[mdx] MDQ questions

Ian Young ian at iay.org.uk
Mon Nov 25 08:13:58 PST 2013 

Sorry to pick this up again after the last three weeks, but I think most of us are back in our respective towns and the time-sensitive stuff I have been working on has somewhat abated... so time to make some forward progress, hopefully!


On 31 Oct 2013, at 17:34, David Waite <dwaite at pingidentity.com> wrote:

> On Oct 31, 2013, at 11:28 AM, Ian Young <ian at iay.org.uk> wrote:
> 
>> I can see what you're saying. I guess my first question would be whether you have a significant use case for the union operator that we should talk about; I think we've regarded it as fairly peripheral up to this point, which may be why it hasn't had much attention.
> 
> Actually I don’t have one in mind, I am just used to RESTful APIs using list-of-IDs as an approach to consolidate multiple requests into one.

Can you give us an example of what that looks like in your experience? I'm not saying we necessarily want to go there, but I'm curious.

> I would prefer to use grouping tags for that, because I think that will make the requests more consistent and thus easier on the server.

Yes, that's the basic idea of saying that an identifier used with the query protocol might resolve to more than one entity. Depending on the implementation, it also means that you can precompute the result (avoiding run-time signing) and build the group up using completely arbitrary rules behind the scenes.

Coming back to my quoted paragraph above, though, and this is really a question for all: *can* anyone think of a real use case for the union operator that isn't covered by IDs that designate arbitrary groups? If not, I am tempted to suggest that we consider dropping it entirely; it would simplify a lot of the questions about encoding the '+' and the like.

My suggested replacement would be to re-define the '{' ... '}' ... pattern as a generalised extension point. Obviously that's used in the SAML-specific layered specification, but it would be open for people to use it in other arbitrary ways as well. I will be trying to rephrase the '{' ... '}' mechanism in this way in any case, because I think it makes the layering clearer.

	-- Ian



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5943 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20131125/6004372a/smime.p7s>

More information about the mdx mailing list