[occi-wg] OCCI header information for JSON
Gary Mazz
garymazzaferro at gmail.com
Thu Feb 9 11:45:40 EST 2012
Hi
Thank you for the interesting discussion on meta-data for the json
rendering.
It was suggested OCCI meta-data should be defined as HTTP headers for
the JSON and XML forms. We should seriously examine adverse outcomes of
modifying well established protocols. Placing OCCI meta-data in the
http header area ignores best design practices, specifically
compartmentalization. We would not consider placing OCCI headers in IP
or TCP protocol header space, we should not consider impacting the HTTP
transport data space. Although precedence has been set, additional
meta-data in http headers for alternative forms of OCCI data
exponentially increases the cost burden on product testing and validation.
In my experience attempting to release a CDMI javascript library, I ran
into a few security issues surrounding browser behavior. It seems the
prominent browsers execute a Cross Origin Resource Sharing (CORS)
protocol when a custom header is defined for any http request. CORS
places a additional protocol demands on OCCI servers and OCCI clients
that normally would not need to support CORS.
I would strongly suggest to avoid the complexities associated with OCCI
meta-data in the http message header area and select an alternative
approach placing OCCI meta-data in the http message body.
b/r
gary mazzaferro
More information about the occi-wg
mailing list