idnits 2.17.1 draft-wilde-service-link-rel-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (November 20, 2018) is 1955 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-06) exists of draft-nottingham-json-home-04 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Wilde 3 Internet-Draft November 20, 2018 4 Intended status: Informational 5 Expires: May 24, 2019 7 Link Relation Types for Web Services 8 draft-wilde-service-link-rel-07 10 Abstract 12 Many resources provided on the Web are part of sets of resources that 13 are provided in a context that is managed by one particular service 14 provider. Often, these sets of resources are referred to as "Web 15 Services" or "Web APIs". This specification defines link relations 16 for representing relationships from those resources to ones that 17 provide documentation, descriptions, or metadata for these Web 18 services. Documentation is primarily intended for human consumers, 19 whereas descriptions are primarily intended for automated consumers; 20 metadata is supposed to be information about a service's context. It 21 also defines a link relation to identify status resources that are 22 used to represent operational information about service status. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on May 24, 2019. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 3. Web Services . . . . . . . . . . . . . . . . . . . . . . . . 4 61 3.1. Documenting Web Services . . . . . . . . . . . . . . . . 5 62 3.2. Describing Web Services . . . . . . . . . . . . . . . . . 5 63 3.3. Unified Documentation/Description . . . . . . . . . . . . 5 64 4. Link Relations for Web Services . . . . . . . . . . . . . . . 6 65 4.1. The service-doc Link Relation Type . . . . . . . . . . . 6 66 4.2. The service-desc Link Relation Type . . . . . . . . . . . 6 67 4.3. The service-meta Link Relation Type . . . . . . . . . . . 6 68 5. Web Service Status Resources . . . . . . . . . . . . . . . . 7 69 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 70 6.1. Link Relation Type: service-doc . . . . . . . . . . . . . 7 71 6.2. Link Relation Type: service-desc . . . . . . . . . . . . 7 72 6.3. Link Relation Type: service-meta . . . . . . . . . . . . 8 73 6.4. Link Relation Type: status . . . . . . . . . . . . . . . 8 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 75 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 76 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 77 8.2. Informative References . . . . . . . . . . . . . . . . . 9 78 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 9 79 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 81 1. Introduction 83 One of the defining aspects of the Web is that it is possible to 84 interact with Web resources without any prior knowledge of the 85 specifics of the resource. Following Web Architecture 86 [W3C.REC-webarch-20041215] by using URIs, HTTP, and media types, the 87 Web's uniform interface allows interactions with resources without 88 the more complex binding procedures often necessary with other 89 approaches. 91 Many resources on the Web are provided as part of a set of resources 92 that are referred to as a "Web Service" or a "Web API". In many 93 cases, these services or APIs are defined and managed as a whole, and 94 it may be desirable for clients to be able to discover this service 95 information. 97 Service information that provides information on how to use service 98 resources can be broadly separated into two categories: One category 99 is primarily targeted for human users and often uses generic 100 representations for human readable documents, such as HTML or PDF. 101 The other category is structured information that follows some more 102 formalized description model, and is primarily intended for 103 consumption by machines, for example for tools and code libraries. 105 In the context of this memo, the human-oriented variant is referred 106 to as "documentation", and the machine-oriented variant is referred 107 to as "description". 109 These two categories are not necessarily mutually exclusive, as there 110 are representations that have been proposed that are intended for 111 both human consumption and interpretation by machine clients. In 112 addition, a typical pattern for service documentation/description is 113 that there is human-oriented high-level documentation that is 114 intended to put a service in context and explain the general model, 115 which is complemented by a machine-level description that is intended 116 as a detailed technical description of the service. These two 117 resources could be interlinked, but since they are intended for 118 different audiences, it can make sense to provide entry points for 119 both of them. 121 In addition, while both documentation and descriptions may be 122 provided as part of a Web service, there may be other information as 123 well. Generally speaking, a Web service may have any metadata/ 124 resources associated with it (with documentation/description just 125 being two specific kinds of resource). If there is a way how all of 126 these metadata/resources are represented, then it should be possible 127 to discover such a resource of general Web service metadata. 129 In addition to these resources about mostly static aspects of a Web 130 service, this memo also defines a link relation that allows providers 131 of a Web service to link to a resource that represents status 132 information about the service. This information often represents 133 operational information that allows service consumers to retrieve 134 information about "service health" and related issues. 