Mention HTTPS bindings as mandatory

[ticapix]

What this PR changes/adds

Clarify that HTTPS bindings are mandatory
(and editorial changes to have one sentence per line, simplifying the future PRs and review)

Linked Issue(s)

International-Data-Spaces-Association/identity-in-data-spaces#11 (comment)

[arnoweiss]

I'm generally open to this amendment. The topic hasn't been discussed in the committer's round yet so I think a PR is a little early at this stage. Up until now, relying specifications had to specifically reference the binding to lift it to normativity, see this example_

Participant Agents MUST facilitate data exchange according to the HTTPS binding defined in the Dataspace Protocol.

The committers have to discuss the effect on the spec's releases as it's definitively a change with a normative effect.

[ssteinbuss]

Hi,
The introduction typically does not state requirements. It is descriptive. The normative statements and requirements, indicated by the keywords like MUST follow in the later section. I don't see a need to make this requirement in the intro. Is it not covered elsewhere already?

[ssteinbuss]

Requirements cannot be stated in the introduction. The addition does not add value to the text. It is misleading and requires more explanations, what goes beyond the scope of the introduction.
Proposal is to reject this contribution.

[ticapix]

I understand the feedback and the text can be moved to the appropriate section if one is given.

The proposal is to clarify that, in this section:

1. The document states that the protocol support several bindings.
2. The bindings must be one of the following: HTTPS

This makes HTTPS bindings mandatory, no ? (Which kind of make sense if DSP want to have one TCK for all implementations.)

[ssteinbuss]

As far as I can see:

• Connectors implementing the Dataspace Protocol MAY operate on different versions and bindings.
• A Connector MUST respond to a respective HTTPS request by returning a VersionResponse with at least one item.

For the versioning endpoint, an HTTPS response is mandatory. However, different versions can be offered.

At the moment, only the HTTPS binding exists, but the DSP shall be open to other bindings. This would include the need for a specification of the binding and an extension of the TCK. But the idea is not to make HTTPs mandatory. Thus, it should not be stated like this in the document.

[arnoweiss]

1. The document states that the protocol support several bindings.
2. The bindings must be one of the following: HTTPS

This makes HTTPS bindings mandatory, no ? (Which kind of make sense if DSP want to have one TCK for all implementations.)

The bindings must be one of the following: HTTPS means that the schemas have an enum that currently only holds HTTPS. When there's a new binding, that enum will be expanded.

For the purpose of forward-compatibility (and opposite to my initial reaction) it might be smarter to leave it up to each dataspace which binding to declare mandatory. Otherwise, participants in a future dataspace using DSP over, say, AMQP would be required to expose two sets of endpoints for the same interactions.