier (URI): Generic Syntax", STD 66, 508 RFC 3986, DOI 10.17487/RFC3986, January 2005, 509 . 511 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 512 Specifications: ABNF", STD 68, RFC 5234, 513 DOI 10.17487/RFC5234, January 2008, 514 . 516 [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data 517 Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 518 2014, . 520 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 521 Protocol (HTTP/1.1): Message Syntax and Routing", 522 RFC 7230, DOI 10.17487/RFC7230, June 2014, 523 . 525 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 526 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 527 DOI 10.17487/RFC7231, June 2014, 528 . 530 [W3C.REC-xml-20081126] 531 Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and 532 F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth 533 Edition)", World Wide Web Consortium Recommendation REC- 534 xml-20081126, November 2008, 535 . 537 8.2. Informative References 539 [ISO-19757-2] 540 International Organization for Standardization, 541 "Information Technology --- Document Schema Definition 542 Languages (DSDL) --- Part 2: Grammar-based Validation --- 543 RELAX NG", ISO/IEC 19757-2, 2003. 545 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed 546 Authoring and Versioning (WebDAV)", RFC 4918, 547 DOI 10.17487/RFC4918, June 2007, 548 . 550 [RFC5988] Nottingham, M., "Web Linking", RFC 5988, 551 DOI 10.17487/RFC5988, October 2010, 552 . 554 [RFC6694] Moonesamy, S., Ed., "The "about" URI Scheme", RFC 6694, 555 DOI 10.17487/RFC6694, August 2012, 556 . 558 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 559 Specifications and Registration Procedures", BCP 13, 560 RFC 6838, DOI 10.17487/RFC6838, January 2013, 561 . 563 [RFC7303] Thompson, H. and C. Lilley, "XML Media Types", RFC 7303, 564 DOI 10.17487/RFC7303, July 2014, 565 . 567 [W3C.REC-html5-20141028] 568 Hickson, I., Berjon, R., Faulkner, S., Leithead, T., 569 Navara, E., O'Connor, E., and S. Pfeiffer, "HTML5", 570 World Wide Web Consortium Recommendation REC- 571 html5-20141028, October 2014, 572 . 574 [W3C.REC-rdfa-core-20130822] 575 Adida, B., Birbeck, M., McCarron, S., and I. Herman, "RDFa 576 Core 1.1 - Second Edition", World Wide Web Consortium 577 Recommendation REC-rdfa-core-20130822, August 2013, 578 . 580 [W3C.REC-xml-stylesheet-20101028] 581 Clark, J., Pieters, S., and H. Thompson, "Associating 582 Style Sheets with XML documents 1.0 (Second Edition)", 583 World Wide Web Consortium Recommendation REC-xml- 584 stylesheet-20101028, October 2010, 585 . 587 Appendix A. HTTP Problems and XML 589 Some HTTP-based APIs use XML [W3C.REC-xml-20081126] as their primary 590 format convention. Such APIs can express problem details using the 591 format defined in this appendix. 593 The RELAX NG schema [ISO-19757-2] for the XML format is as follows. 594 Keep in mind that this schema is only meant as documentation, and not 595 as a normative schema that captures all constraints of the XML 596 format. Also, it would be possible to use other XML schema languages 597 to define a similar set of constraints (depending on the features of 598 the chosen schema language). 600 default namespace ns = "urn:ietf:rfc:XXXX" 602 start = problem 604 problem = 605 element problem { 606 ( element type { xsd:anyURI }? 607 & element title { xsd:string }? 608 & element detail { xsd:string }? 609 & element status { xsd:positiveInteger }? 610 & element instance { xsd:anyURI }? ), 611 anyNsElement 612 } 614 anyNsElement = 615 ( element ns:* { anyNsElement | text } 616 | attribute * { text })* 618 The media type for this format is "application/problem+xml". 620 Extension arrays and objects are serialized into the XML format by 621 considering an element containing a child or children to represent an 622 object, except for elements that contain only child element(s) named 623 'i', which are considered arrays. For example, the XML version of 624 the example above appears in XML as follows: 626 HTTP/1.1 403 Forbidden 627 Content-Type: application/problem+xml 628 Content-Language: en 630 631 632 https://example.com/probs/out-of-credit 633 You do not have enough credit. 634 Your current balance is 30, but that costs 50. 635 https://example.net/account/12345/msgs/abc 636 30 637 638 https://example.net/account/12345 639 https://example.net/account/67890 640 641 643 Note that this format uses an XML Namespace. This is primarily to 644 allow embedding it into other XML-based formats; it does not imply 645 that it can or should be extended with elements or attributes in 646 other namespaces. The RELAX NG schema explicitly only allows 647 elements from the one namespace used in the XML format. Any 648 extension arrays and objects MUST be serialized into XML markup using 649 only that namespace. 651 When using the XML format, it is possible to embed an XML Processing 652 Instruction in the XML that instructs clients to transform the XML, 653 using the referenced XSLT code [W3C.REC-xml-stylesheet-20101028]. If 654 this code is transforming the XML into (X)HTML, then it is possible 655 to serve the XML format, and yet have clients capable of performing 656 the transformation display human-friendly (X)HTML that is rendered 657 and displayed at the client. Note that when using this method, it is 658 advisable to use XSLT 1.0, in order to maximize the number of clients 659 capable of executing the XSLT code. 661 Appendix B. Using Problem Details with Other Formats 663 In some situations, it can be advantageous to embed Problem Details 664 in formats other than those described here. For example, an API that 665 uses HTML [W3C.REC-html5-20141028] might want to also use HTML for 666 expressing its problem details. 668 Problem details can be embedded in other formats by either 669 encapsulating one of the existing serializations (JSON or XML) into 670 that format, or by translating the model of a Problem Detail (as 671 specified in Section 3) into the format's conventions. 673 For example, in HTML, a problem could be embedded by encapsulating 674 JSON in a script tag: 676 688 or by inventing a mapping into RDFa [W3C.REC-rdfa-core-20130822]. 690 This specification does not make specific recommendations regarding 691 embedding Problem Details in other formats; the appropriate way to 692 embed them depends both upon the format in use and application of 693 that format. 695 Authors' Addresses 697 Mark Nottingham 698 Akamai 700 Email: mnot@mnot.net 701 URI: http://www.mnot.net/ 703 Erik Wilde 705 Email: erik.wilde@dret.net 706 URI: http://dret.net/netdret/