Network Working Group                                            J. Arwe
Internet-Draft                                               S. Speicher
Intended status: Standards Track                                     IBM
Expires: February 6, 2015                                       E. Wilde
                                                             UC Berkeley
                                                             Aug 5, 2014


                      The Accept-Post HTTP Header
                       draft-wilde-accept-post-03

Abstract

   This specification defines a new HTTP response header field Accept-
   Post, which indicates server support for specific media types for
   entity bodies in HTTP POST requests.

Note to Readers

   This draft should be discussed on the apps-discuss mailing list [1].

   Online access to all versions and files is available on github [2].

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 6, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of



Arwe, et al.            Expires February 6, 2015                [Page 1]


Internet-Draft                 Accept-Post                      Aug 2014


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  The Accept-Post Response Header Field  . . . . . . . . . . . .  3
   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  4
     4.1.  The Accept-Post Response Header  . . . . . . . . . . . . .  4
   5.  Examples . . . . . . . . . . . . . . . . . . . . . . . . . . .  4
     5.1.  Atom Publishing Protocol . . . . . . . . . . . . . . . . .  4
     5.2.  Linked Data Platform . . . . . . . . . . . . . . . . . . .  5
     5.3.  Additional Information in Error Responses  . . . . . . . .  5
   6.  Implementation Status  . . . . . . . . . . . . . . . . . . . .  6
     6.1.  Eclipse Lyo  . . . . . . . . . . . . . . . . . . . . . . .  6
     6.2.  RWW.I/O  . . . . . . . . . . . . . . . . . . . . . . . . .  7
     6.3.  Tivoli Workload Automation . . . . . . . . . . . . . . . .  8
     6.4.  Jazz for Service Management  . . . . . . . . . . . . . . .  8
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   8.  Open Issues  . . . . . . . . . . . . . . . . . . . . . . . . .  9
   9.  Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     9.1.  From -03 to -04  . . . . . . . . . . . . . . . . . . . . . 10
     9.2.  From -02 to -03  . . . . . . . . . . . . . . . . . . . . . 10
     9.3.  From -01 to -02  . . . . . . . . . . . . . . . . . . . . . 10
     9.4.  From -00 to -01  . . . . . . . . . . . . . . . . . . . . . 10
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 10
     10.2. Informative References . . . . . . . . . . . . . . . . . . 11
   Appendix A.  Acknowledgements  . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12















Arwe, et al.            Expires February 6, 2015                [Page 2]


Internet-Draft                 Accept-Post                      Aug 2014


1.  Introduction

   This specification defines a new HTTP response header field Accept-
   Post, which indicates server support for specific media types for
   entity bodies in HTTP POST requests.  This header field is comparable
   to the Accept-Patch response header field specified together with the
   HTTP PATCH method [RFC5789] (notice, however, that while Accept-Patch
   is defined to only list specific media types, Accept-Post reuses the
   "media range" concept of HTTP's Accept header and thus allows media
   type wildcards as well).


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


3.  The Accept-Post Response Header Field

   This specification introduces a new response header field Accept-Post
   used to specify the document formats accepted by the server in HTTP
   POST requests.  Accept-Post SHOULD appear in the OPTIONS response for
   any resource that supports the use of the POST method.  The presence
   of the Accept-Post header in response to any method is an implicit
   indication that POST is allowed on the resource identified by the
   Request-URI.  The presence of a specific document format in this
   header indicates that this specific format is allowed on the resource
   identified by the Request-URI.

   The syntax for Accept-Post headers, using the ABNF [RFC5234] syntax
   defined in Section 5.3.2 of HTTP/1.1 [RFC7231], is given by the
   following definition:
   Accept-Post = #( media-range [ accept-params ] )

   (Please note that this ABNF differs from the one given in Section
   5.3.2 of RFC 7231 [RFC7231], which includes the header field name.)

   The Accept-Post header specifies a media range as defined by HTTP
   [RFC7231].  The media range specifies a type of representation that
   can be POSTed to the Request-URI.

