Network Working GroupInternet Engineering Task Force (IETF) E. WildeIntended status: Informational Expires:Request for Comments: 8631 July15,2019 Category: Informational ISSN: 2070-1721 Link Relation Types for Web Servicesdraft-wilde-service-link-rel-10Abstract Many resources provided on the Web are part of sets of resources that are provided in a context that is managed by one particular service provider. Often, these sets of resources are referred to as "WebServices"services" or "Web APIs". This specification defines link relationsfor representingthat represent relationships fromthose resourcesWeb services or APIs toonesresources that provide documentation, descriptions, metadata, ormetadatastatus information for theseWeb services.resources. Documentation is primarily intended for human consumers, whereas descriptions are primarily intended for automatedconsumers; metadata is supposed to beconsumers. Metadata provides information about a service's context.ItThis specification also defines a link relation to identify status resources that are used to representoperationalinformation about service status. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsnot an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draftthe IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documentsvalidapproved by the IESG are candidates fora maximumany level ofsix monthsInternet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 15, 2019.https://www.rfc-editor.org/info/rfc8631. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Web Services . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Documenting Web Services . . . . . . . . . . . . . . . . 5 3.2. Describing Web Services . . . . . . . . . . . . . . . . . 5 3.3. Unified Documentation/Description . . . . . . . . . . . . 5 4. Link Relations for Web Services . . . . . . . . . . . . . . .65 4.1. The service-doc Link Relation Type . . . . . . . . . . . 6 4.2. The service-desc Link Relation Type . . . . . . . . . . . 6 4.3. The service-meta Link Relation Type . . . . . . . . . . . 6 5. Web Service Status Resources . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6.1. Link Relation Type: service-doc . . . . . . . . . . . . . 7 6.2. Link Relation Type: service-desc . . . . . . . . . . . . 7 6.3. Link Relation Type: service-meta . . . . . . . . . . . . 8 6.4. Link Relation Type: status . . . . . . . . . . . . . . . 8 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 8.2. Informative References . . . . . . . . . . . . . . . . . 9Appendix A.Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction One of the defining aspects of the Web is that it is possible to interact with Web resources without any prior knowledge of the specifics of the resource. Following the practices described in WebArchitecturearchitecture [W3C.REC-webarch-20041215] by using URIs, HTTP, and media types, the Web's uniform interface allows interactions with resources without the more complex binding procedures often necessary with other approaches. Many resources on the Web are provided as part of a set of resources that are referred to as a "WebService"service" or a "Web API". In many cases, these services or APIs are defined and managed as a whole, and it may be desirable for clients to be able to discover this service information. Service information that provides information on how to use service resources can be broadly separated into two categories: One categoryisprimarilytargeted fortargets human users and often uses generic representations for human readable documents, such as HTML or PDF. The other category is structured information that followssomea more formalized descriptionmodel,model and is primarily intended for consumption bymachines, for examplemachines -- for example, tools and code libraries. In the context of this memo, the human-oriented variant is referred to as "documentation", and the machine-oriented variant is referred to as "description". These two categories are not necessarily mutually exclusive, asthere arerepresentationsthathave been proposed that are intended for both human consumption and interpretation by machine clients. In addition, a typical pattern for servicedocumentation/descriptiondocumentation/descriptions is that there ishuman-orientedhuman-oriented, high-level documentation that is intended to put a service in context and explain the general model, which is complemented byamachine-leveldescriptiondescriptions thatisare intended asadetailed technicaldescriptiondescriptions of the service. These two resources could be interlinked, but since they are intended for different audiences, it can make sense to provide entry points for both of them. In addition, while both documentation and descriptions may be provided as part of a Web service, there may be other information as well. Generally speaking, a Web service may have any metadata/ resources associated with it (withdocumentation/description justdocumentation and descriptions being two specific kinds ofresource).resources). If there is a wayhowin which all of these metadata/resourcesarecan be represented, then it should be possible todiscoverfind such a resourceprovidingthat provides access to general Web service metadata. In addition to these resources about mostly static aspects of a Web service, this memo also defines a link relation that allows providers of a Web service to link to a resource that represents status information about the service. This information often represents operational information that allows service consumers to retrieve information about "service health" and related issues. This memo places no constraints on the specific representations used for all of these resources. It simply allows providers of a Web service to make the documentation,description,descriptions, metadata, and status of their servicesdiscoverable,discoverable and defines link relations that serve that purpose. