Services/Sync/Protocol 2.0 changes

Proposed changes to migrate to 2.0

browserid support

• need to cache auth tokens to prevent external roundtrip on each req.

digestauth support

max individual request size

• right now we limit (not implemented in python!) wbo size, but not total size. Restrict post body size to 3M? Need to see what sort of body size is causing timeouts

drop parentid drop predecessorid

send integers rather than decimals - milliseconds

• figure out how to get the timestamp into integer precision - either cut down to deciseconds or use last significant digits.

405 for wrong method

• Cornice probably buys us this directly

304 not modified when X-Weave-Timestamp < current

• Saves processing the request body

drop whoisi as a return format

delete /storage takes multiple collections

• Will give us the ability to delete "everything except keys" without using a loop

drop x-weave-backoff in favor of retry-after

• No reason to have two identical responses
• generate better docs for how to implement backoff on client

sync sesssions with server-generated token - helps avoid races

• generated on write without auth token if none exists on server side
• can't write if there's a token in place without it. Can't read? (may be inconsistent)
• need a way to have client expire token and length after which it autoexpires
• make it part of auth protocol

way to let the server know that there's a data problem

• have a flag that says "this account reported corrupted" to handle HMAC mismatches, etc
• Maybe in metaglobal?
• is this a storage problem? or particular to sync