search

w3c / did-resolution

RELEASED DRAFT: Decentralized Identifier Resolution (DID Resolution) 0.2 Specification
https://w3c.github.io/did-resolution/
Other
14 stars 9 forks source link

methodNotSupported has no associated HTTP status code #72

Closed aljones15 closed 7 months ago

aljones15 commented 1 year ago

The spec states to throw the error and add it to the didResolutionMetadata, but unlike other errors we don't know the status code for it.

peacekeeper commented 1 year ago

I agree, this is missing. Do you have a suggestion? Maybe 400? Or 404?

We should probably also define a "default" HTTP status code (400? 500?) if the didResolutionMetadata contains any other error that is not explicitly mapped to an HTTP status code.

aljones15 commented 1 year ago

Those are both issues I've been dealing with this week. I think a default of 500 sounds about right.

One possibility is this for methodNotSupported:

406 Not Acceptable This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content that conforms to the criteria given by the user agent.

As we were unable to find a driver that could resolve the did method given.

peacekeeper commented 1 year ago

I agree with 500 as default.

Regarding "methodNotSupported", I don't think 406 is right, since that's for content negotiation, and we're already mapping "representationNotSupported" to 406.

I think "methodNotSupported" should map to either 404 (since the DID is essentially "not found" by that resolver; kind of like asking for a path on a web server that doesn't exist), or 400 (meaning the client sent a bad request).

aljones15 commented 1 year ago

404 sounds better to me, but I'm not exactly an expert in this field. BTW have you considered OPTIONS requests similar to the way cors does? The OPTIONS request on a did resolver's HTTPS binding could return a header with a list of supported publicKeyFormats.

TallTed commented 1 year ago

4xx don't feel right, as the user/client did nothing wrong in their request. Rather, it's the server that doesn't know how to handle the client's properly-formed request -- and thus I think 501 is the most correct.

The 501 (Not Implemented) status code indicates that the server does not support the functionality required to fulfill the request.

Emphasis added in the quotation above.

aljones15 commented 1 year ago

@peacekeeper 501 is not used currently and seems pertinent.

peacekeeper commented 1 year ago

I agree with 501. @aljones15 @TallTed Could you maybe review https://github.com/w3c-ccg/did-resolution/pull/73 and https://github.com/w3c-ccg/did-resolution/pull/74 ?

aljones15 commented 7 months ago

closing as methodNotSupported is now associated with 501.