   The app:accept element is similar to the HTTP Accept request header
   field [RFC7231].  Media type parameters are allowed within Accept-
   Post, but Accept-Post has no notion of preference - "accept-params"
   or "q" arguments, as specified in Section 5.3.2 of [RFC7231], are not
   significant.



Arwe, et al.            Expires February 6, 2015                [Page 3]


Internet-Draft                 Accept-Post                      Aug 2014


4.  IANA Considerations

   This specification defines a response header field for the Hypertext
   Transfer Protocol (HTTP) that has been registered with the Internet
   Assigned Numbers Authority (IANA) following the "Registration
   Procedures for Message Header Fields" [RFC3864].

4.1.  The Accept-Post Response Header

   The Accept-Post response header should be added to the permanent
   registry of message header fields (see [RFC3864]), taking into
   account the guidelines given by HTTP/1.1 [RFC7231].

   Header Field Name: Accept-Post

   Applicable Protocol: Hypertext Transfer Protocol (HTTP)

   Status: Standard

   Author/Change controller: IETF

   Specification document(s): RFC XXXX


5.  Examples

   Accept-Post extends the way in which interaction information can be
   exposed in HTTP itself.  The following sections contain some examples
   how this can be used in concrete HTTP-based services.  Based on the
   first example of AtomPub Section 5.1, when sending a GET request to
   the URI of a collection, the following response could be sent, if the
   server decided to support Accept-Post headers:
   HTTP/1.1 201 OK
                  Date: Fri, 23 Feb 2007 21:17:11 GMT
                  Content-Length: nnn
                  Content-Type: application/atom+xml;type=feed
                  Accept-Post: image/gif, image/jpeg, image/png

   In this response to the GET request of a collection URI, the server
   indicates that this particular collection accepts new entries in the
   form of GIF, JPEG, or PNG images.  No parameters are used, which
   means that there is no server-specified preference among those media
   types.

5.1.  Atom Publishing Protocol

   The Atom Publishing Protocol (AtomPub) [RFC5023] defines a model of
   interacting with collections and members, based on representations



Arwe, et al.            Expires February 6, 2015                [Page 4]


Internet-Draft                 Accept-Post                      Aug 2014


   using the Atom [RFC4287] syntax.  AtomPub allows clients to create
   new collection members by using HTTP POST, with the request being
   sent to the collection URI.  AtomPub servers can limit the media
   types they accept in these POST requests, and the accepted media
   types are listed in an "AtomPub service document".

   The Accept-Post header field does allow an AtomPub server to
   advertise its support for specific media types in interactions with
   the collection resource, without the need for a client to locate the
   service document and interact with it.  This increases the visibility
   of the "POST to Create" model of AtomPub, and makes it easier for
   clients to find out about the capabilities of a specific collection.

   While the AtomPub protocol cannot be changed retroactively, this
   additional way of exposing interaction guidance could make it easier
   for clients to interact with AtomPub services that do support the
   Accept-Post header field.  For those that do not support Accept-Post,
   clients would still have to rely on using the information contained
   in the service document (including the sometimes tricky issue of how
   to locate the service document for a given collection).

5.2.  Linked Data Platform

   The Linked Data Platform (LDP) [W3C.WD-ldp-20140311] describes a set
   of best practices and simple approach for a read-write Linked Data
   architecture, based on HTTP access to Web resources that describe
   their state using the RDF data model.  LDP defines LDP Containers
   (LDPC) and LDP Resources (LDPR).  Adding new LDPRs to an LDPC is done
   by sending an HTTP POST request to the LDPC.  An LDPC can constrain
   the media types it is accepting for these POST requests, and should
   expose its support for accepted media types via Accept-Post.

   In fact, the Accept-Post header was initially developed within the
   W3C's LDP Working Group (LDPWG), see Appendix A for acknowledgements.
   It was then decided that the header itself might be useful in other
   contexts as well, and thus should be specified in a standalone
   document.

