OpenSocial RPC
Apparently there is a JSON-RPC working group and a proposal to marshal RPC over HTTP. The description is quite simple:
JSON-RPC is a stateless, light-weight remote procedure call (RPC) protocol. It uses JSON (RFC 4627) as data format, and is transport-independent. It’s designed to be simple!
The abuse is clear from the proposed OpenSocial JSON-RPC API.
POST /jsonrpc HTTP/1.1
Host: api.example.org
Authorization: <Auth token>
Content-Type: application/json
{
"method" : "people.get",
"id" : "myself"
"params" : {
"userid" : "@me",
"groupid" : "@self"
}
}
But what is so un-simple about the right approach?
GET /people?... HTTP/1.1 Host: api.example.org Authorization: <Auth token>