W3C home > Mailing lists > Public > semantic-web@w3.org > May 2016

Re: xsd:anyURI - was: HTTPS and the Semantic Web

From: Hugh Glaser <hugh@glasers.org>
Date: Sat, 21 May 2016 22:44:22 +0100
Cc: Michael Brunnbauer <brunni@netestate.de>, semantic-web@w3.org
Message-Id: <CA19D55B-606B-4A64-8113-41D58DC4420F@glasers.org>
To: Henry Story <henry.story@bblfish.net>
(Of course I would say this :-) …)

One way to handle a lot of this is to use a sameAs service as in our sameAs.org and related services.
This can be done either by a standard service where all the appropriate pairs are asserted, or by a programmatic service with the same API, which gives the https (or whatever) for every http.
I could modify sameAs.org etc. to actually do this, roughly doubling the number of URIs - but somehow I don’t think that would be useful at the moment.
Of course I might well bring up a separate service doing this.

However, in addition I was prompted to write this posting because these services also handle deprecation, in two possible ways:
a) the service response can be configured to give a preferred or canonical URI first, or you can ask the service for the canon;
b) URIs can be asserted to be properly deprecated - that means they can be used as a look-up key, but will never appear in a result set.

Best
> On 21 May 2016, at 20:54, Henry Story <henry.story@bblfish.net> wrote:
> 
> 
>> On 21 May 2016, at 21:07, Michael Brunnbauer <brunni@netestate.de> wrote:
>> 
>> 
>> Hello Henry,
>> 
>> I am glad you agree with me that there is no need for widely deployed URIs to
>> change. I have no problem with redirects of widely deployed HTTP URIs to
>> HTTPS as long as it is made clear that using the HTTPS namespace is not OK.
> 
> yes, no need to rock the whole boat at the same time.
> 
>> 
>> We are talking about privacy and security issues of Semantic Web applications 
>> with regard to the use of TLS. For me, this is clearly Science Fiction, so we
>> have some time to fix it. In the meantime, paranoid applications can use
>> HSTS and preloaded HSTS lists as a temporary workaround.
> 
> This is actually not science fiction, and has many very important use cases
> for building distributed social networks, including b2b applications where
> confidentiality is important. The Snowden revelations should have made that
> clear by now. The pieces have been in place to use it for a while now, and
> the semantic web community has lost many valuable opportunities for failing
> to take this more seriously. Some pointers to the uses of it are here:
> 
> https://www.w3.org/2005/Incubator/webid/spec/
> 
> Luckily since those applications are not wide spread, there is not that
> much problem moving over to use https urls to identity people, organisations
> and agents generally (see the WebID spec).
> 
>> 
>> In the long run, this should be fixed on a lower layer and there is already 
>> work underway to enable publishing "TLS required" preferences via DNSSEC:
>> https://tools.ietf.org/html/draft-hallambaker-esrv-01
> 
> There are many different problems that come together here. Some can be fixed
> with Redirects plus DNSEC, others by just deprecating vocabularies. 
> 
> It seems to me that vocabulary deprecation ontology would be very useful 
> in any case, even if only to make a case about the stability of urls.
> 
>> 
>> So I actually see no case for a namespace change even for less known
>> vocabularies. Anyway, there is already owl:sameAs and a property to express a 
>> preferred namespace. Naturally, the latter is meant for human consumers.
>> What whould be the automated consequences of ex:canonical/ex:preferreduri? 
>> Would app developers care about it?
> 
> yes they would. If there were a way to automate the movement to better vocabularies,
> old software could last much longer without breaking.
> 
> We have to live in a world that changes, even if it helps to think atemporally when
> building our functional programs.
> 
>> 
>> Regards,
>> 
