Added support for policy identifier

[darrelmiller]

This proposal takes what we currently have in draft-07

RateLimit-Policy: 100;w=60, 10000;w=86400
{ 50 requests and 30 seconds}
RateLimit: limit=100, remaining=50, reset=30  // protection limit
{ 1 requests and 40 seconds}
RateLimit: limit=10000, remaining=90, reset=200 // quota limit

and suggests the following alternative

RateLimit-Policy: protection;l=100;w=60, quota;l=10000;w=86400
{ 50 requests and 30 seconds}
RateLimit: protection;r=50;t=30
{ 1 request and 40 seconds}
RateLimit: quota;r=90;t=200

This proposal introduces a policy "identifier" that connects the RateLimit field to the RateLimit-Policy field. The primary purpose is to address #127.

With the change in draft-07 to use structured fields in the header we now have the opportunity to explore different approaches and features without trying to maintain similarity with past efforts.

[nfriedly]

I'm a big fan of this overall, I think it's a solid improvement in terms of consistency and ease of parsing.

I am curious about the reasoning for separate RateLimit and RateLimit-Policy headers? It seems to me that the policy parameters could also be appended to the RateLimit header.

[nfriedly]

Why did these get reverted to the older style?

[darrelmiller]

An error. I will fix.

[nfriedly]

This question & answer should probably be revised.

[darrelmiller]

I am curious about the reasoning for separate RateLimit and RateLimit-Policy headers? It seems to me that the policy parameters could also be appended to the RateLimit header.

The split is due to variability of the values and HTTP/2 HPACK compression. RateLimit-Policy should rarely change and therefore can be optimized by header compression. RateLimit will change on ever request and therefore will not be optimized.

[ioggstream]

make returns this error.

draft-ietf-httpapi-ratelimit-headers.xml(0): Error: IDREF attribute target references an unknown ID "ratelimit-reset-keyword", at None

[ioggstream]

@darrelmiller I tried to fix the broken section references: now it should build. Could you please PTAL?

[ioggstream]

@nfriedly PR welcome for fixing inconsistencies :)

[richsalz]

make returns this error.

draft-ietf-httpapi-ratelimit-headers.xml(0): Error: IDREF attribute target references an unknown ID "ratelimit-reset-keyword", at None

There's a few instances still to be cleaned up:

; grep -n ratelimit-reset-keyword *.md
draft-ietf-httpapi-ratelimit-headers.md:216:     the time window reset time ({{ratelimit-reset-keyword}}).
draft-ietf-httpapi-ratelimit-headers.md:233:- inferred by the value of the [reset keyword](#ratelimit-reset-keyword) at the moment of the reset, or
draft-ietf-httpapi-ratelimit-headers.md:263:## Reset Keyword {#ratelimit-reset-keyword}
draft-ietf-httpapi-ratelimit-headers.md:440:Consider that service limit might not be restored after the moment referenced by the [reset keyword](#ratelimit-reset-keyword),
draft-ietf-httpapi-ratelimit-headers.md:579:| RateLimit | reset                 | Dictionary Key |Quota reset interval | {{ratelimit-reset-keyword}} of {{&SELF}} |       |

[jidicula]

👋 hey folks - @kfcampbell shared this inside GitHub's API team as open for comment. I'm new to providing feedback on IETF proposals, so thank you for your patience if any of my comments are low-value or irrelevant to the crux of the PR 🙇‍♂️.

I've got a couple of points about wording consistency in this proposal, as well as some copyedits:

[jidicula]

Suggested change

	When using a policy involving more than one time window, the server MUST reply with the RateLimit header field related to the time window with the lower remaining keyword values.
	When using a policy involving more than one time window, the server MUST reply with the RateLimit header field related to the time window with the lower "r" parameter values.

Does this need to be updated to be consistent with the change in https://github.com/ietf-wg-httpapi/ratelimit-headers/pull/130/files#diff-d26a6f407efe0e4913cbcf7bf0e2a164bee5edea8bf2fdc4aa97a7ceb3acc03cR229 (s/remaining keyword/r parameter/)?

There are other instances in this document that are still referring to remaining keyword that I can't comment on because they're not part of the PR diff - do those need to be updated too?

More generally, I see some diffs where wording was changed from keyword to parameter, but keyword remains in other areas. I'm new to this side of proposal drafts, so apologies if this is just bikeshedding 😁: should this wording be consistent throughout?

[izuzak]

Just adding two minor comments after reading the draft. ✌️ Overall, I like the draft so far -- great work! 👏

[izuzak]

Where is the meaning of parameter "p" defined? I don't see a definition for it nor an example using it. 🤔

[darrelmiller]

It is legacy. I have removed it.