[OAI-implementers] OAI-PMH & SOAP

Walter Underwood wunder@inktomi.com
Sun, 03 Feb 2002 20:21:59 -0800

--On Sunday, February 3, 2002 7:20 PM -0500 Hussein Suleman <hussein@vt.edu> wrote:
> [....] the client, on the other hand, can choose to terminate a connection
> if the server sends too much data (the client is therefore safe). in fact
> the client should always be safe by virtue of the fact that the protocol
> is almost stateless and strictly client-initiated.

First, "almost stateless" is the same as "stateful".

Second, the guts of the XML parser or reader is a terrible place
to implement a limit on the number of records a protocol response
should return. And aborting the session is a poor way to limit the
number of records. It turns a limit into an unrecoverable error.

Layered protocol design is over twenty years old. This is pretty
serious layer-crossing.

I did think of this solution when I first brought this up, but
that is not a way to get interoperability. It is a defense against
malicious servers, which is important, but a different problem.

Other protocols send a request with the start number and the
number to return, and the reply has up to that number of records.
Clear and stateless, with no worries about what to do when the
resumption token times out because the browser comes back after
an hour or a day. Or never comes back at all because they crashed
or got bored. The resumption token implies that state will be
kept when it is not needed, and it requires a periodic cleanup
to get rid of abandoned state. Extra complexity which is really

Walter R. Underwood
Senior Staff Engineer
Inktomi Enterprise Search