W3C home > Mailing lists > Public > www-tag@w3.org > November 2006

Re: "The use of Metadata in URIs" and UK law

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 8 Nov 2006 18:30:15 +0100
Message-Id: <F2470365-F6B1-4154-8B3A-9D73F1B98D2C@bblfish.net>
Cc: www-tag@w3.org
To: Ed Davies <edavies@nildram.co.uk>

On 8 Nov 2006, at 14:20, Ed Davies wrote:

>
> Section 2.2 of The use of Metadata in URIs
>
>    http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html
>
> incites the manipulation of URLs to obtain access to resources
> which has not been specifically authorized.  In the UK such
> access would be a contravention of the Computer Misuse Act
> 1990.  I know it's idiotic, but there's case law to support
> it.  Google for Daniel Cuthbert for a relevant case.

To me, unauthorised resources should be protected by Access control  
mechanism, not by the shape of the url.

I suppose case law can be shown to be wrong too.


> Questions:
>
> 1. Should this TAG finding note this point?
>
> 2. Can a TAG finding define or change the meaning of a URL,
>     an HTTP access or other protocol element in such a way
>     as to change the interpretation of the law in a country?
>
> 3. Should a TAG finding define...?
>
> This is all rather silly but if the TAG can word this document
> in a way that makes it clear that not only is it true that:
>
>> Still, the ability to explore the Web informally and  
>> experimentally is very valuable, and Web users act on such guesses  
>> about URIs all the time.
>
> but also that it is an implicit part of running a web server
> to accept that such experimentation is legitimate then they'd
> be doing all of us a favour.
>
> Regards,
>
> Ed Davies.
>
>
>
Received on Wednesday, 8 November 2006 17:30:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:42 GMT