136 This memo places no constraints on the specific representations used 137 for all of these resources. It simply allows providers of a Web 138 service to make the documentation, description, metadata, and status 139 of their services discoverable, and defines link relations that serve 140 that purpose. 142 2. Terminology 144 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 145 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 146 document are to be interpreted as described in RFC 2119 [RFC2119]. 148 3. Web Services 150 "Web Services" or "Web APIs" (sometimes also referred to as "HTTP 151 API" or "REST API") are a way to expose information and services on 152 the Web. Following the principles of Web architecture 153 [W3C.REC-webarch-20041215], they expose URI-identified resources, 154 which are then accessed and transferred using a specific 155 representation. Many services use representations that contain 156 links, and often these links are typed links. 158 Using typed links, resources can identify relationship types to other 159 resources. RFC 8288 [RFC8288] establishes a framework of registered 160 link relation types, which are identified by simple strings and 161 registered in an IANA registry. Any resource that supports typed 162 links according to RFC 8288 can then use these identifiers to 163 represent resource relationships on the Web without having to re- 164 invent registered relation types. 166 In recent years, Web services as well as their documentation and 167 description languages have gained popularity, due to the general 168 popularity of the Web as a platform for providing information and 169 services. However, the design of documentation and description 170 languages varies with a number of factors, such as the general 171 application domain, the preferred application data model, and the 172 preferred approach for exposing services. 174 This specification allows service providers to use a unified way to 175 link to service documentation and/or description. This link should 176 not make any assumptions about the provided type of documentation 177 and/or description, so that service providers can choose the ones 178 that best fit their services and needs. 180 This specification also allows service providers to link to general 181 service metadata, which as one part of it may have links to 182 documentation and/or description, but potentially can have other 183 information about a service as well, such as deployment or 184 operational information. 186 3.1. Documenting Web Services 188 In the context of this specification, "documentation" refers to 189 information that is primarily intended for human consumption. 190 Typical representations for this kind of documentation are HTML and 191 PDF. 193 Documentation is often structured, but the exact kind of 194 documentation structure depends on the structure of the service that 195 is documented, as well as on the specific way in which the 196 documentation authors choose to document it. 198 3.2. Describing Web Services 200 In the context of this specification, "description" refers to 201 information that is primarily intended for machine consumption. 202 Typical representations for this are dictated by the technology 203 underlying the service itself, which means that in today's technology 204 landscape, description formats exist that are based on XML, JSON, 205 RDF, and a variety of other structured data models. Also, in each of 206 those technologies, there may be a variety of languages that are 207 defined to achieve the same general purpose of describing a Web 208 service. 210 Descriptions are always structured, but the structuring principles 211 depend on the nature of the described service. For example, one of 212 the earlier service description approaches, the Web Services 213 Description Language (WSDL), uses "operations" as its core concept, 214 which are essentially identical to function calls, because the 215 underlying model is based on that of the Remote Procedure Call (RPC) 216 model. Other description languages for non-RPC approaches to 217 services will use different structuring approaches, such as 218 structuring service descriptions by URIs and/or URI patterns. 220 3.3. Unified Documentation/Description 222 If service providers use an approach where there is no distinction 223 between service documentation (Section 3.1) and service description 224 (Section 3.2), then they may not feel the need to use two separate 225 links. In such a case, an alternative approach is to use the 226 "service" link relation type, which has no indication of whether it 227 links to documentation or description, and thus may be a better fit 228 if no such differentiation is required. 230 4. Link Relations for Web Services 232 In order to allow Web services to represent the relation of 233 individual resources to service documentation/description and 234 metadata, this specification introduces and registers three new link 235 relation types. 237 4.1. The service-doc Link Relation Type 239 The "service-doc" link relation type is used to represent the fact 240 that a resource is part of a bigger set of resources that are 241 documented at a specific URI. The target resource is expected to 242 provide documentation that is primarily intended for human 243 consumption. 245 4.2. The service-desc Link Relation Type 247 The "service-desc" link relation type is used to represent the fact 248 that a resource is part of a bigger set of resources that are 249 described at a specific URI. The target resource is expected to 250 provide a service description that is primarily intended for machine 251 consumption. In many cases, it is provided in a representation that 252 is consumed by tools, code libraries, or similar components. 