5.3.  Additional Information in Error Responses

   If a client POSTs an unsupported POST document, it is possible for
   the server to use Accept-Post to indicate the supported media types.
   These can be specified using a 415 (Unsupported Media Type) response
   when the client sends a POST document format that the server does not
   support for the resource identified by the Request-URI.  Such a
   response then MAY include an Accept-Post response header notify the
   client what POST document media types are supported.




Arwe, et al.            Expires February 6, 2015                [Page 5]


Internet-Draft                 Accept-Post                      Aug 2014


   This example applies to all resources supporting a limited set of
   media types for POST requests, such as the ones listed in the
   previous to sections.  In both AtomPub and LDP, it would be possible
   for a server to include an Accept-Post header in a 415 response to a
   failed POST request, and indicate the media types that are accepted
   for POST requests.


6.  Implementation Status

   Note to RFC Editor: Please remove this section before publication.

   This section records the status of known implementations of the
   protocol defined by this specification at the time of posting of this
   Internet-Draft, and is based on a proposal described in RFC 6982
   [RFC6982].  The description of implementations in this section is
   intended to assist the IETF in its decision processes in progressing
   drafts to RFCs.  Please note that the listing of any individual
   implementation here does not imply endorsement by the IETF.
   Furthermore, no effort has been spent to verify the information
   presented here that was supplied by IETF contributors.  This is not
   intended as, and must not be construed to be, a catalog of available
   implementations or their features.  Readers are advised to note that
   other implementations may exist.

   According to RFC 6982, "this will allow reviewers and working groups
   to assign due consideration to documents that have the benefit of
   running code, which may serve as evidence of valuable experimentation
   and feedback that have made the implemented protocols more mature.
   It is up to the individual working groups to use this information as
   they see fit".

6.1.  Eclipse Lyo

      Organization: IBM developed and contributed to the Eclipse Lyo
      project [3].

      Name: Eclipse Lyo "LDP reference implementation" [4]

      Description: A very simple reference implementation for W3C Linked
      Data Platform (LDP) using some base Java technologies such as
      JAX-RS 2.0 and Apache Jena.  The goals of this reference
      implementation is to experiment with validating the concepts in
      the specification and understanding what a SDK might look like to
      build LDP-compliant servers.  Additional goal is to validate the
      approach for usage in OSLC4J SDK for building OSLC [5] clients and
      servers.




Arwe, et al.            Expires February 6, 2015                [Page 6]


Internet-Draft                 Accept-Post                      Aug 2014


      Maturity: Early prototype/alpha.

      Coverage: All parts of the specification were covered for server
      requirements.

      Licensing: Freely distributable (Eclipse Public License (EPL) [6]
      and Eclipse Distribution License (EDL) [7]).

      Implementation Experience: Experience is only from the server
      perspective of generating the HTTP response header.  It was
      trivial using JAX-RS 2.0 mechanism using a ContainerResponseFilter
      on all responses.  More details about this approach are described
      in this blog post [8].

      Contact: Steve Speicher <[email protected]>

6.2.  RWW.I/O

      Organization: No particular organization.  The work done is part
      of project RWW.I/O [9].

      Name: RWW.I/O - personal linked data storage.

      Description: A minimal support for LDP is now included in RWW.I/O,
      which is a personal linked data storage space, following the
      structure of a Unix file system.  Currently, only LDPCs are
      supported, since the LDPRs are always files or directories that
      are being managed through RESTful operations.  RWW.I/O encourages
      the use of .meta files to semantically describe non-LD resources
      (e.g. images, html, js, css, etc.), and the use of .acl files for
      access control rules using the WAC vocabulary.  Both .meta and
      .acl should be used per file (i.e. photo.jpg will have a
      .meta.photo.jpg and a .acl.photo.jpg).

      Maturity: Beta until more features from LDP spec are included (if
      necessary).

