Reasons against GET on /opengdpr_requests/ (List items)?

[Citrullin]

Hi, we are currently in pre-decision process and we might use the OpenGDPR specification. I got one question: Are there reasons for not providing an GET endpoint on /opengdpr_requests/? Besides the authentication issue. You somehow need to make sure that the request has the right to see the response. If there no reasons against it, I would add it to the specification and create a PR for it.

[akatz0813]

I am not particularly opposed, but it would have to be optional. We know of implementations that are using nosql backing stores where scans are either quite slow or not supported.

Nonetheless, even if supported, I would expect it to support paging with cursors and filtering by status. There can be many thousands to even millions of requests for large companies.

[Citrullin]

Since you also didn't specify the authentication, I also wouldn't think about the actual implementation in the specification.

But I agree that this should be optional. Alone for the backwards compatibility. Yes, I would also specify filtering and paging.

[bhox]

@Citrullin Would love a PR to add the request listing endpoint! 👍 Marking this as enhancement and needs help