radiantearth
Allow Asset href to be null
Currently (1.1.0), an Asset must have an href that is an IRI. I would propose that we allow this to be null.
The case I have in mind is when a STAC API is applying permissions to Items, and wishes to hide the URLs of assets that the caller is not authorized to access, but still wishes to show the existence of the asset. Without being able to set it to null, the href must be set to something, will be set to a value that that the caller must access to discover that they do not have access to.
Isn't that a usecase for the auth (and/or order?) extension then? So telling people that the href is not accessible until X is fulfilled. If we allow it for assets (which I don't like yet), would we also need to allow it for links?
Allowing null would be a breaking change, so can only be part of STAC 2.0, I think.
PS: Thumbs down is meant as a vote against it, not in any way offensive or dismissive of the proposal per-se ;-)
wishes to hide the URLs of assets that the caller is not authorized to access,
I think I'm with Matthias here, though not sure enough to vote. If you're trying to tell a user that they can't access the thing at the href, I think it'd be better to just have something like a "disallowed": true attribute on the asset. Hiding the asset href just feels like your auth*n is too loose and you're trying to do security-through-obscurity?
Yeah coming back to this it's a little hard to envision an organization being open enough to have an asset in STAC but cautious enough to not want to expose the href to that asset. Is that something that you have seen a need for @philvarner?