      Coverage: LDPCs on the server side, pagination and Accept-Post
      header.  You can test LDPC support like this: curl -H "Accept:
      text/turtle" https://deiu.rww.io/public/?p=1 ; You can test
      Accept-Post header like this: curl -v -X OPTIONS -H "Accept: text/
      turtle" https://deiu.rww.io/public/

      Licensing: MIT license.  Source code is available on GitHub [10].

      Implementation Experience: Implementing current LDP features in
      RWW.I/O was trivial.  I've also decided to add the Accept-Post
      header to HEAD replies, as it helps to reduce the number of



Arwe, et al.            Expires February 6, 2015                [Page 7]


Internet-Draft                 Accept-Post                      Aug 2014


      requests for a client trying to discover more information about
      the server.

      Contact: Andrei Sambra <[email protected]>

6.3.  Tivoli Workload Automation

      Organization: IBM [11]

      Name: Tivoli Workload Automation [12]

      Description: An existing scheduling product that already
      implements the OSLC Automation specification [13] (both client and
      server roles), including creation factories for Automation
      Requests that accept HTTP POST requests.  Since OSLC Automation
      offers no programmatic way for clients to know which media types
      are supported by the server, clients are limited in practice to
      those required by OSLC Automation (RDF/XML), or to making
      optimistic requests using other RDF media types.

      Maturity: Early prototype/alpha

      Coverage: All parts of the specification were covered for server
      and client requirements.

      Licensing: proprietary

      Implementation Experience: Experience from the server perspective
      of generating the HTTP response header is that it was trivial
      using JAX-RS annotations to add another response header.  Client
      parsing of the header presented no new problems, since the syntax
      is almost identical to the server-side processing of an Accept
      header.

      Contact: John Arwe <[email protected]>

6.4.  Jazz for Service Management

      Organization: IBM [11]

      Name: Jazz for Service Management Registry Services

      Description: An existing component bundled with multiple existing
      Cloud and Smarter Infrastructure (formerly branded as Tivoli)
      products.  It already supports multiple resource collections that
      use HTTP POST requests to create new member resources, e.g.
      "registration records".  Given that clients have no existing means
      by which they can know which media types the server supports, and



Arwe, et al.            Expires February 6, 2015                [Page 8]


Internet-Draft                 Accept-Post                      Aug 2014


      given that Registry Services has been adding new media types over
      the past few months as part of its continuous delivery process,
      Accept-Post is a natural fit to enable looser client coupling.

      Maturity: Early prototype/alpha

      Coverage: All parts of the specification were covered for server
      requirements.

      Licensing: proprietary

      Implementation Experience: Experience is only from the server
      perspective of generating the HTTP response header.  It was easy
      to add a new header using JAX-RS annotations.

      Contact: John Arwe <[email protected]>


7.  Security Considerations

   The Accept-Post header may expose information that a server would
   prefer to not publish.  In such a case, a server can simply stop
   exposing the header, in which case HTTP interactions would be back to
   the level of standard HTTP (i.e., with no indication what kind of
   media types a resource accepts in POST requests).


8.  Open Issues

   Note to RFC Editor: Please remove this section before publication.

   o  Accept-Post currently uses the "media range" concept of HTTP's
      Accept header field.  An alternative would be only support fully
      specified media types, which is what the Accept-Patch header field
      is doing.  This latter solution is more constrained, and fails to
      address some uses cases, such as AtomPub's way of exposing
      collection support for POST requests.

   o  While "accept-post" is currently defined in the "HTTP Link Hints"
      draft [I-D.nottingham-link-hint], it would be good to align the
      way in which they work.  Currently, the "accept-post" of link
      hints allows a list of specific media types, whereas the Accept-
      Post header field may contain "media ranges".








Arwe, et al.            Expires February 6, 2015                [Page 9]


Internet-Draft                 Accept-Post                      Aug 2014


9.  Change Log

   Note to RFC Editor: Please remove this section before publication.

