Initial CRUD with proposed metadata handling #37
Conversation
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Jesse Wright <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
ebremer
force-pushed
the
crudandmeta
branch
2 times, most recently
from
d000533 to
0190a54
Compare
ebremer
force-pushed
the
crudandmeta
branch
from
f0ea3b6 to
9d01d26
Compare
There was a problem hiding this comment.
@ebremer - do you know why all of these files are appearing in the diff when there don't seem to be any changes?
There was a problem hiding this comment.
For several, it's whitespace. Probably line endings.
There was a problem hiding this comment.
I moved different sections into sub folders to avoid having one folder with everything.
ebremer
force-pushed
the
crudandmeta
branch
from
302ebb0 to
52b1158
Compare
|
I'm curious about the removal of slash semantics. For some years, ending a resource identifier with a slash in its creation has been the way to indicate that the user wants it to be a container. How does a user indicate this desire without the slash semantics? |
@TallTed I think the solid spec uses the link header to determine if a new resource should be a container with no reference to the slash semantics. For TrinPod, we only look for http://www.w3.org/ns/ldp#BasicContainer; and http://www.w3.org/ns/ldp#Container; in the link header to set as a container or not. |
I think I remember this slash pattern from LDP spec development, where one of the goals was to enable full functionality with simple tools like I think something along the lines of the sentences above should be added to the LWS spec, i.e., replace the previously available "Just put a slash at the end!" pattern with a "just include this header with this value. For example, use this flag and this argument with |
| @@ -0,0 +1,135 @@ | |||
| ### Create Resource (HTTP POST) | |||
|
|
|||
| New resources are created using POST to a target container URI, with the server assigning the final identifier. Clients MAY suggest a name via the Slug header, but servers MUST have authority over naming to ensure uniqueness and compliance with policies. PUT is reserved for updates to existing resources and MUST NOT be used for creation in this version of the specification, to prioritize server-managed identifiers and simplify client-server interactions. Clients MAY provide initial user-managed metadata for the new resource by including one or more Link headers in the POST request, following the syntax of [RFC 8288]. Server-managed metadata MUST be generated automatically by the server upon creation and MUST NOT be overridden by client-provided links. | |||
There was a problem hiding this comment.
Is there a plan to support create with PUT/PATCH, using conditional requests.
Since Slug header can't be relied on, there doesn't seem to be a way for the client to create at specific location. This makes it harder to build offline-first application since resources can't be fully interlinked locally before syncing them with the web storage.
There was a problem hiding this comment.
This probably isn't the best place to discuss it. I will find existing use case or add a new one for creating linked resources offline and bring it up later. The can be other ways to address it.
acoburn
left a comment
acoburn
left a comment
There was a problem hiding this comment.
I haven't finished my review, but this covers much of the text.
| @@ -0,0 +1,21 @@ | |||
| ### Create Resource Operation | |||
| The *create resource* operation requests the creation of a new resource on the server. The resource can be a non-container (data) resource or a container (collection) resource. The operation mandates that the server assigns a new identifier within a target container (like creating a new file in a folder); client-specified full identifiers are not supported for creation in this version to ensure server authority over naming and to simplify interactions. | |||
There was a problem hiding this comment.
"Client-specified full identifiers are not supported..." This could be interpreted as "a server MUST NOT", which is probably not what is meant here.
| * **Target container identifier:** The identifier of an existing container where the new resource will be created as a member. | ||
| * **Resource content:** The content to store in the resource (binary or text). This is optional to allow creation of an empty container or an empty resource. | ||
| * **Suggested name:** An optional hint for naming. The server MAY incorporate this if it does not conflict with naming rules or existing resources. | ||
| * **Media type:** The MIME media type or format of the content. This helps the server understand how to store and serve the content. It MUST be provided when content is included and MAY be omitted for empty containers. |
There was a problem hiding this comment.
| * **Media type:** The MIME media type or format of the content. This helps the server understand how to store and serve the content. It MUST be provided when content is included and MAY be omitted for empty containers. | |
| * **Media type:** The media type or format of the content. This helps the server understand how to store and serve the content. It MUST be provided when content is included and MAY be omitted for empty containers. |
If LWS defines a media type for containers (e.g. application/lws+json), this could be used to indicate that a container is to be created. This would simplify the requirement.
| * **Media type:** The MIME media type or format of the content. This helps the server understand how to store and serve the content. It MUST be provided when content is included and MAY be omitted for empty containers. | ||
|
|
||
| **Behavior:** | ||
| * The server MUST create a new resource as a member of the specified target container, assigning the identifier (potentially incorporating the suggested name). The new resource is then added to the specified container’s member list via metadata updates. |
There was a problem hiding this comment.
