jordan2175
commented
5 years ago Allan's proposed new text is:
This Endpoint deletes an object from a Collection by its id. For STIX 2 objects, the {object-id} MUST be the STIX id.
If the Collection specifies can_write as false for a particular client, this Endpoint MUST return an HTTP 401 (Unauthorized) error.
The DELETE endpoint is not supported for write-only collections, where can_write is true and can_read is false. If a client attempts a DELETE operation on a write-only collection, then the server should return HTTP 403 (Forbidden).
To support removing a particular version of an object, this Endpoint supports filtering as defined in section 3.4. The only valid match parameter is version.
When a TAXII Server returns a successful response code of 200 to a DELETE, any subsequent attempts to fetch that object from the collection by an authorized client using the Get Objects Endpoint MUST return a HTTP 404 (Not Found) response. Furthermore, any subsequent attempts to fetch the collection manifest or its contents MUST NOT return the object in the result. Subsequent attempts to fetch the object from other collections present on the TAXII server MAY also return an HTTP 404 (Not Found) response, and subsequent attempts to fetch the collection manifest or its contents of other collections which contained the object MAY not return the object in the result.
There was also an issue with some text description about the {object-id}. It has said "requested" when it should have said "deleted".
Allan has found an issue with the text around error codes that need to be returned for the Delete HTTP method. I will take his text and add it to the Google Doc in suggestion mode.