Trailing question mark in (SSA) access URLs

[Mark Taylor]

Hi DAL & Ops,

this is a follow up to the discussion of the issue of trailing
question marks in service URLs from the DAL/Ops Running Meeting #10
(28/04/2021).  To summarise the discussion there: there was confusion
about whether the registered access_url should end with a "?";
some validators appended test query parameters
(e.g. "POS=0.0,0.0&SIZE=0.000") directly to the supplied access_url,
and if the access_url did not end with a "?" (or possibly "&")
the query failed with an unhelpful error status since there was
no query part to the URL.

Since then, there have been implementation changes to services
and validators to avoid this issue in most cases, but there's still
some confusion in the standards which should be considered by DAL.

I will raise this issue in the Ops/DAL session at the upcoming
Interop; this message is a heads-up in case anybody wants to familiarise
themselves with it before then (if not, you can stop reading!)

Looking at SSA 1.1:

   section 8.3.3 says:

      An Online Resource URL intended for HTTP GET requests is in fact
      only a URL prefix to which additional parameters are appended
      in order to construct a valid Operation request. A URL prefix is
      defined in accordance with IETF RFC 2396 as a string including,
      in order, the Simple Spectral Access Protocol V1.1 scheme
      ("http" or "https"), Internet Protocol hostname or numeric
      address, optional port number, path, mandatory question mark
      "?", and optional string comprising one or more server-specific
      parameters ending in an ampersand "&".

   which clearly mandates a trailing "?" (or "&") in the registered URL,
   so that clients ought not to have to add one themselves.

   However, Sec 3.2 says:

      If the SSA query is transmitted as an HTTP GET request then the 
      URL to express a data query is formed like this:

         <Service.BaseURL>?VERSION=1.0&REQUEST=queryData<&param=value...>

   which suggests that it is the responsibility of the client to
   add the "?".

   There is also text in the example in Section 8.10 that suggests
   a base URL with no trailing "?":

      <INFO name="baseUrl" value="http://webtest.aoc.nrao.edu/ivoa-dal"/>

   So, this is probably a case for an Erratum to SSA 1.1 sections 3.2
   and 8.10.

Looking at other standards:

   - SIA 1.0 (sec 4.1, item 1) is clear that the service does need to
     supply a trailing "?" or "&".

   - SIA 2.0 doesn't mention the question, but examples in sections
     2.3 and 3.1.2 do not supply the trailing "?".
     That makes sense, since SIA 2.0, unlike 1.0, supports either
     GET or POST, and POST doesn't use the query part of the URL.

   - SCS 1.03 and WD-1.1 do require the trailing "?" or "&",
     though WD-1.1 permits POST as well as GET.

So, it's a bit inconsistent and confusing, though the only actual
contradiction I can see is in SSA.

Pragmatically: it is good defensive practice by clients, including
validators, to check the base URL before appending a query part
to a GET URL, and append a "?" or "&" if required.

As far as standards go: an Erratum to remove the confusion in SSA
might be a good idea; perhaps it should also advise clients to
be prepared for either case.  Possibly there could be some ruling
or advice on this in the DALI section on DALI-sync as well?

Mark

--
Mark Taylor  Astronomical Programmer  Physics, Bristol University, UK
m.b.taylor at bristol.ac.uk          http://www.star.bristol.ac.uk/~mbt/