UWS joblist implementation issues
Norman Gray
norman at astro.gla.ac.uk
Wed Mar 2 15:03:22 PST 2011
Pat, hello.
On 2011 Mar 2, at 21:41, Patrick Dowler wrote:
> In implementing the joblist resource, we obviously allow POST and redirect the
> client to the job, e.g. /joblist/<jobID>. However, we decided in our trivial
> implementation to not allow the client to GET the joblist. We simply return an
> HTTP "forbidden" (403) response. This is not in conflict with the UWS spec and
> it protects users of our system from others looking at their jobs
I see that the UWS spec says, in reference to the job list, that
> The job list may be read to find the extant jobs.
I don't know if that's an RFC2119 MAY, but I would find a 403 response at least unexpected, given that text. Since the user is presumably identified at this point (and would be identified and authorized if they're looking at this after a DELETE operation), couldn't you just show the list of extant jobs that the user has access to?
In any case, GETting the resource /joblist is supposed to return 'a representation of the resource'. You could try returning an HTML page that said simply "yes, there are jobs". That's not a terrifically _useful_ representation, and is rather stretching the spec text, but it's a little more useful than simply 'forbidden'.
All the best,
Norman
--
Norman Gray : http://nxg.me.uk
More information about the grid
mailing list