>> Michael Brunnbauer
>> 
>> On Sat, May 21, 2016 at 06:13:20PM +0200, Henry Story wrote:
>>> 
>>>> On 21 May 2016, at 17:40, Michael Brunnbauer <brunni@netestate.de> wrote:
>>>> 
>>>> 
>>>> Hello Henry,
>>>> 
>>>> On Sat, May 21, 2016 at 04:18:47PM +0200, Henry Story wrote:
>>>>> We should see this large movement as an opportunity to fix a lot of other problems that have come
>>>>> up in Linked Data. For example it could allow us to move away from 303 redirects to hash urls that are much 
>>>>> more efficient, and finally put that old discussion to rest.
>>>> 
>>>> Ha! Let the games begin! :-)
>>>> 
>>>> Seriously, I cannot believe we are having this discussion. The day that that "a"
>>>> in Turtle/SPARQL represents https://www.w3.org/1999/02/22-rdf-syntax-ns#type
>>>> instead of http://www.w3.org/1999/02/22-rdf-syntax-ns#type will be the day
>>>> when RDF breaks. Leave it as it is.
>>> 
>>> clearly some RDF URLS are so widely documented and deployed that these meanings 
>>> have to a certain extend escaped from the definition placed at their location. 
>>> As a result they won't gain much in security by having https urls. This would
>>> be the case for many major w3c rdf and owl URLS. So I don't think there is really
>>> a need to move those URLs over.
>>> 
>>>> All those URI changing fixes to get rid of technical debt will mean a lot of 
>>>> pain for a lot of people - unless you can come up with a scheme where those 
>>>> fixes are handled transparently by the software. I am not talking of reasoners
>>>> here.
>>> 
>>> You mean like using redirects? That would allow ontologies to be moved to secure 
>>> namespaces without I think changing the old URLs.
>>> 
>>> I think there are ways of doing these redirects securely. I have not looked at that 
>>> carefully. Anyone?
>>> 
>>>> A large fraction of the users don't use them because they are a PITA.
>>>> RDF should stay accessible for people who are not top of the range and use 
>>>> hard-coded URIs in their code.
>>> 
>>> yes, there will be quite a long time to live for old well known http URLs. On the
>>> other hand for people building less well known vocabs who want to move to more
>>> secure vocabs you'll need some "reasoning type solution" like the one we're starting 
>>> to propose. In any case that will be needed for changing ontologies, and overcomeing
>>> mistakes, etc... So there is good reason to formalise vocabulary transitions, so that
>>> these can be automated.
>>> 
>>>> Maybe we can come up with a completely new RDF where "Cool URIs don't change"
>>>> is enforced technically? ;-)
>>> 
>>> Things change. "Cool URIs' don't change" is of motto so that people think before they
>>> change URIs, because of the cost involved which we are just discussin.
>>> It's not a statement about the impossibility to make mistakes.
>>> 
>>> Henry
>>> 
>>>> 
>>>> Regards,
>>>> 
>>>> Michael Brunnbauer
>>>> 
>>>> -- 
>>>> ++  Michael Brunnbauer
>>>> ++  netEstate GmbH
>>>> ++  Geisenhausener Straße 11a
>>>> ++  81379 München
>>>> ++  Tel +49 89 32 19 77 80
>>>> ++  Fax +49 89 32 19 77 89 
>>>> ++  E-Mail brunni@netestate.de
>>>> ++  http://www.netestate.de/
>>>> ++
>>>> ++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
>>>> ++  USt-IdNr. DE221033342
>>>> ++  Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
>>>> ++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
>>> 
>> 
>> -- 
>> ++  Michael Brunnbauer
>> ++  netEstate GmbH
>> ++  Geisenhausener Straße 11a
>> ++  81379 München
>> ++  Tel +49 89 32 19 77 80
>> ++  Fax +49 89 32 19 77 89 
>> ++  E-Mail brunni@netestate.de
>> ++  http://www.netestate.de/
>> ++
>> ++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
>> ++  USt-IdNr. DE221033342
>> ++  Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
>> ++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
> 
> 

--
Hugh
023 8061 5652
Received on Saturday, 21 May 2016 21:45:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 25 May 2016 10:59:47 UTC