Loading ...
Sorry, an error occurred while loading the content.

Re: [rest-discuss] ETag and resource representations

Expand Messages
  • Nicholas Shanks
    ... This is a different resource from the whole library and should have a different URI, such as /library/?age=child If a child went to /library/ and should
    Message 1 of 8 , Sep 2, 2013
    View Source
    • 0 Attachment
      On 14 August 2013 02:11, Hubert A Le Van Gong <hubertlvg@...> wrote:

      For instance, if I consider a library (full of books) as a resource. The view of that resource (i.e. the list of books returned) may vary based on the age of the reader (or any other criteria).


      This is a different resource from the whole library and should have a different URI, such as /library/?age=child
      If a child went to /library/ and should not be allowed to see some of the inappropriate books there then either a 401 or 303 should result, not 2xx response with a subset of the results an adult would see, as that breaks caching. (You can jump through hoops to make it work, but changing the URI is better.)

      In my own company's system, I have a resource /jobs that represents the most recent 30 jobs the company has been awarded. The resource /jobs?page=2 represents jobs 31 to 60. We allow our clients to log in to our system, but when they click the View Jobs link, they don't go to /jobs (and only see their own jobs) but to /clients/their-name/jobs Attempts to view other client's jobs URIs result in a 401 (regardless of whether the client exists or not, so as not to leak data).

      Access control coupled with URI proliferation works with the way the web operates. Changing representation based on viewer works against it.


      --
      Nicholas.
    • Hubert A Le Van Gong
      Hi Nicholas, I m not sure why I should consider those as different resources. Isn t that what representations are for? Besides, I m not sure it makes it easier
      Message 2 of 8 , Sep 3, 2013
      View Source
      • 0 Attachment
        Hi Nicholas,

        I'm not sure why I should consider those as different resources. Isn't that what representations are for?
        Besides, I'm not sure it makes it easier on the caching management side of things as those different resources are nonetheless linked (if an adult purchases a chid book, both the adult library and the child library resources are impacted).

        Thanks,
        Hubert

         

        On Sep 2, 2013, at 6:17 AM, Nicholas Shanks wrote:

        On 14 August 2013 02:11, Hubert A Le Van Gong <hubertlvg@...> wrote:

        For instance, if I consider a library (full of books) as a resource. The view of that resource (i.e. the list of books returned) may vary based on the age of the reader (or any other criteria).


        This is a different resource from the whole library and should have a different URI, such as /library/?age=child
        If a child went to /library/ and should not be allowed to see some of the inappropriate books there then either a 401 or 303 should result, not 2xx response with a subset of the results an adult would see, as that breaks caching. (You can jump through hoops to make it work, but changing the URI is better.)

        In my own company's system, I have a resource /jobs that represents the most recent 30 jobs the company has been awarded. The resource /jobs?page=2 represents jobs 31 to 60. We allow our clients to log in to our system, but when they click the View Jobs link, they don't go to /jobs (and only see their own jobs) but to /clients/their-name/jobs Attempts to view other client's jobs URIs result in a 401 (regardless of whether the client exists or not, so as not to leak data).

        Access control coupled with URI proliferation works with the way the web operates. Changing representation based on viewer works against it.


        --
        Nicholas.

      • Nicholas Shanks
        ... representations are different presentations/formats/content-types showing the same (sub-)set of data. Page 2 does not contain the same data as page 1, so
        Message 3 of 8 , Sep 12, 2013
        View Source
        • 0 Attachment
          On 4 September 2013 00:19, Hubert A Le Van Gong <hubertlvg@...> wrote:

          > Hi Nicholas,
          >
          > I'm not sure why I should consider those as different resources. Isn't that
          > what representations are for?

          'representations' are different presentations/formats/content-types
          showing the same (sub-)set of data. Page 2 does not contain the same
          data as page 1, so isn't a different representation per the http
          meaning of the noun, but a different resource. The entire library, if
          not available via a single URL, is not a (HTTP) resource. (Someone
          please correct me if I'm wrong there.)

          > Besides, I'm not sure it makes it easier on the caching management side of
          > things as those different resources are nonetheless linked (if an adult
          > purchases a chid book, both the adult library and the child library
          > resources are impacted).

          The whole goal of a well-written web service is to improve a cache's
          ability to make a match.
          You said "The view of that resource (i.e. the list of books returned)
          may vary based on the age of the reader (or any other criteria)."
          How are you determining what 'view' to return, or put another way, how
          do you decide on the "age of the reader"? Are readers users who have
          to log in and get a cookie set? Or are readers just a target audience
          for the book, and the client is asking for "children's books" through
          some query string, the client's age being unknown?
          If at the moment you're using something like Vary: Cookie to serve
          different pages to different clients, then your resources are not
          going to see any caches except the client's browser. Try to eliminate
          this if at all possible, perhaps via 303 responses to avoid changing
          the referring href.
          If you are using query strings to change the books shown, then, as the
          query string is part of the URL, and the URL is the minimal key
          required to differentiate resources, a different URL means you are
          requesting a different resource, and so the URI can be anything you
          want, e.g. /childrens-books/ or /library?genre=children%39s

          This isn't really relevant to Entity Tags but I thought I should bring it up.

          --
          Nicholas.
        Your message has been successfully submitted and would be delivered to recipients shortly.