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Web Services "Web Services" or "Web APIs" (sometimes also referred to as "HTTP API" or "REST API")are a way toexpose information and services on the Web. Following the principles of Web architecture [W3C.REC-webarch-20041215], they expose URI-identified resources, which are then accessed and transferred using a specific representation. Many services use representations that contain links, andoftenthese links are often typed links. Using typed links, resources can identify relationship types to other resources. RFC 8288 [RFC8288] establishes a framework of registered link relation types, which are identified by simple strings and registered in an IANA registry. Any resource that supports typed links according to RFC 8288 can then use these identifiers to represent resource relationships on the Web without having tore- inventreinvent registered relation types. In recent years, Webservicesservices, as well as their documentation and descriptionlanguageslanguages, have gainedpopularity,popularity due to the general popularity of the Web as a platform for providing information and services. However, the design of documentation and description languages varieswithaccording to a number of factors, such as the general application domain, the preferred application data model, and the preferred approach for exposing services. This specification allows service providers to use a unifiedwaymethod to link to service documentation and/ordescription.descriptions. This link should not make any assumptions about the provided type of documentation and/ordescription,descriptions, sothatservice providers can choosethe onesthose that best fit their services and needs. This specification also allows service providers to link to general servicemetadata, which as onemetadata. One part ofitthe metadata may have links to documentation and/ordescription, but potentially can havedescription as well as other information about aservice as well,service, such as deployment or operational information. 3.1. Documenting Web Services In the context of this specification, "documentation" refers to information that is primarily intended for human consumption. Typical representationsforof this kind of documentation are HTML and PDF. Documentation is often structured, butthe exact kind of documentationits structure depends on the structure of the servicethat is documented,in question as well asonthe specific way in which thedocumentationauthors choose todocumentpresent it. 3.2. Describing Web Services In the context of this specification, "description" refers to information that is primarily intended for machine consumption. Typical representationsfor thisare dictated by the technology underlying the service itself, which means that description formats in today's technologylandscape, description formats exist thatlandscape are based on XML, JSON,RDF,Resource Description Framework (RDF), and a variety of other structured data models.Also, inIn each of those technologies, there may be a variety of languagesthat aredefined toachieveserve the same general purpose of describing a Web service. Descriptions are always structured, but the structuring principles depend on the nature of the described service. For example, one of the earlier service description approaches, the Web Services Description Language (WSDL), uses "operations" as its core concept, which are essentially identical to functioncalls,calls because the underlying model is based onthat ofthe Remote Procedure Call (RPC) model. Other description languages for non-RPC approaches to services will use different structuring approaches, such as structuring service descriptions by URIs and/or URI patterns. 3.3. Unified Documentation/Description If service providers use an approach where there is no distinction between service documentation (Section 3.1) and service description (Section 3.2), then they may not feel the need to use two separate links. In such a case, an alternative approach is to use the previously defined "service" link relation type [RFC5023], whichhas no indication ofdoes not indicate whether it links to documentation ordescription,description and thus may be a better fit if no such differentiation is required. 4. Link Relations for Web Services In order to allow Web services to represent the relation of individual resources to service documentation/description and metadata, this specification introduces and registers three new link relation types. 4.1. The service-doc Link Relation Type The "service-doc" link relation type is used to represent the fact that a resource or a set of resourcesareis documented at a specific URI. The target resource is expected to provide documentation that is primarily intended for human consumption. 4.2. The service-desc Link Relation Type The "service-desc" link relation type is used to represent the fact that a resource or a set of resourcesareis described at a specific URI. The target resource is expected to provide a service description that is primarily intended for machine consumption. In many cases, it is provided in a representation that is consumed by tools, code libraries, or similar components. 