I definitely don't think that batched requests are ideal, and I certainly do not agree that using POST is appropriate, however, based on the number of times this has come up, I think there's definitely a need for a workable approach for batched operations. Pipelining would likely be sufficient if caching and idempotency issues were handled well, but they're not. IMHO, the BATCH+Multipart approach that I've proposed provides a relatively decent compromise in that the use of BATCH makes the intent of the request clear and bypasses the caching and idempotency issues. For security, intermediaries can choose to block the BATCH method entirely. In time, intermediaries such as caching proxies could even learn how to intelligently deal with BATCH+Multipart (e.g. by analyzing the individual batched requests according to the security policy, etc). I'm not saying that it's problem-free, I'm just saying that it's a workable approach.
- James Roy T. Fielding wrote:
On Feb 27, 2008, at 12:33 AM, John Panzer wrote:FYI -- Thought that some people on this list might be interested in this, both as a usage of Atom and related topics such as batching and patching.As has been discussed before, batching (tunneling multiple requests within a single POST instead of just using HTTP pipelining) is evil. Don't do it.It duplicates all of HTTP within HTTP, squares the complexity of implementation,and absolutely guarantees that you will have security holes. If you are worried about the 2616 requirement that non-idempotent requests must not be pipelined, then just ignore it -- you are ignoring it anyway by sending a pipeline within a multipart. ....Roy