254 4.3. The service-meta Link Relation Type 256 The "service-meta" link relation type is used to link to available 257 metadata for the service context of a resource. Service metadata is 258 any kind of data that may be of interest to existing or potential 259 service users, with documentation/description only being two possible 260 facets of service metadata. The target resource is expected to 261 provide a service description that is primarily intended for machine 262 consumption. In many cases, it is provided in a representation that 263 is consumed by tools, code libraries, or similar components. 265 Since service metadata can be for many different purposes, and use 266 many different representations, it may make sense for representations 267 using the "service-meta" link relation to add additional hints about 268 the specific kind or format of metadata that is being linked. This 269 definition of the "service-meta" link relation makes no specific 270 assumptions about how these link hints will be represented, and the 271 specific mechanism will depend on the context where the "service- 272 meta" link relation is being used. 274 5. Web Service Status Resources 276 Web services providing access to a set of resources often are hosted 277 and operated in an environment for which status information may be 278 available. This information may be as simple as confirming that a 279 service is operational, or may provide additional information about 280 different aspects of a service, and/or a history of status 281 information, possibly listing incidents and their resolution. 283 The "status" link relation type can be used to link to such a status 284 resource, allowing service consumers to retrieve status information 285 about a Web service's status. Such a link may not be available for 286 and from all resources provided by a Web service, but from key 287 resources such as a Web service's metadata resource and/or a 288 service's home resource [I-D.nottingham-json-home]. 290 This memo does not restrict the representation of a status resource 291 in any way. It may be primarily focused on human or machine 292 consumption, or a combination of both. It may be a simple "traffic 293 light" indicator for service health, or a more sophisticated 294 representation conveying more detailed information such as service 295 subsystems and/or a status history. 297 6. IANA Considerations 299 The link relation types below have been registered by IANA per 300 Section 4.2 of RFC 8288 [RFC8288]: 302 6.1. Link Relation Type: service-doc 304 Relation Name: service-doc 306 Description: Linking to service documentation that is primarily 307 intended for human consumption. 309 Reference: [[ This document ]] 311 6.2. Link Relation Type: service-desc 313 Relation Name: service-desc 315 Description: Linking to service description that is primarily 316 intended for consumption by machines. 318 Reference: [[ This document ]] 320 6.3. Link Relation Type: service-meta 322 Relation Name: service-meta 324 Description: Linking to service metadata that is primarily 325 intended for consumption by machines. 327 Reference: [[ This document ]] 329 6.4. Link Relation Type: status 331 Relation Name: status 333 Description: Linking to a resource that represents the status of a 334 Web service or API. 336 Reference: [[ This document ]] 338 7. Security Considerations 340 Web service providers should be aware that service descriptions and 341 documentation may be used by attackers to gain additional information 342 about a service, and to test for known security issues. It may thus 343 be advisable to keep service descriptions and documentation to those 344 aspects of a service that are necessary to use the service, and to 345 exclude any implementation details that are not necessary for using 346 the service. 348 Another potential security issue for Web service providers is that 349 publishing service descriptions and documentation may generally allow 350 clients (both malicious and otherwise) a more automated and 351 systematic access to a service. It may therefore be possible that 352 more of a service's potential vulnerabilities are made easier to find 353 and exploit, or simply that a service might receive more load because 354 it is accessed by automated clients. 356 Web service consumers should be aware that service descriptions and 357 documentation can be out of sync or simply incorrect. Blindly 358 trusting service descriptions and documentation (in particular when 359 descriptions are retrieved and interpreted programmatically) is not a 360 safe practice. Web service consumers should always assume that 361 service descriptions and documentation may be incorrect, and should 362 behave accordingly. 364 8. References 366 8.1. Normative References 368 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 369 Requirement Levels", RFC 2119, March 1997. 371 [RFC8288] Nottingham, M., "Web Linking", RFC 8288, 372 DOI 10.17487/RFC8288, October 2017, 373 . 375 8.2. Informative References 377 [I-D.nottingham-json-home] 378 Nottingham, M., "Home Documents for HTTP APIs", draft- 379 nottingham-json-home-04 (work in progress), May 2016. 381 [W3C.REC-webarch-20041215] 382 Jacobs, I. and N. Walsh, "Architecture of the World Wide 383 Web, Volume One", World Wide Web Consortium 384 Recommendation REC-webarch-20041215, December 2004, 385 . 387 Appendix A. Acknowledgements 389 Thanks for comments and suggestions provided by Mike Amundsen, Oliver 390 Gierke, Sebastien Lambla, and Darrell Miller. 392 Author's Address 394 Erik Wilde 396 Email: erik.wilde@dret.net 397 URI: http://dret.net/netdret/