In practice, sending an entity with a GET request will not work reliably across many proxies and filters. Not only will some of these mechanisms elide the entity (as Restlet does), but caching policies will also probably not do what you expect.
If you need to send an entity and examine it to decide what to return, you should use POST; this will work more consistently. On Wed, Apr 30, 2008 at 4:59 AM, Surjendu <[EMAIL PROTECTED]> wrote: > I do understand that GET is read-only. Say u want to retrieve SSN number > of an > individual. Before sending the SSN number we also need to see whether the > user > asking for the data is authorized to view that or not. I am not talking > about > Guard class authentication or authorization( custom authorizations such as > LDAP/Database/CMS). If we dont allow entities as part of GET how will we > target > these use cases? > > >
