Return-Path: X-Original-To: apmail-clerezza-dev-archive@www.apache.org Delivered-To: apmail-clerezza-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D55E510319 for ; Wed, 17 Jul 2013 21:22:23 +0000 (UTC) Received: (qmail 79257 invoked by uid 500); 17 Jul 2013 21:22:23 -0000 Delivered-To: apmail-clerezza-dev-archive@clerezza.apache.org Received: (qmail 79219 invoked by uid 500); 17 Jul 2013 21:22:23 -0000 Mailing-List: contact dev-help@clerezza.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@clerezza.apache.org Delivered-To: mailing list dev@clerezza.apache.org Received: (qmail 79210 invoked by uid 99); 17 Jul 2013 21:22:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Jul 2013 21:22:22 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andy.seaborne.apache@gmail.com designates 74.125.82.171 as permitted sender) Received: from [74.125.82.171] (HELO mail-we0-f171.google.com) (74.125.82.171) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Jul 2013 21:22:15 +0000 Received: by mail-we0-f171.google.com with SMTP id m46so2289272wev.30 for ; Wed, 17 Jul 2013 14:21:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=c90aI9ROFrQKJzEn4KRVI8sHR+bCtjtQZdVOq13WjbE=; b=nVwLMfBuypNG8fRoMQlI5o5Y/uMvT9mNb0gw7qmmTTqtTezQOSUEAJpHqIJnmHNjMU VueHCfCXEtiqbF3x6DmrkXE7FI/Pl02e3pUoecTsFf0Vtih5avyoX87jcWpLDTtmQcGq YWpHTbTHdEa5+uB2ry5zy5RkRn6+3NNEKXPibQyyM11ZxM2+BHfCniW6YY6aiiLDSy4T SUFiQ93O6jF0o+kZ8b2E9qn4DZj6cZaWLY5eNqEadG0GqpaUAYgbzgpLaQeV9siGHgnZ iQDdB5RxhvhPpFy/9B17HhelEpPVzRiCaBSbxJ8PlOYze+645tqVGqWt5fBkP6GzJB9U Ohhw== X-Received: by 10.194.157.198 with SMTP id wo6mr6347203wjb.60.1374096114822; Wed, 17 Jul 2013 14:21:54 -0700 (PDT) Received: from [192.168.43.87] (92.40.254.165.threembb.co.uk. [92.40.254.165]) by mx.google.com with ESMTPSA id r8sm12395642wiy.8.2013.07.17.14.21.53 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 17 Jul 2013 14:21:54 -0700 (PDT) Message-ID: <51E70AF0.7080504@apache.org> Date: Wed, 17 Jul 2013 22:21:52 +0100 From: Andy Seaborne User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: dev@clerezza.apache.org Subject: Re: Sparql: handle queries and update requests together or separately? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On 17/07/13 10:08, Reto Bachmann-Gm�r wrote: > Hi Hasan > >>> The recent changes towards full sparql 1.1 treat queries and update >>> requests together. That is we have one method that accepts both. >> >> >> Do you mean HTTP method? > > I meant java method. But because it's the same Java method it will be > harder for the code to handle queries via HTTP GET not also to allow > update requests. >> >> >>> I'm >>> wondering if this makes sense. One reason against this approach is >>> that the Sparql protocol mandates different ways for submitting >>> queries and update requests. Clerezza can have one API operation - it's the on-the-wire HTTP mapping that SPARQL protocol defines. The required difference is either MIME type or via ?request= or ?query=. It's a very light check of the query string needed but if you pre-parsing anyway, then you'll know if it's a query or an update. In fact, SPARQL protocol does not mandate different endpoints at the level of HTTP - it does make it possible and it encourages different service endpoints for query and update which are different languages (for security reasons and for query/update injection attacks). But it does not mandate any endpoint naming. BTW Queries can be sent by POST as well as GET - this is necessary in the "real" world because URLs over 1k (and more often 4k) are not reliable (some cache and proxy server silently truncate the URL). And, from experience, I see people use POST on forms even when GET would do. Andy >> >> >> If HTTP method is meant here, I can only find by quickly run through the >> doc >> http://www.w3.org/TR/2013/REC-sparql11-protocol-20130321/#protocol >> >> that we may want to use HTTP Get for the query and POST for the update. >> >> >>> But if in clerezza queries end up being >>> handled by a method than is also capable of updates it would be hard >>> to enforce that no update comes in disguise of a query. (Not that this >>> would be a security issue, but it would be against standard and best >>> practices to update a graph on a get request). >>> >> >> If that is the case, I think we can add or modify function in the preparser >> to get >> information about whether it is an update or query, and react accordingly. > > That would be one approach. The other would be two have two different > methods in TcManager for queries and updates. And if we want a > fastlane for updates too, to have two pre-parsers. > > Cheers, > Reto > >> >> Cheers >> Hasan >> >>> >>> Cheers, >>> Reto >>>