4.3. The service-meta Link Relation Type The "service-meta" link relation type is used to link to available metadata for the service context of a resource. Service metadata is any kind of data that may be of interest to existing or potential service users, with documentation/descriptiononlybeing only two possible facets of service metadata. The target resource is expected to provide a representation that is primarily intended for machine consumption. In many cases, it is provided in a representation that is consumed by tools, code libraries, or similar components. Since service metadata canbe forhave many differentpurposes,purposes and use many different representations, it may make sense for representations using the "service-meta" link relation toaddoffer additional hints about the specific kind or format of metadata that is being linked. This definition of the "service-meta" link relation makes no specific assumptions about how these link hints will be represented, and the specific mechanism will depend on the context where the "service- meta" link relation is being used. One examplefor thisis that a "service-desc" link may identify an OpenAPI description, which is supposed to be the machine-readable description of a Web API. A "service-meta" link may identify a resource that contains additional metadata about the Web API, such as labels that classify the API according to a labelingscheme,scheme and a privacy policy that makes statements about how the Web API manages personally identifiable information. 5. Web Service Status Resources Web services providing access to one or more resources often are hosted and operated in an environment for which status information may be available. This information may be as simple as confirming that a service is operational, or it may provide additional information about different aspects of aservice,service and/or a history of status information, possibly listing incidents and their resolution. The "status" link relation type can be used to link to such a status resource, allowing service consumers to retrievestatusinformation about a Web service's status. Such a link may not be available for and from all resources provided by a Webservice, butservice -- only from key resources such as a Web service's metadata resource and/or a service's home resource (i.e., a resource analogous to the home page of a Web site). This memo does not restrict the representation of a status resource in any way. It may be primarily focused on human or machineconsumption,consumption or a combination of both. It may be a simple "traffic light" indicator for servicehealth,health or a more sophisticated representation conveying more detailedinformationinformation, such as service subsystems and/or a status history. 6. IANA Considerations The link relation types below have been registered by IANA per Section 4.2 of RFC 8288[RFC8288]:[RFC8288]. 6.1. Link Relation Type: service-doc Relation Name: service-doc Description: Identifies service documentation for the context that is primarily intended for human consumption. Reference:[[ This document ]]RFC 8631 6.2. Link Relation Type: service-desc Relation Name: service-desc Description: Identifies service description for the context that is primarily intended for consumption by machines. Reference:[[ This document ]]RFC 8631 6.3. Link Relation Type: service-meta Relation Name: service-meta Description: Identifies general metadata for the context that is primarily intended for consumption by machines. Reference:[[ This document ]]RFC 8631 6.4. Link Relation Type: status Relation Name: status Description: Identifies a resource that represents the context's status. Reference:[[ This document ]]RFC 8631 7. Security Considerations Web service providers should be aware that service descriptions and documentation may be used by attackers to gain additional information about a service(and in particular(particularly itsimplementation),implementation) and to test for known security issues. It may thus be advisable tokeeprestrict service descriptions and documentation tothoseaspects of a service that are necessaryto use the service,and to exclude any details that are not necessary for using the service. Another potential security issue for Web service providers is that publishing service descriptions and documentation may generally allow clients (both malicious and otherwise)amore automated and systematic access to a service. It may therefore be possible that more of a service's potential vulnerabilities are made easier to find andexploit,exploit or simply that a service might receive more load because it is accessed by automated clients. Web service consumers should be aware that service descriptions and documentation can be out of sync or simply incorrect. Blindly trusting service descriptions and documentation(in particular(particularly when descriptions are retrieved and interpreted programmatically) is not a safe practice. Web service consumers SHOULD always assume that service descriptions and documentation may beincorrect,incorrect and SHOULD therefore be prepared to handle errors at runtime. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March1997.1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, <https://www.rfc-editor.org/info/rfc8288>. 8.2. Informative References [RFC5023] Gregorio, J., Ed. and B. de hOra, Ed., "The Atom Publishing Protocol", RFC 5023, DOI 10.17487/RFC5023, October 2007, <https://www.rfc-editor.org/info/rfc5023>. [W3C.REC-webarch-20041215] Jacobs, I. and N. Walsh, "Architecture of the World Wide Web, Volume One", World Wide Web Consortium Recommendation REC-webarch-20041215, December 2004, <http://www.w3.org/TR/2004/REC-webarch-20041215>.Appendix A.Acknowledgements Thanksfor comments and suggestions provided byto Mike Amundsen, Ben Campbell, Alissa Cooper, Oliver Gierke, Benjamin Kaduk, Sebastien Lambla, Darrell Miller, and AdamRoach.Roach for their comments and suggestions. Author's Address Erik Wilde Email: erik.wilde@dret.net URI: http://dret.net/netdret/