It's unclear what you mean by "via metadata updates" -- is it a separate operation? Would it suffice to just say "The new resource is then added to the specified container's member list"?
| * The server MUST create a new resource as a member of the specified target container, assigning the identifier (potentially incorporating the suggested name). The new resource is then added to the specified container’s member list via metadata updates. | ||
| * Upon creation, servers MUST generate a metadata resource linked via Link Sets (RFC 9264), including mandatory server-managed fields such as type (https://www.w3.org/ns/lws#Container or https://www.w3.org/ns/lws#DataResource), mediaType (if applicable), ACL reference, and partOf (linking to the target container). User-managed metadata MAY be provided by the client, but server-managed fields MUST NOT be overridden. | ||
| * The server **MAY** enforce additional constraints on creation, such as size limits, quota checks, or restrictions on allowed media types. If any such constraint is violated, the server will reject the operation with an appropriate error. | ||
| * The creation MUST be atomic, including metadata generation and container membership updates—if any step fails, no new resource or metadata is created (or any partial artifacts are cleaned up). The identifier of the newly created resource **MUST** be returned to the client (so the client knows how to refer to it). |
There was a problem hiding this comment.
| * The creation MUST be atomic, including metadata generation and container membership updates—if any step fails, no new resource or metadata is created (or any partial artifacts are cleaned up). The identifier of the newly created resource **MUST** be returned to the client (so the client knows how to refer to it). | |
| * The creation MUST be atomic, including metadata generation and container membership updates—if any step fails, no new resource or metadata is created. The identifier of the newly created resource **MUST** be returned to the client (so the client knows how to refer to it). |
The statement "no new resource or metadata is created" should suffice here.
| **Possible Responses:** *(on the abstract operation level, not tied to a specific protocol)* | ||
| * **Created:** The operation succeeded in creating a new resource. The response includes the new resource’s identifier and possibly a minimal representation or metadata. | ||
| * **Bad Request:** The request was malformed or violated constraints. The resource was not created. | ||
| * **Not Permitted:** The client is not authorized to create a resource in the target location. | ||
| * **Not Found:** The specified target container does not exist or cannot be found. This could also be treated as a type of Bad Request or Not Permitted, depending on the cause. | ||
| * **Unknown Error:** An internal server error occurred, or some unexpected condition prevented the creation. This is a catch-all for failures not covered by more specific errors. The response would indicate that the server failed the operation (and ideally include an error message or code). No newline at end of file |
There was a problem hiding this comment.
Is this an exhaustive list? Could there be other responses? I think it would be good to allow other possible responses.
| | ----- | ----- | ----- | | ||
| | [Success](https://w3c.github.io/lws-protocol/spec/#dfn-success) Success (read or update, returning data) | 200 OK | [Resource representation](https://w3c.github.io/lws-protocol/spec/#dfn-resource-representation) in the response body (for GET or if PUT/PATCH returns content), along with relevant headers (Content-Type, ETag, Link for metadata such as rel="linkset", rel="acl", rel="parent"). For container listings, include JSON-LD with normative context and member metadata (IDs, types, sizes, timestamps). | | ||
| | Partial Success (paginated or ranged read) | 206 Partial Content | Partial resource representation, with headers like Content-Range or Link rel="next" for pagination. Listings include filtered metadata per ACL visibility. | | ||
| | [Created](https://w3c.github.io/lws-protocol/spec/#dfn-created) (new resource) | 201 Created | Typically no response body (or a minimal representation of the new resource). The `Location` header is set to the new resource’s URI. Headers like ETag MUST be included for concurrency; Link headers for server-managed metadata. | |
There was a problem hiding this comment.
If the response body is empty and an ETag value is supplied, this will mess with caches. Generally speaking, ETags are not included in POST responses.
