W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2003

RE: URI scheme uniqueness

From: Lisa Dusseault <lisa@xythos.com>
Date: Mon, 4 Aug 2003 16:08:03 -0700
To: "'Julian Reschke'" <julian.reschke@gmx.de>, <w3c-dist-auth@w3.org>
Message-ID: <00ff01c35add$421d6200$f8cb90c6@lisalap>


According to your logic, if I register the scheme "foo:", and I don't
register the scheme "bar:", and if both schemes are defined to use a
registered domain name and a unique network card ID plus a unique sequence
number, then 
 -->  foo:www.greenbytes.com:1234-5678-9012:3365008 is guaranteed to be
unique
 -->  bar:www.greenbytes.com:1234-5678-9012:3365008 is NOT guaranteed to be
unique

You think that because "foo:" is registered everybody will use it properly,
whereas because "bar:" is unregistered somebody else is likely to use it
improperly?  In the real world, registering a schema makes it *more* likely
that other people will use it.  Increasing the usage of the scheme will also
increase the likelihood that even if that scheme is designed to allow
uniqueness it will be misused and create a non-unique URI.  So in some sense
encouraging registration does more to make things less-than-100% robust.
Bugs and poor implementation choices are the likely causes of non-uniqueness
here, not the registration of the scheme. 

I did not say it would be preferable for a server implementor to use an
unregistered scheme.  I am merely arguing that some of the arguments used in
this discussion are bogus arguments.  Generally I don't like things to be
changed for poor reasons.  Even if I'm not opposed to the change we ought to
understand the reasons.

Lisa

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de] 
Sent: Monday, August 04, 2003 2:38 PM
To: Lisa Dusseault; w3c-dist-auth@w3.org
Subject: RE: URI scheme uniqueness 


Lisa,

this really isn't a counter-example. Just as *I* could define a "private"
URI scheme called "greenbytes", everybody else could. Unless you are *the*
naming authority for the URI schema (for which you'll need the IETF
registration), you simply can't *rely* on nobody else using the same scheme
name and scheme-dependant part.

Yes, it's unlikely. But writing protocols is about making things 100%
robust, not 99.99%.

Besides, I really don't see the point in *not* using IETF-registered URI
schemes. There are lots that are *guaranteed* to give you the required
uniqueness, one of which is the "opaquelocktoken" scheme RFC2518 defines
*for this very purpose*.

Can you give a single reason why it would be preferrable for a server
implementor *not* to use one of the available schemes?

Julian

(P.S.: I already suggested a new wording)

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 
-----Original Message-----
From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org]On
Behalf Of Lisa Dusseault
Sent: Monday, August 04, 2003 11:04 PM
To: 'Julian Reschke'; w3c-dist-auth@w3.org
Subject: RE: URI scheme uniqueness 


I don't object to this being an issue, and I'm happy to see suggestions for
new wording.  However, I think we're missing something here.  You've already
pointed out that using an IETF-registered schema doesn't guarantee
uniqueness which is true, but the wording below suggests that you can't have
uniqueness without having IETF registration. Rather, IETF registration and
uniqueness are completely independent qualities.

As a counter-example, consider if you invented the schema "greenbytes:", in
which you might find a URI like
"greenbytes:www.greenbytes.com:1234-5678-9012:3365008, where the first part
is the schema name, the second part is a domain name, the third part is a
network card ID, and the fourth part is a non-reusable sequence number.
This schema has the quality of allowing globally unique URIs to be selected
without being IETF registered.

Lisa
-----Original Message-----
From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org] On
Behalf Of Julian Reschke
Sent: Monday, August 04, 2003 1:55 PM
To: w3c-dist-auth@w3.org
Subject: RE: URI scheme uniqueness 


Summarizing...

I think I've collected enough evidence (people that indeed thought that they
can achieve global uniqueness without using an IETF-registered scheme) that
this should at least be added to the RFC2518 issues list :-)

Julian

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 
-----Original Message-----
From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org]On
Behalf Of Elias Sinderson
Sent: Monday, August 04, 2003 7:47 PM
To: w3c-dist-auth@w3.org
Subject: Re: URI scheme uniqueness 


[...]
<Elias Sinderson> Perhaps something along the lines of the following would
be acceptable?

"...are free to use any URI scheme so long as it meets the stated uniqueness
requirements. One way to accomplish this is to use IETF-registered URI
schemes."
    
<Julian Reschke> That's plain and simply wrong. The only way is to use an
URI scheme that
*both* is IETF-registered and meets the uniqueness criterium.
<Elias Sinderson> Goodness, you are correct, mea culpa - I see your point
now.

<Elias Sinderson> This language seems specific enough to be unambiguous
while flexible enough to allow for other mechanisms to ensure uniqueness.
The drawback of not [...]
    
<Julian Reschke> See, this kind of proves that the spec needs to be
enhanced. You and others seem to read it as a license to come up with
"private" URI schemes, which is plainly wrong and breaks the uniqueness
requirements. Therefore the text
should be clarified.
<Elias Sinderson> Yes, I agree, the current text allows for a looser
interpretation than is desired - consider me in favor of modifying the
current wording.


Cheers,
Elias
Received on Monday, 4 August 2003 19:07:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:04 GMT