- From: Sandro Hawke <sandro@w3.org>
- Date: Wed, 22 May 2013 18:43:15 -0400
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: Markus Lanthaler <markus.lanthaler@gmx.net>, Dan Brickley <danbri@danbri.org>, RDF-WG Group <public-rdf-wg@w3.org>, Linked JSON <public-linked-json@w3.org>
- Message-ID: <519D4A03.6020300@w3.org>
On 05/22/2013 05:35 PM, Melvin Carvalho wrote: > > > > On 22 May 2013 23:19, Markus Lanthaler <markus.lanthaler@gmx.net > <mailto:markus.lanthaler@gmx.net>> wrote: > > On Thursday, May 16, 2013 4:48 PM, Dan Brickley <danbri@danbri.org > <mailto:danbri@danbri.org>> wrote: > > A couple of points on this: > > 1. We (Google) can parse this if written > @context="http://schema.org" > > and we'll find a way to document that. > > Would it be possible to document that as the preferred way of > doing it? I think most people just copy and paste that part anyway > so it wouldn't really matter in my opinion. You can still continue > to support "schema.org <http://schema.org>" but suggest people to > use "http://schema.org" > > What actually worries me much more is that there isn't a context a > http://schema.org. Even if I do a GET and accept only > application/ld+json I get back an HTML page. Will that be fixed? > > > > 2. We'd also like to start a conversation about allowing the > simpler, > > shorter form by defaulting to http:// if not present. > > We could certainly do that but that would mean that we would lose > the ability to use relative URLs to reference contexts which I > think is very handy for a large number of use cases. > > > It may be slightly better to standardize in https, rather than http, > since schema.org <http://schema.org> is used for ecommerce too. I > dont think there's currently any known attack vector based on MITM of > a vocab, but one may emerge in future. +1 https is a pain, but it's looking like pain we have to endure. (all the http://www.w3.org vocabs are available at https://www.w3.org, but of course in RDF those are different symbols. I don't know what to do about that, but we should probably start thinking about it. I wonder if it makes sense for people to just start trying the https version of any http URL when they are dereferencing in a sensitive app. Strictly speaking, there's no requirement that https:foo and http:foo be related resources, but it seems like a very good and common practice.) -- Sandro > > > > > -- > Markus Lanthaler > @markuslanthaler > > >
Received on Wednesday, 22 May 2013 22:43:28 UTC