]>

mnot@mnot.net https://www.mnot.net/

Internet-Draft This memo specifies "HTTP Link Hints", a mechanism for annotating Web links to HTTP(S) resources with information that otherwise might be discovered by interacting with them. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the Building Blocks for HTTP APIs Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction HTTP clients can discover a variety of information about a resource by interacting with it. For example, the methods supported can be learned through the Allow response header field, and the need for authentication is conveyed with a 401 (Authentication Required) status code. Often, it can be beneficial to know this information before interacting with the resource; not only can such knowledge save time (through reduced round trips), but it can also influence the choices made by the code or user driving the interaction. For example, a user interface that presents the data from an HTTP-based API might need to know which resources the user has write access to, so that it can present the appropriate interface. This specification defines a vocabulary of "HTTP link hints" that allow such metadata about HTTP resources to be attached to Web links , thereby making it available before the link is followed. It also establishes a registry for future hints. Hints are just that -- they are not a "contract", and are to only be taken as advisory. The runtime behaviour of the resource always overrides hinted information. For example, a client might receive a hint that the PUT method is allowed on all "widget" resources. This means that generally, the client can send a PUT to them, but a specific resource might reject a PUT based upon access control or other considerations. More fine-grained information might also be gathered by interacting with the resource (e.g., via a GET), or by another resource "containing" it (such as a "widgets" collection) or describing it (e.g., one linked to it with a "describedby" link relation). There is not a single way to carry hints in a link; rather, it is expected that this will be done by individual link serialisations (see ). However, does recommend how to include link hints in the existing Link header field.

Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

HTTP Link Hints A HTTP link hint is a (key, value) tuple that describes the target resource of a Web link , or the link itself. The value's canonical form is a JSON data structure specific to that hint. Typically, link hints are serialised in links as target attributes (). In JSON-based formats, this can be achieved by simply serialising link hints as an object; for example: In other link formats, this requires a mapping from the canonical JSON data model into the constraints of that format. One such mapping is described in for the Link HTTP header field. The information in a link hint SHOULD NOT be considered valid for longer than the freshness lifetime () of the representation that the link occurred within, and in some cases, it might be valid for a considerably shorter period. Likewise, the information in a link hint is specific to the link it is attached to. This means that if a representation is specific to a particular user, the hints on links in that representation are also specific to that user.

Pre-Defined HTTP Link Hints

allow

• Hint Name: allow
• Description: Hints the HTTP methods that can be used to interact with the target resource; equivalent to the Allow HTTP response header.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, containing HTTP methods ().

formats

• Hint Name: formats
• Description: Hints the representation type(s) that the target resource can produce and consume, using the GET and PUT (if allowed) methods respectively.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, containing media types ().

accept-post

• Hint Name: accept-post
• Description: Hints the POST request format(s) that the target resource can consume.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, with the same constraints as for "formats". When this hint is present, "POST" SHOULD be listed in the "allow" hint.

accept-patch

• Hint Name: accept-patch
• Description: Hints the PATCH request format(s) that the target resource can consume; equivalent to the Accept-Patch HTTP response header.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, containing media types () that identify the acceptable patch formats. When this hint is present, "PATCH" SHOULD be listed in the "allow" hint.

accept-ranges

• Hint Name: accept-ranges
• Description: Hints the range-specifier(s) available for the target resource; equivalent to the Accept-Ranges HTTP response header .
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, containing HTTP ranges-specifiers ().

accept-prefer

• Hint Name: accept-prefer
• Description: Hints the preference(s) that the target resource understands (and might act upon) in requests.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, contain preferences (). Note that, by its nature, a preference can be ignored by the server.

precondition-req

• Hint Name: precondition-req
• Description: Hints that the target resource requires state-changing requests (e.g., PUT, PATCH) to include a precondition, as per , to avoid conflicts due to concurrent updates.
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, with possible values "etag" and "last-modified" indicating type of precondition expected. See also the 428 Precondition Required status code ().

