A couple of issues with the text of the proposal, all minor edits:
1. “An application can execute an invalidation request as either a POST/PUT to the REST endpoint described in the containers XRDS or as a JSON-RPC call.” We only PUT to a resource with a name, yet the code is never cacheable/idempotent. It seems like we want N invalidate requests to create N invalidations. As such, I think we only support POST, never PUT.
2. The spec needs to explicitly state that the request is scoped to the application associated with the OAuth info. If this isn’t true, can someone explain why? (I’d probably just be missing a simple point.)
A couple of issues with the text of the proposal, all minor edits:
1. "An application can execute an invalidation request as either a POST/PUT to the REST endpoint described in the containers XRDS or as a JSON-RPC call." We only PUT to a resource with a name, yet the code is never cacheable/idempotent. It seems like we want N invalidate requests to create N invalidations. As such, I think we only support POST, never PUT.
2. The spec needs to explicitly state that the request is scoped to the application associated with the OAuth info. If this isn't true, can someone explain why? (I'd probably just be missing a simple point.)
+1