> Section 2: > > The phrase "business logic" is nebulous. It may be sufficient to say, “anything beyond” the required validation steps. Then you can say further logic to processes SETs SHOULD be executed asynchronously. > > Mike> I've updated the sentence to read "The SET Recipient SHOULD NOT perform anything beyond the required validation steps prior to sending this response." WFM. Thanks. > > === > > Section 2.3: > > In your error examples, especially the second one, is HTTP 400 always the right error code? I was thinking 403 in this case. > > Mike> The second paragraph of https://tools.ietf.org/html/draft-ietf-secevent-http-push-11#section-2.3 states "the SET Recipient SHALL respond with an HTTP Response Status Code of 400 (Bad Request)". While other error codes could have been used or allowed, choosing one to keep things simple and interoperable was the goal here. Hmmm, I must have just glossed over this bit on my first read (sorry). I’ve gone back and re-read. I would think you could still standardize and be interoperable with more purposeful codes, but I will defer to those more in the HTTP know here. The JSON response fleshes out the specifics, so it’s a minor thing. Joe -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
