zolkis
commented
3 years ago I don't see how this would change the API, so I assume this would be a comment (note) for implementers in the spec?
Open mmccool opened 3 years ago
zolkis
commented
3 years ago I don't see how this would change the API, so I assume this would be a comment (note) for implementers in the spec?
Object security only protects the bodies of messages, not the headers. As we may need to use object security in local contexts where TLS is not available, it would be helpful to be able to protect queries. The URL appears in the headers and cannot be protected by object security, but the body can. In order to allow for this, we need to support putting queries in the body for all query types, including JSON Path and XPath (which is also consistent, since SPARQL queries allow this as an option).