Issue 17566: Need clarificaton for server response to client request using the Max-Forwards header field (hdata-ftf) Source: MITRE (Mr. Jason Mathews, mathews(at)mitre.org) Nature: Clarification Severity: Minor Summary: Section 6.2.5 states "client MUST NOT use the Max-Forward header when requesting the security mechanisms for a given HDR" but no action is defined for the server. If Max-Forwards field is truly not permitted on the OPTION operation then recommend adding expected the server action. Suggest to return a 403 Forbidden status code with optional message "Request cannot include Max-Forwards header field". References: Max-forwards usage: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.2 HTTP status codes http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Resolution: Revised Text: Actions taken: August 27, 2012: received issue Discussion: End of Annotations:===== m: webmaster@omg.org Date: 27 Aug 2012 16:25:48 -0400 To: Subject: Issue/Bug Report ******************************************************************************* Name: Jason Mathews Employer: MITRE Corporation mailFrom: mathews@mitre.org Terms_Agreement: I agree Specification: OMG hData RESTful Transport Section: 6.2.5 FormalNumber: dtc/2012-01-03 Version: 1.0 Doc_Year: 2003 Doc_Month: December Doc_Day: 01 Page: 5 Title: Need clarificaton for server response to client request using the Max-Forwards header field Nature: Clarification Severity: Minor CODE: 3TMw8 B1: Report Issue Description: Section 6.2.5 states "client MUST NOT use the Max-Forward header when requesting the security mechanisms for a given HDR" but no action is defined for the server. If Max-Forwards field is truly not permitted on the OPTION operation then recommend adding expected the server action. Suggest to return a 403 Forbidden status code with optional message "Request cannot include Max-Forwards header field". References: Max-forwards usage: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.2 HTTP status codes http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html