W3C home > Mailing lists > Public > uri@w3.org > April 2003

Re: secure URIs

From: Trevor Perrin <trevp@trevp.net>
Date: Tue, 29 Apr 2003 16:36:33 -0700
To: Simon Josefsson <jas@extundo.com>
Cc: "Roy T. Fielding" <fielding@apache.org>, uri@w3.org
Message-id: <>

At 12:59 AM 4/30/2003 +0200, Simon Josefsson wrote:

>There are merits to the idea that security metadata should not be part
>of URIs.  Here is one idea that implement the fundamental idea (which
>I still believe is useful) without modifying URIs, like the above
>approach does.
>The syntax would be:
>So to embed that a HTTP resource should have a certain SHA-1 hash (for
>integrity, or even authentication, purposes) would be (this happens to
>be a working example):

I like that too.  I'd put the <URI> first, for readability.  Then it 
doesn't look too different from my suggestion.

One difference is I was using brackets to separate the URI from crypto 
data.  Since brackets aren't "uric" characters, that's probably a bad 
idea.  So if I change my initial approach to use a colon, like yours does, 
and change yours to put the URI first, we can see the remaining difference:


I'm denoting a secure scheme by appending "-" to the base scheme, you're 
denoting a secure scheme (or metadata-enhanced scheme) by "meta", with the 
base scheme in the scheme-specific part.  I'm not sure which way is better.

Received on Tuesday, 29 April 2003 19:38:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:05 UTC