Allow both Token and String formats for quota policy identifiers

Co-authored-by: darrelmiller <[email protected]>

Author: Copilot

draft-ietf-httpapi-ratelimit-headers.md

@@ -138,20 +138,22 @@ The term "problem type" in this document is to be interpreted as described in [P
 
 # RateLimit-Policy Field {#ratelimit-policy-field}
 
-The "RateLimit-Policy" response header field is a non-empty List{{SF}} of Quota Policy Items ({{quotapolicy-item}}). The Item{{SF}} value MUST be a Token{{SF}}.
+The "RateLimit-Policy" response header field is a non-empty List{{SF}} of Quota Policy Items ({{quotapolicy-item}}). The Item{{SF}} value MUST be either a Token{{SF}} or a String{{SF}}.
 
 The field value SHOULD remain consistent over a sequence of HTTP responses. It is this characteristic that differentiates it from the [RateLimit](#ratelimit-field) field that contains information that MAY change on every request. The "RateLimit-Policy" field enables clients to control their own flow of requests based on policy information provided by the server. Situations where throttling constraints are highly dynamic are better served using the [RateLimit field](#ratelimit-field) that communicates the latest service information a client can react to. Both fields can be communicated by the server when appropriate.
 
 Lists of Quota Policy Items ({{quotapolicy-item}}) can be split over multiple "RateLimit-Policy" fields in the same HTTP response as described in {{Section 3.1 of SF}}.
 
 ~~~
-   RateLimit-Policy: burst;q=100;w=60,daily;q=1000;w=86400
+   RateLimit-Policy: burst;q=100;w=60,"daily";q=1000;w=86400
 ~~~
 
 ## Quota Policy Item {#quotapolicy-item}
 
 A quota policy Item contains an identifier for the policy and a set of Parameters{{SF}} that contain information about a server's capacity allocation for the policy.
 
+The policy identifier can be expressed as either a Token{{SF}} (unquoted) or a String{{SF}} (quoted). Tokens are more compact but are limited by Token syntax rules (e.g., cannot start with a digit, cannot contain spaces). Strings provide more flexibility by allowing any character sequence but require quotes.
+
 The following parameters are defined:
 
   q:
@@ -205,10 +207,10 @@ This field MAY convey the time window associated with the quota, as shown in thi
    RateLimit-Policy: default;q=100;w=10
 ~~~
 
-These examples show multiple policies being returned:
+Policy identifiers can be expressed as Tokens (unquoted) or Strings (quoted). Both formats are acceptable and can be mixed:
 
 ~~~
-   RateLimit-Policy: permin;q=50;w=60,perhr;q=1000;w=3600
+   RateLimit-Policy: permin;q=50;w=60,"per hour";q=1000;w=3600
 ~~~
 
 The following example shows a policy with a partition key:
@@ -227,7 +229,7 @@ The following example shows a policy with a partition key and a quota unit:
 
 A server uses the "RateLimit" response header field to communicate the current service limit for a quota policy for a particular partition key.
 
-The field is expressed as a List{{SF}} of Service Limit Items ({{servicelimit-item}}). The Item{{SF}} value MUST be a Token{{SF}}.
+The field is expressed as a List{{SF}} of Service Limit Items ({{servicelimit-item}}). The Item{{SF}} value MUST be either a Token{{SF}} or a String{{SF}}.
 
 Lists of Service Limit Items can be split over multiple "RateLimit" fields in the same HTTP response as described in {{Section 3.1 of SF}}.
 
@@ -239,6 +241,8 @@ Lists of Service Limit Items can be split over multiple "RateLimit" fields in th
 
 Each service limit Item{{SF}} identifies the quota policy ({{quotapolicy-item}}) associated with the request and contains Parameters{{SF}} with information about the current service limit.
 
+The policy identifier can be expressed as either a Token{{SF}} (unquoted) or a String{{SF}} (quoted), matching the format used in the corresponding RateLimit-Policy field.
+
 The following parameters are defined in this specification:
 
   r:
@@ -294,10 +298,10 @@ This example shows a remaining quota of 999 requests for a partition key that ha
    RateLimit: default;r=999;pk=:dHJpYWwxMjEzMjM=:
 ~~~
 
-This example shows a 300MB remaining quota for an application in the next 60 seconds:
+This example shows a 300MB remaining quota for an application in the next 60 seconds, using a quoted String identifier:
 
 ~~~
-   RateLimit: default;r=300000000;t=60;pk=:QXBwLTk5OQ==:
+   RateLimit: "default";r=300000000;t=60;pk=:QXBwLTk5OQ==:
 ~~~
 
 # Problem Types {#problem-types}
@@ -1068,8 +1072,8 @@ Response:
 ~~~ http-message
 HTTP/1.1 200 OK
 Content-Type: application/json
-RateLimit-Policy: hour;q=1000;w=3600, day;q=5000;w=86400
-RateLimit: day;r=100;t=36000
+RateLimit-Policy: hour;q=1000;w=3600, "day";q=5000;w=86400
+RateLimit: "day";r=100;t=36000
 
 {"hello": "world"}
 ~~~
@@ -1153,7 +1157,7 @@ RateLimit:default;r=50;t=60
 
 ~~~
 RateLimit-Policy: sliding;q=100;w=60;burst=1000
-RateLimit-Policy: fixed;q=5000;w=3600;burst=0
+RateLimit-Policy: "fixed";q=5000;w=3600;burst=0
 RateLimit: sliding;r=50;t=44
 ~~~