Using HTTP GET with HTTP-Enabled Location Delivery (HELD)
draft-thomson-geopriv-held-get-01

Status of This Memo

This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on April 24, 2010.

Copyright Notice

Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

Abstract

This document describes how an HTTP GET request to an HTTP-Enabled Location Delivery (HELD) resource is handled by the server responsible for that resource. This ensures that requests generated by user agents that are unaware of the special status of a URI do not result in unhelpful responses and enables the use of HTTP GET for location configuration and dereference.

Table of Contents

1.  Introduction
2.  Terminology
3.  HTTP GET Behaviour
4.  Security Considerations
5.  IANA Considerations
6.  References
    6.1.  Normative References
    6.2.  Informative References

1.  Introduction

The HTTP-Enabled Location Delivery (HELD) protocol (Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, “HTTP Enabled Location Delivery (HELD),” August 2009.) [I‑D.ietf‑geopriv‑http‑location‑delivery] prohibits the use of the HTTP GET method. It does this because a HELD request is not always safe and idempotent (Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” June 1999.) [RFC2616], an attribute necessary for use of GET.

The behaviour that is expected when a client makes an HTTP GET request to the a HELD URI is therefore undefined. GET is the method assumed by generic user agents, therefore unless context identifies an https: URI as a HELD URI, such a user agent might simply send an HTTP GET.

Rather than providing an HTTP 405 (Method Not Allowed) response indicating that POST is the only permitted method, this document specifies that a LIS provides a HELD location response if it receives an HTTP GET request.

2.  Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).

3.  HTTP GET Behaviour

A HELD URI is an https: or http: URI that is either the product of LIS discovery (Thomson, M. and J. Winterbottom, “Discovering the Local Location Information Server (LIS),” March 2010.) [I‑D.ietf‑geopriv‑lis‑discovery] or a location URI generated by a LIS.

An HTTP GET request to a HELD URI produces a HELD response as if the following HELD request had been sent using HTTP POST:

  <locationRequest xmlns="urn:ietf:params:xml:ns:geopriv:held">
    <locationType exact="false">
      geodetic civic
    </locationType>
  </locationRequest>

If the URI is a location URI, the limited profile of HELD described in [I‑D.winterbottom‑geopriv‑deref‑protocol] (Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M., and M. Dawson, “A Location Dereferencing Protocol Using HELD,” January 2010.) is applied. In particular, a location URI MUST NOT be provided in response to a location dereferencing request.

HTTP GET requests must be safe and idempotent - that is, there are no side-effects of making the request and repeating the request does not change the result. If the response provides a location object, this does not pose a problem. Changes in the location information do not occur as a result of requests, they are a result of a change in the value of the resource (the resource being the location of the Target).

To ensure that these requests are idempotent, a LIS MUST NOT generate a location URI as a result of serving this request. However, if a location URI already exists, it MAY be provided. To achieve this, a location URI might be pre-allocated based on Target identity. This approach only works as long as the location URI operates on the "authorization by possession" authorization model ([I‑D.ietf‑geopriv‑lbyr‑requirements] (Marshall, R., “Requirements for a Location-by-Reference Mechanism,” November 2009.)).

4.  Security Considerations

The security considerations of HELD (Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, “HTTP Enabled Location Delivery (HELD),” August 2009.) [I‑D.ietf‑geopriv‑http‑location‑delivery] apply. This document introduces no further security considerations.

5.  IANA Considerations

This document has no IANA actions.

6.  References

6.1. Normative References

6.2. Informative References

Author's Address