I would state that the Location header is required in the response.
| | Partial Success (paginated or ranged read) | 206 Partial Content | Partial resource representation, with headers like Content-Range or Link rel="next" for pagination. Listings include filtered metadata per ACL visibility. | | ||
| | [Created](https://w3c.github.io/lws-protocol/spec/#dfn-created) (new resource) | 201 Created | Typically no response body (or a minimal representation of the new resource). The `Location` header is set to the new resource’s URI. Headers like ETag MUST be included for concurrency; Link headers for server-managed metadata. | | ||
| | Deleted (no content to return) | 204 No Content | No response body. Indicates the resource was deleted or the request succeeded and there’s nothing else to say. Servers MAY use 410 Gone for permanent deletions. | | ||
| | Bad Request (invalid input or constraints) | 400 Bad Request | Error details explaining what was wrong. Could be in plain text or a structured format (JSON error object), depending on server. | |
There was a problem hiding this comment.
If we expect that the response will contain error details, we should encourage (SHOULD) the use of a standard format, such as RFC 9457
| | [Unknown requester](https://w3c.github.io/lws-protocol/spec/#dfn-unknown-requester) | 401 Unauthorized | Typically no body or an error message. The response MUST include a `WWW-Authenticate` header with parameters for discoverability and authentication negotiation (per HTTP spec). This indicates the client needs to provide credentials. | | ||
| | [Not Permitted](https://w3c.github.io/lws-protocol/spec/#dfn-not-permitted) (forbidden) | 403 Forbidden | An error message or none. Indicates the client’s credentials were accepted but they don’t have rights to perform the operation. | | ||
| | Not found | 404 Not Found | Possibly an error message. Indicates the resource (or target URI) does not exist *or* is not accessible. (Servers MUST use 404 in place of 403 for unauthorized reads to avoid revealing the existence of a resource, aligning with privacy considerations.) | | ||
| | Not acceptable | 406 Not Acceptable | Typically a short message listing supported formats or indicating that the requested representation cannot be provided. The client may use this information to retry with a different `Accept`. | | ||
| | Conflict | 409 Conflict | Explanation of the conflict. The body could include specifics or be empty with just the status reason. | | ||
| | Precondition Failed (concurrency) | 412 Precondition Failed | If an `If-Match` or similar header doesn’t match, this status is returned with maybe a brief message. | | ||
| | Unsupported Media Type | 415 Unsupported Media Type | If the client sent a format that the server cannot handle (for create or update). The body might list acceptable media types. | | ||
| | Insufficient Storage (quota exceeded) | 507 Insufficient Storage | Error details indicating quota or storage constraints violated. Could include current usage information in the body. | | ||
| | Internal Server Error [Unknown error](https://w3c.github.io/lws-protocol/spec/#dfn-unknown-error) | 500 Internal Server Error | A generic error message. In a debug or dev mode, the server might include a stack trace or internal details in the body, but in production it should be a generic statement. | |
There was a problem hiding this comment.
These are all standard HTTP error codes (and there are other possible response codes). I would avoid restating what already exists in the HTTP spec.
|
|
||
| This mapping table is intended to cover the typical cases, ensuring atomicity with metadata operations and support for discoverability. Note that some status codes above (206, 412, 415, 507) are standard HTTP but were not explicitly enumerated in Section 7’s generic list; they are used here to handle HTTP-specific scenarios (like pagination, conditional requests, media type handling, and quotas). LWS servers should use the most appropriate HTTP status code for each situation to enable clients to react correctly. | ||
|
|
||
| By adhering to these method bindings and status codes, LWS clients and servers can interoperate using HTTP in a predictable, RESTful way. This allows leveraging existing HTTP libraries, tools, and knowledge for building LWS-based systems. No newline at end of file |
There was a problem hiding this comment.
This seems more for a non-normative introduction section rather than a normative section.
| | Insufficient Storage (quota exceeded) | 507 Insufficient Storage | Error details indicating quota or storage constraints violated. Could include current usage information in the body. | | ||
| | Internal Server Error [Unknown error](https://w3c.github.io/lws-protocol/spec/#dfn-unknown-error) | 500 Internal Server Error | A generic error message. In a debug or dev mode, the server might include a stack trace or internal details in the body, but in production it should be a generic statement. | | ||
|
|
||
| This mapping table is intended to cover the typical cases, ensuring atomicity with metadata operations and support for discoverability. Note that some status codes above (206, 412, 415, 507) are standard HTTP but were not explicitly enumerated in Section 7’s generic list; they are used here to handle HTTP-specific scenarios (like pagination, conditional requests, media type handling, and quotas). LWS servers should use the most appropriate HTTP status code for each situation to enable clients to react correctly. |
There was a problem hiding this comment.
Does this paragraph state anything that isn't already part of the HTTP RFC?
6 participants
Preview | Diff