Use HTTP POST for report uploads #543
Conversation
There was a problem hiding this comment.
I think this change is fine. However, as discussed off-PR (pointed out by @simon-friedberger, I think), switching from PUT to POST might be a smaller change. Are there downsides to using POST?
|
I lean toward using PUT and changing the request path because:
|
|
@tgeoghegan I read through the mailing list but don't get why this change is necessary? it seems specifying idempotent POST will do the same? Will we ever have a good reason to support GET a report? |
draft-ietf-ppm-dap.md
Outdated
| struct { | ||
| ReportID report_id; | ||
| Time time; | ||
| } ReportMetadata; |
There was a problem hiding this comment.
Does ReportMetadata still have meaning? would it be simpler if we simply put reportID and time in InputShareAad?
There was a problem hiding this comment.
struct ReportMetadata ends up being useful in the aggregation interaction (e.g. it goes into a ReportShare) so I think it's useful.
I agree that this change is not necessary, in that the protocol will work fine if we do nothing, or if we switch to a POST request and otherwise change nothing. I laid out my arguments for this change above, and concede that my arguments are essentially esthetic. FWIW I don't intend to move forward with this change until and unless we establish WG rough consensus for it. I'll be following up on the mailing list with some concise discussion points to move this and other topics forward. |
|
For what it's worth, I think a I don't see much use for a |
tgeoghegan
force-pushed
the
timg/error-consistency
branch
from
1b1bff3
to
4e1593d
Compare
|
@tgeoghegan please rebase when you have a moment |
tgeoghegan
force-pushed
the
timg/report-id-request-path
branch
from
e758193
to
571e7c6
Compare
|
This change has been up for quite a while and it seems to me that the most popular option, by dint of its simplicity, is to change the request upload to using POST without changing the request path or the request body. Accordingly I'm repurposing this PR to make that change. |
tgeoghegan
changed the title
tgeoghegan
changed the title
draft-ietf-ppm-dap.md
Outdated
| 47 36 4c cf 1b c0 e3 af fc ca 68 73 c9 c3 81 f6 4a cd f9 02 06 62 f8 3f 46 c0 72 | ||
| 19 e7" and an aggregation job ID "95 ce da 51 e1 a9 75 23 68 b0 d9 61 f9 46 61 | ||
| 28" (32 and 16 byte octet strings, represented in hexadecimal), resource URI | ||
| `{helper}/tasks/{task-id}/aggregation_jobs/{report-id}` would be expanded into |
There was a problem hiding this comment.
| `{helper}/tasks/{task-id}/aggregation_jobs/{report-id}` would be expanded into | |
| `{helper}/tasks/{task-id}/aggregation_jobs/{aggregation-job-id}` would be expanded into |
(editorial nit)
Per httpdir early review of DAP ([1]), it's inappropriate to use PUT for a resource that cannot later be GET. Change the HTTP method for report uploads to POST, and add a note making it clear that uploads are idempotent and safe to retry. [1]: https://datatracker.ietf.org/doc/review-ietf-ppm-dap-09-httpdir-early-nottingham-2023-12-29/
tgeoghegan
force-pushed
the
timg/report-id-request-path
branch
from
72f5b95
to
806d329
Compare
Per httpdir early review of DAP (1), it's inappropriate to use PUT for a resource that cannot later be GET. Change the HTTP method for report uploads to POST, and add a note making it clear that uploads are idempotent and safe to retry.
Previous description of this PR:
For that reason, and also consistency with the aggregation job and collection job request paths, hoist the report ID out of the upload request body and into the request path. We don't want to repeat the report ID twice in one request, sostruct Reportno longer includes astruct Metadataand instead just puts thetimeinline inReport.struct ReportMetadatais still used inInputShareAadand elsewhere in DAP, so its definition is not changed, just moved farther down the document, and we explain how to construct it from the report request path and body.With this change, there is now a unique URI for each report uploaded to a DAP leader. However we do not add any requirement that an Aggregator support GET requests on that path, because not all DAP implementations will necessarily store enough per-report information to be able to respond to such a request with a completestruct Report. Implementations are free to do that, but can also respond with HTTP 204, 404, 410 or some other error if they wish. As these are well-established HTTP semantics, DAP doesn't need to spend any more ink on explaining them.