Re: HTTPS and the Semantic Web from Nathan Rixham on 2016-05-21 (semantic-web@w3.org from May 2016)

From: Nathan Rixham <nathan@webr3.org>
Date: Sat, 21 May 2016 01:02:27 +0100
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Phil Archer <phila@w3.org>, Semantic Web IG <semantic-web@w3.org>
Message-ID: <CANiy74yHzHE+3pJdDOQGB6zVbRG7CUS7G9PodLST4J41jXHN5w@mail.gmail.com>

Dereferencing should be blackbox, let TLS+UIR+HSTS handle that side.

An x:alias predicate which asserts that one name (IRI) is an alias of
another name (IRI) would be very useful. <a#b> x:alias <c#d> .

An x:canonical predicate which asserts <a#b> x:alias <c#d> . and that <a#b>
is the preferred IRI more useful still.

Using syntax shortcuts you could add the following triple to the turtle
document at https://www.w3.org/1999/02/22-rdf-syntax-ns#

   rdf: x:canonical <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .

Result:
<http://www.w3.org/1999/02/22-rdf-syntax-ns#> a owl:Ontology .
<https://www.w3.org/1999/02/22-rdf-syntax-ns#> a owl:Ontology .

Point 2:

Using a 307 redirect for the semantic is nice, but practically click
http://www.w3.org/ns/dcat# and you are redirected, refresh and you find the
client does use the redirected url for subsequent requests.

As a general person or developer search w3.org for dcat and the results are
https://www.google.com/search?q=site:w3.org%20dcat - the url listed is the
https url.

Usage of the https IRIs will enter the web of data ever increasingly,
whether people say the http one should be used or not.

Point 3:

Practically taking a simple real world step like migrating to a CDN will
often give http/2+tls thus https IRIs automatically.

Test case:

Alice has a wordpress/drupal site that publishes RDF automatically. She
doesn't know about the RDF.
Alice clicks the "free CDN" button in her hosting account.
Alice now has https and http IRIs in RDF on both http:// and https://
protocols.

Personally I cannot think of anything easier than as best practise adding a
single triple to rdf documents when migrating protocols. Anything within
the black box will fail and be implemented incorrectly.

On Sat, May 21, 2016 at 12:42 AM, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> On 20 May 2016 at 20:08, Phil Archer <phila@w3.org> wrote:
>
>> Not a moan about spam, or a CfP, but an actual discussion point, yay!
>>
>> I've just blogged about our use of HTTPS across www.w3.org which raises
>> some questions for this community. Please see
>> https://www.w3.org/blog/2016/05/https-and-the-semantic-weblinked-data/
>
>
> On the one hand more security is a nice to have, but on the other, Cool
> URIs dont change.  It's really hard to estimate the cost, and unintended
> consequences of changing URIs.  But my feeling is that we systematically
> underestimate it.
>
> IMHO, It's kind of a shame that http wasnt made secure, and that a new
> scheme https was invented.
>
>
>>
>>
>> Comments welcome.
>>
>> Thanks
>>
>> --
>>
>>
>> Phil Archer
>> W3C Data Activity Lead
>> http://www.w3.org/2013/data/
>>
>> http://philarcher.org
>> +44 (0)7887 767755
>> @philarcher1
>>
>>
>

Received on Saturday, 21 May 2016 00:02:56 UTC