OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

camp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (CAMP-131) 4.3.5 ContentSpecification - URI schemes...

    [ http://tools.oasis-open.org/issues/browse/CAMP-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=34705#action_34705 ] 

Adrian Otto commented on CAMP-131:
----------------------------------

I don't think that both HTTP and HTTPS should be required. The implementer should be given the choice to support at least one protocol, and should be allowed to add others. I suggest that we require that HTTPS be implemented as a minimum, and allow implementers to decide what additional other network protocol schemes are supported.

Practically all REST control plane API's offered today int he cloud hosting industry require some form of authentication. The best practice for protecting user credentials is to offer REST API's only over SSL/TLS (HTTPS). Requiring an implementer to support HTTP is requires them to violate an industry best practice.

> 4.3.5 ContentSpecification - URI schemes...
> -------------------------------------------
>
>                 Key: CAMP-131
>                 URL: http://tools.oasis-open.org/issues/browse/CAMP-131
>             Project: OASIS Cloud Application Management for Platforms (CAMP) TC
>          Issue Type: Bug
>          Components: Public Review
>            Reporter: Gilbert Pilz
>
> From the comment list: https://lists.oasis-open.org/archives/camp-comment/201309/msg00078.html 
> TAB issue: https://tools.oasis-open.org/issues/browse/TAB-106
> 4.3.5 ContentSpecification reads in part: 
> ***** 
> For IANA-assigned URI schemes (e.g. "http", "https", "ftp", etc.) the Provider SHALL engage the protocol as per the relevant spec. [PDP-26] Providers SHALL support the "http" and "https" URI schemes. [PDP-27] A Provider MAY support additional URI schemes. [PDP-28] 
> ***** 
> The first two sentences are confusing. 
> First, we have an incomplete list of IANA-assigned URI schemes, ..."the Provider SHALL engage the protocol..." 
> Second, we have http and https as "Providers shall support.." 
> At least redundant, vague by omission of current IANA-assigned URI schemes, and what other URI schemes do you have in mind?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]