Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 08 Nov 2022 09:30

# httpapi

## Summary

The HTTP API working group meeting covered several key topics, including interactive authentication for non-interactive HTTP requests, the YAML media type, the deprecation header, item potency, the link template header, restful media types, 7807, and rate limit headers. A significant discussion revolved around the preferred format for rate limit headers, culminating in a rough consensus to adopt structured header fields. Ben presented a draft protocol for interactive authentication, which sparked a discussion about its suitability for HTTP API versus the OAuth working group.

## Key Discussion Points

*   **Interactive Authentication:** Ben presented a draft protocol for interactive authentication of non-interactive HTTP requests, proposing a mechanism for applications to leverage web-based authentication flows.
    *   Concerns were raised regarding potential abuse and the complexity of user interaction.
    *   Discussion focused on whether the proposed solution should be an HTTP extension or an OAuth variant.
    *   The possibility of using OAuth redirect URIs and existing OAuth mechanisms was explored.
*   **YAML Media Type:** The working group confirmed that the YAML media type specification is nearing completion and addressed the remaining issues regarding clipboard identifiers for Windows and MacOS.
*   **Deprecation Header:** The discussion about whether to combine the deprecation and sunset headers into a single "lifecycle" header was revisited.
    *   There was further discussion on the format of the date in the deprecation header, whether human-readable or a delta from the common Epoch.
*   **Item Potency:** The working group noted that only one minor issue remained for the item potency header.
*   **Link Template Header:** The status of the link template header was reviewed, with an ongoing discussion about the anchor parameter in URI templates.
*   **Restful Media Types:** Progress on the restful media types (JSON Schema and OpenAPI) was discussed, with outstanding issues related to fragment identifiers and security considerations.
*   **7807:** The working group addressed recent issues opened on 7807.
*   **Rate Limit Headers:** A significant portion of the meeting was dedicated to discussing the format of rate limit headers, specifically whether to use separate fields (rate-limit-limit, rate-limit-remaining, rate-limit-reset) or a single structured header.
    *   Concerns were raised about the ability of intermediaries to process structured content.
    *   The discussion highlighted the need to balance short-term deployment considerations with long-term design principles.
    *   A hum was conducted, indicating a rough consensus in favor of using structured header fields.

## Decisions and Action Items

*   **Deprecation Header:** Mark volunteered to create a PR for the life cycle header.
*   **Rate Limit Headers:** The working group reached a rough consensus to proceed with the structured header field format. Further input is requested from implementers to ensure it's a sensible choice, especially those in cloudflare and other vendors.
*   **Interactive Authentication:** Ben and Aaron will work to craft a more OAuth flavored protocol.

## Next Steps

*   Mark to implement PR for life cycle header in deprecation header draft.
*   Mailing list discussion to confirm consensus on structured header format for rate limit headers.
*   Ben and Aaron will revise the authentication proposal as an OAuth extension and bring it back to OAuth.
*   Roberto to finalize YAML media type document and begin publication process.