Closed nsheff closed 2 years ago
nsheff
commented
2 years ago I think this is clearly not a REQUIRED part of the spec. Still, we could perhaps add this in as an OPTIONAL thing, to standardize a endpoint for adding new collections. Thoughts anyone?
sveinugu
commented
2 years ago @nsheff Makes sense to me. However, we should make sure that we do not restrict the standard to only work with a certain kind of authorization scheme (or if we do, some thought should at least go into such a choice).
tcezard
commented
2 years ago For me that seems completely outside of the scope of the specs. Even as an optional or suggested method.
daviesrob
commented
2 years ago Including PUT would introduce all sorts of security risks, e.g. someone abusing the service to store unrelated data. It would be better to gloss over the part about getting data in for now, and concentrate on getting it out.
nsheff
commented
2 years ago Including PUT would introduce all sorts of security risks, e.g. someone abusing the service to store unrelated data. It would be better to gloss over the part about getting data in for now, and concentrate on getting it out.
of course; I was imagining this endpoint would require authorization.
nsheff
commented
2 years ago Ok I think it's pretty clear that we should shelve this for now. I agree that it's not the focus.
I still think the way I described it above is logical, and the clear way to specify this, for servers that want to specify a data creation endpoint.
Should the
/collectionendpoint allow aPUToperation, as a way to add new collections to the database? I'm likely to implement this for my server, but is this outside the scope of the spec? This could be restricted to authorized users or something (require a bearer token).The way I envision it, you would use http
PUT, and the request body would be a 'level 2 representation':It would add this collection to the database and return the resulting primary digest.