Self Healing Web - implementation update

Following the discussion after Barcamp about SHW a number of possible implementation ideas were discussed. Below is my current favourite, for which I am writing a wordpress plugin with the help of Mike Davies.

Most people I spoke to agreed that using REST was the least invasive way to report that someone has linked to an error. It is also the most ubiqituous technology on the web (obviously). So how could we implement this with REST?

The answer we came up with is a mix of two excellent suggestions. The first is how we deal with notification, the most important part of the system. If we are going to use REST, then any informative or updating should be done with the POST method. When Mike and I first started to hack an implementation we were orginally going to use an XML format. However in order to seperate these notifications from other POST transactions we deicded this to use an HTTP. By adding a header “X-Self-Healing-Notification” (1), we give the resource a chance to handle it seperately to other POST traffic. This reduces the chance of a conflict with other systems, and allows notifications to be gathered globally, even when they are being sent to a resource which doesn’t know how to handle POST request (say an HTML document).

Once you have made a post with the notification request then you should expect a response with a header like “X-Self-Healing-Accepted” (1). If you didn’t get a header response, then you should expect not to send notifications to this resource for given perioid. This might be a week, a month or forever. Whatever is the right length of time for your applicaiton. This is important because it makes the system polite and non-invasive, unlike previous systems, such as those that email domain owners of 404s.

One of the important things to remember is that this is a notification system. While additional headers could be used to pass along information, such as the new location of a 301, it should be taken as purely informative. As the previous post discussed, there are plenty of issues around security and authentication. Personally I wouldn’t update without visiting the resource in quesiton to validate that it really is throwing an error.

Finally, at BarCampLondon, someone also suggested the use of an X-header when you deliver resources to users. This would allow browser plugins to do the same job on pages which accepted self healing. So, to put it in context, you install a browser plugin and do some surfing. One of the sites you visit supports self healing notifications and links to an error. The site which with the error doesn’t support self healing however, so there are not any self healing X-headers in the HTTP response. Your browser plugin knows that the referring site does support self healing though, so it sends the notification itself. By simply browsing the web you are helping to fix it. Super!

Note 1: A prize for the best suggestion for the name of these headers