At 12:59 AM 4/30/2003 +0200, Simon Josefsson wrote: >There are merits to the idea that security metadata should not be part >of URIs. Here is one idea that implement the fundamental idea (which >I still believe is useful) without modifying URIs, like the above >approach does. > >The syntax would be: > >meta:<METADATA>:<URI> > >So to embed that a HTTP resource should have a certain SHA-1 hash (for >integrity, or even authentication, purposes) would be (this happens to >be a working example): > >meta:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro=:http://josefsson.org/key.txt > >Thoughts? I like that too. I'd put the <URI> first, for readability. Then it doesn't look too different from my suggestion. One difference is I was using brackets to separate the URI from crypto data. Since brackets aren't "uric" characters, that's probably a bad idea. So if I change my initial approach to use a colon, like yours does, and change yours to put the URI first, we can see the remaining difference: http-://josefsson.org/key.txt:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro= meta:http://josefsson.org/key.txt:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro= I'm denoting a secure scheme by appending "-" to the base scheme, you're denoting a secure scheme (or metadata-enhanced scheme) by "meta", with the base scheme in the scheme-specific part. I'm not sure which way is better. TrevorReceived on Tuesday, 29 April 2003 19:38:04 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:46:23 GMT