Add March 2021 newsletter. (aip-dev#720)

aip/general/0149.md

@@ -4,7 +4,7 @@ state: reviewing
 created: 2021-02-12
 placement:
   category: fields
-  order: 85
+  order: 100
 ---
 
 # Unset field values

aip/general/0216.md

@@ -4,7 +4,7 @@ state: approved
 created: 2018-10-01
 placement:
   category: fields
-  order: 90
+  order: 110
 ---
 
 # States

pages/news/2021-03.md

@@ -0,0 +1,107 @@
+# Auth and Field Masks
+
+Welcome to the seventh edition of the **AIP newsletter**, which is designed to
+keep you up to date about the AIP program, and particular proposals making
+their way through the system.
+
+We have three new AIPs this month. As always, the AIP newsletter kicks off what
+is effectively a "public comment" period: the AIP editors are happy with this
+proposal, but we want to ensure that you are too. Assuming feedback is
+sufficiently positive, we intend to formally approve these proposals on Friday,
+March 26, 2021.
+
+## AIPs under review
+
+### AIP-149: Unset field values
+
+> In many messages, many fields are optional: the user is not required to
+> provide them, or for output fields, the service might not populate the field.
+
+[Unset field values][aip-149] refer to primitive fields where the service makes
+a meaningful distinction between an empty value (such as `0` or `false`) and
+not setting the value at all. While this is generally discouraged if an
+alternative design is feasible, there are certainly occasions where this is the
+best approach.
+
+**Summary:** [AIP-149][] provides guidance around use of the `optional` keyword
+for primitives.
+
+We are aiming to approve AIP-149 on March 26. If you have feedback, please
+[leave a comment](https://github.com/aip-dev/google.aip.dev/pull/711).
+
+[aip-149]: ../149
+
+### AIP-161: Field masks
+
+> Often, when updating resources, it is desirable to specify exactly which
+> fields are being updated, so that the service can ignore the rest, even if
+> the user sends new values.
+
+[Field masks][aip-161] are the way that users are able to specify exactly which
+fields to read or update. They are necessary to ensure that adding fields to
+existing messages remains backwards-compatible.
+
+While we have had an internal specification for field masks for some time, this
+AIP publicizes the specification.
+
+**Summary:** [AIP-161][] provides a public specification for field masks.
+
+We are aiming to approve AIP-161 on March 26. If you have feedback, please
+[leave a comment](https://github.com/aip-dev/google.aip.dev/pull/718).
+
+[aip-161]: ../161
+
+### AIP-211: Authorization checks
+
+> The majority of operations, whether reads or writes, require authorization:
+> permission to do the thing the user is asking to do. Additionally, it is
+> important to be careful how much information is provided to _unauthorized_
+> users, since leaking information can be a security concern.
+
+[Authorization checks][aip-211] discusses when in the logical process of a
+request the authorization check ought to occur, and what error to send when an
+auth check fails.
+
+In particular, if an authorization check fails, regardless of whether the
+resource exists, the service consistently returns `PERMISSION_DENIED` with an
+error message that also indicates that the resource might not exist.
+
+**Summary:** [AIP-211][] provides guidance about authorization checks: when to
+perform them, and what error to send.
+
+We are aiming to approve AIP-211 on March 26. If you have feedback, please
+[leave a comment](https://github.com/aip-dev/google.aip.dev/pull/719).
+
+[aip-211]: ../211
+
+## Additional approvals
+
+We also intend to approve the AIPs that were placed under review in the October
+2020 newsletter. This includes [AIP-128][] ([#708][]), [AIP-148][] ([#710][]),
+and [AIP-164][] ([#709][]). If you have feedback, please leave a comment in the
+referenced pull requests.
+
+[aip-128]: ../128
+[aip-148]: ../148
+[aip-164]: ../164
+[#708]: https://github.com/aip-dev/google.aip.dev/pull/708
+[#709]: https://github.com/aip-dev/google.aip.dev/pull/709
+[#710]: https://github.com/aip-dev/google.aip.dev/pull/710
+
+## Recent updates
+
+In addition to the new AIPs under review, we have added the following guidance
+to existing AIPs:
+
+- [AIP-144](../144): Expand Add and Remove guidance.
+  ([#648](https://github.com/aip-dev/google.aip.dev/pull/648))
+- [AIP-154](../154): Etag failures should use `ABORTED`.
+  ([#705](https://github.com/aip-dev/google.aip.dev/pull/705))
+- [AIP-162](../162): Forbid deleting the only remaining revision.
+  ([#692](https://github.com/aip-dev/google.aip.dev/pull/692))
+- [AIP-162](../162): Restrict revision tags to lower-case.
+  ([#707](https://github.com/aip-dev/google.aip.dev/pull/707))
+- [AIP-165](../165): Make implicit recommendations more explicit.
+  ([#662](https://github.com/aip-dev/google.aip.dev/pull/662))
+- [AIP-203](../203): Add `UNORDERED_LIST` to field behaviors.
+  ([#671](https://github.com/aip-dev/google.aip.dev/pull/671))

pages/news/2021-03.yaml

@@ -0,0 +1,10 @@
+---
+news:
+  year: 2021
+  month: March
+  description: |
+    Publishing long-standing guidance around permissions and field masks.
+  aips:
+    reviewing: [149, 161, 211]
+  other:
+    - Approval of AIPs discussed in the October 2020 newsletter.