9.1.  From -03 to -04

   o  Updating references (removing RFC 2616, adding new HTTP/1.1 RFCs).

9.2.  From -02 to -03

   o  Adding reference to RFC 5234 (ABNF).

   o  Updating references.

   o  Adding proper registration template.

9.3.  From -01 to -02

   o  Added header field example.

   o  Updated author address.

   o  Adding more entries to the "Implementation Status" section.

9.4.  From -00 to -01

   o  Changed ABNF for header field from RFC 2616 to HTTPbis convention
      (only specify the header field value grammar).

   o  Added implementations (all from the LDP community for now).

   o  Added open issue for aligning accept-post as defined by the "HTTP
      Link Hints" draft.


10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", RFC 2119, March 1997.

   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
              Procedures for Message Header Fields", BCP 90, RFC 3864,
              September 2004.






Arwe, et al.            Expires February 6, 2015               [Page 10]


Internet-Draft                 Accept-Post                      Aug 2014


10.2.  Informative References

   [I-D.nottingham-link-hint]
              Nottingham, M., "HTTP Link Hints",
              draft-nottingham-link-hint-00 (work in progress),
              June 2013.

   [RFC4287]  Nottingham, M., Ed. and R. Sayre, Ed., "The Atom
              Syndication Format", RFC 4287, December 2005.

   [RFC5023]  Gregorio, J. and B. de hOra, "The Atom Publishing
              Protocol", RFC 5023, October 2007.

   [RFC5234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

   [RFC5789]  Dusseault, L. and J. Snell, "PATCH Method for HTTP",
              RFC 5789, March 2010.

   [RFC6982]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
              Code: The Implementation Status Section", RFC 6982,
              July 2013.

   [RFC7231]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Semantics and Content", RFC 7231, June 2014.

   [W3C.WD-ldp-20140311]
              Speicher, S., Arwe, J., and A. Malhotra, "Linked Data
              Platform 1.0", World Wide Web Consortium LastCall WD-ldp-
              20140311, March 2014,
              <http://www.w3.org/TR/2014/WD-ldp-20140311>.

URIs

   [1]   <https://www.ietf.org/mailman/listinfo/apps-discuss>

   [2]   <https://github.com/dret/I-D/tree/master/accept-post>

   [3]   <http://eclipse.org/lyo>

   [4]   <http://wiki.eclipse.org/Lyo/BuildLDPSample>

   [5]   <http://open-services.net>

   [6]   <http://www.eclipse.org/legal/epl-v10.html>

   [7]   <http://www.eclipse.org/org/documents/edl-v10.php>




Arwe, et al.            Expires February 6, 2015               [Page 11]


Internet-Draft                 Accept-Post                      Aug 2014


   [8]   <http://stevespeicher.blogspot.com/2013/08/
         supporting-accept-post-in-jax-rs.html>

   [9]   <https://rww.io/>

   [10]  <https://github.com/deiu/rww.io>

   [11]  <http://www.ibm.com/>

   [12]  <https://www.ibm.com/developerworks/community/forums/html/
         topic?id=f403c299-c1c6-4da8-8b12-f3b72de54a1a>

   [13]  <http://open-services.net/wiki/automation/
         OSLC-Automation-Specification-Version-2.0/>


Appendix A.  Acknowledgements

   Thanks for comments and suggestions provided by Martin Duerst, Barry
   Leiba, Mark Nottingham, and Julian Reschke.

   This work has been done in the context of the W3C Linked Data
   Platform Working Group (LDPWG) [W3C.WD-ldp-20140311]; thanks for
   comments and suggestions provided by the working group as a whole.


Authors' Addresses

   John Arwe
   IBM

   Email: [email protected]


   Steve Speicher
   IBM

   Email: [email protected]


   Erik Wilde
   UC Berkeley

   Email: [email protected]
   URI:   http://dret.net/netdret/






Arwe, et al.            Expires February 6, 2015               [Page 12]