Geopriv M. Thomson Internet-Draft Andrew Corporation Intended status: Standards Track February 25, 2009 Expires: August 29, 2009 Using HTTP GET with HTTP-Enabled Location Delivery (HELD) draft-thomson-geopriv-held-get-00 Status of This Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 29, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document describes how an HTTP GET request to an HTTP-Enabled Location Delivery (HELD) resource is handled by the server responsible for that resource. This ensures that requests generated Thomson Expires August 29, 2009 [Page 1] Internet-Draft HELD GET February 2009 by user agents that are unaware of the special status of a URI do not result in unhelpful responses and enables the use of HTTP GET for location configuration and dereference. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. HTTP GET Behaviour . . . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6.1. Normative References . . . . . . . . . . . . . . . . . . . 4 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 Thomson Expires August 29, 2009 [Page 2] Internet-Draft HELD GET February 2009 1. Introduction The HTTP-Enabled Location Delivery (HELD) protocol [I-D.ietf-geopriv-http-location-delivery] prohibits the use of the HTTP GET method. It does this because a HELD request is not always safe and idempotent [RFC2616], an attribute necessary for use of GET. The behaviour that is expected when a client makes an HTTP GET request to the a HELD URI is therefore undefined. GET is the method assumed by generic user agents, therefore unless context identifies an "https:" URI as a HELD URI, such a user agent might simply send an HTTP GET. Rather than providing an HTTP 405 (Method Not Allowed) response indicating that POST is the only permitted method, this document specifies that a LIS provides a HELD location response if it receives an HTTP GET request. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. HTTP GET Behaviour A HELD URI is an "https:" or "http:" URI that is either the product of LIS discovery [I-D.ietf-geopriv-lis-discovery] or a location URI generated by a LIS. An HTTP GET request to a HELD URI produces a HELD response as if the following HELD request had been sent using HTTP POST: geodetic civic If the URI is a location URI, the limited profile of HELD described in [I-D.winterbottom-geopriv-deref-protocol] is applied. In particular, a location URI MUST NOT be provided in response to a location dereferencing request. HTTP GET requests must be safe and idempotent - that is, there are no side-effects of making the request and repeating the request does not change the result. If the response provides a location object, this does not pose a problem. Changes in the location information do not Thomson Expires August 29, 2009 [Page 3] Internet-Draft HELD GET February 2009 occur as a result of requests, they are a result of a change in the value of the resource (the resource being the location of the Target). To ensure that these requests are idempotent, a LIS MUST NOT generate a location URI as a result of serving this request. However, if a location URI already exists, it can be provided. To achieve this, a location URI might be pre-allocated based on Target identity. This approach only works as long as the location URI operates on the "authorization by possession" authorization model ([I-D.ietf-geopriv-lbyr-requirements]). 4. Security Considerations The security considerations of HELD [I-D.ietf-geopriv-http-location-delivery] apply. This document introduces no further security considerations. 5. IANA Considerations This document has no IANA actions. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [I-D.ietf-geopriv-http-location-delivery] Barnes, M., Winterbottom, J., Thomson, M., and B. Stark, "HTTP Enabled Location Delivery (HELD)", draft-ietf-geopriv-http- location-delivery-12 (work in progress), January 2009. Thomson Expires August 29, 2009 [Page 4] Internet-Draft HELD GET February 2009 6.2. Informative References [I-D.ietf-geopriv-lis-discovery] Thomson, M. and J. Winterbottom, "Discovering the Local Location Information Server (LIS)", draft-ietf-geopriv-lis- discovery-07 (work in progress), February 2009. [I-D.winterbottom-geopriv-deref-protocol] Winterbottom, J., Tschofenig, H., Schulzrinne, H., Thomson, M., and M. Dawson, "An HTTPS Location Dereferencing Protocol Using HELD", draft- winterbottom-geopriv- deref-protocol-03 (work in progress), February 2009. [I-D.ietf-geopriv-lbyr-requirements] Marshall, R., "Requirements for a Location-by-Reference Mechanism", draft-ietf- geopriv-lbyr-requirements- 05 (work in progress), November 2008. Author's Address Martin Thomson Andrew Corporation PO Box U40 University of Wollongong, NSW 2500 AU Phone: +61 242 212915 EMail: martin.thomson@andrew.com URI: http://www.andrew.com/products/geometrix Thomson Expires August 29, 2009 [Page 5]