auth-schemes

• Hint Name: auth-schemes
• Description: Hints that the target resource requires authentication using the HTTP Authentication framework .
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, each corresponding to a HTTP authentication scheme (), and optionally a "realms" member containing an array of zero to many strings that identify protection spaces that the resource is a member of. For example:

auth-realms

• Hint Name: auth-realms
• Description: Hints the authentication realm(s) available for those schemes that support them in the HTTP Authentication framework .
• Content Model: array (of strings)
• Specification: [this document]

Content MUST be an array of strings, each indicating a protection space that the resource is a member of. For example:

status

• Hint Name: status
• Description: Hints the status of the target resource.
• Content Model: string
• Specification: [this document]

Content MUST be a string; possible values are:

• "deprecated" - indicates that use of the resource is not recommended, but it is still available.
• "gone" - indicates that the resource is no longer available; i.e., it will return a 410 (Gone) HTTP status code if accessed.

Security Considerations Clients need to exercise care when using hints. For example, a naive client might send credentials to a server that uses the auth-req hint, without checking to see if those credentials are appropriate for that server.

IANA Considerations

HTTP Link Hint Registry This specification defines the HTTP Link Hint Registry. See for a general description of the function of link hints. Link hints are generic; that is, they are potentially applicable to any HTTP resource, not specific to one application of HTTP, nor to one particular format. Generally, they ought to be information that would otherwise be discoverable by interacting with the resource. Hint names MUST be composed of the lowercase letters (a-z), digits (0-9), underscores ("_") and hyphens ("-"), and MUST begin with a lowercase letter. Hint content MUST be described in terms of JSON values (). Hint semantics SHOULD be described in terms of the framework defined in . New hints are registered using the Expert Review process described in to enforce the criteria above. Requests for registration of new resource hints are to use the following template:

• Hint Name: [hint name]
• Description: [a short description of the hint's semantics]
• Content Model: [valid JSON value types; see RFC627 Section 2.1]
• Specification: [reference to specification document]

Initial registrations are enumerated in . The "rel", "rev", "hreflang", "media", "title", and "type" hint names are reserved, so as to avoid potential clashes with link serialisations.

References Normative References The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230. The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages. This document obsoletes RFC 7234. This specification defines a model for the relationships between resources on the Web ("links") and the type of those relationships ("link relation types"). It also defines the serialisation of such links in HTTP headers with the Link header field. JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data. This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance. A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK] In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Several applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource. [STANDARDS-TRACK] This specification defines an HTTP header field that can be used by a client to request that certain behaviors be employed by a server while processing a request. This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK] Informative References Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226.

Representing Link Hints in Link Headers A link hint can be represented in a Link header () as a link-extension. When doing so, the JSON of the hint's content SHOULD be normalised to reduce extraneous spaces (%x20), and MUST NOT contain horizontal tabs (%x09), line feeds (%x0A) or carriage returns (%x0D). When they are part of a string value, these characters MUST be escaped as described in ; otherwise, they MUST be discarded. Furthermore, if the content is an array or an object, the surrounding delimiters MUST be removed before serialisation. In other words, the outermost object or array is represented without the braces ("{}") or brackets ("[]") respectively, but this does not apply to inner objects or arrays. For example, the two JSON values below are those of the fictitious "example" and "example1" hints, respectively: In a Link header, they would be serialised as: ; rel="sample"; example="The Example Value"; example1=1.2 ]]> A more complex, single value for "example": would be serialised as: ; rel="sample"; example="\"foo\", -1.23, true, [\"charlie\", \"bennet\"], {"cat": \"thor\"}, false" ]]>

Acknowledgements Thanks to Jan Algermissen, Mike Amundsen, Bill Burke, Graham Klyne, Leif Hedstrom, Jeni Tennison, Erik Wilde and Jorge Williams for their suggestions and feedback.