Comments from Jon Miner, responses from Jim Fox
Reviewing Guidelines for Designing RESTful APIs in TIER …. +1 to Chris' idea of merging at least the metadata portion of the common elements in, if not all of them. I can't see a reason not to, but I feel like I'm overlooking something.
Generally is seems straightforward to me… Comments/questions (as I read top-to-bottom):
- Do we want to support pagination at all? As the SCIM docs mention (and anybody who has implemented knows), it's generally a disaster and not used unless you're keeping connection state (like LDAP or a DB).
- JimF: There are times where the entire document is too big.
- I agree completely on plurals vs non-plurals, but how do we handle "update" or "add" operations (PUT/POST) on the set? It tends to get un-REST-ful that way? I can't help thinking about it that way, though.
- JimF: I think the plural/non-plural is silly. It's part of the location of a resource. If the result is a list then that's documented somewhere. I'll note that database people tend to use singular nouns for tables, even though they contain multiple rows.
- Security.. it feels like we should mandate HTTPS, of course, but leave everything else to environment (presumably Basic?) .. Do we want to get in to thinking about externalizing authorizations?
- JimF In some sense not specifying authorization is externalizing it.
Feels like I should have more commentary, and I'm sure I do, but my brain is feeling scrambled at the moment (perfect timing for the call!)
jon