RE: [hybi] [Uri-review] ws: and wss: schemes

 1.  Encouraging the user to enter a Web Sockets URL does not make sense if
cross-domain connections are not allowed, which I hope will be the case (the
draft specification [1] does not contain security considerations).

 2.  While we are at it, a Web Sockets connection is useless without knowing
the protocol, and the protocol to be used is not contained within the URL.
That means a ws URL is not self-contained and thus useless as a stand-alone
locator.

IMHO,
Chris

[1] <URL:http://dev.w3.org/html5/websockets/>

-----Original Message-----
From: Jamie Lokier [mailto:jamie@shareable.org] 
Sent: Wednesday, August 12, 2009 4:19 AM
To: Kristof Zelechovski
Cc: 'David Booth'; 'Ian Hickson'; uri-review@ietf.org; hybi@ietf.org;
uri@w3.org
Subject: Re: [hybi] [Uri-review] ws: and wss: schemes

Kristof Zelechovski wrote:
>  1.  The document "Converting New URI Schemes or URN Sub-Schemes to HTTP"
> [1] specifically addresses the use case where the custom URL is presented
to
> a casual user. 
>

> Since there are no legitimate casual users of the Web
> Sockets protocol that is designed to be used by Web applications only,

I disagree.  ws:// URLs *will* be entered on web forms at some point,
you can count on it.

Someone will write a web form that says something like "Tell me the
address of a FOOCHAT server to begin your FOOCHAT session", expecting
a ws:// URL to be entered if WebSockets is the protocol to be used.

That's a legitimate use.

-- Jamie

Received on Wednesday, 12 August 2009 10:16:00 UTC