- From: Austin William Wright <aaa@bzfx.net>
- Date: Fri, 24 Apr 2015 03:08:41 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Joel Weinberger <jww@chromium.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CANkuk-Wtt6iBN9-u0DdoAk1TxwnbDFZf6-=a9KvOz302EccL0w@mail.gmail.com>
On Thu, Apr 23, 2015 at 5:31 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Apr 23, 2015 at 2:51 PM, Austin William Wright <aaa@bzfx.net> > wrote: > > That's because this isn't a URL, it's a URI (at least not without an > > authority component). As such, it's completely opaque to Web browsers. > > That distinction has been meaningless since forever. > If I ask for a URL, I expect to be able to dereference it. If I ask for a URI, then that's not necessarily the case. This is a meaningful distinction for many people, particularly databases, automated robots, and HTTP servers. It might not be much of a distinction for generic user agents like Web browsers and websites, who almost exclusively deal in URLs, but there's more kinds of user agents than just Web browsers. In general, it's an important enough distinction to technical literature that we have two names, even if in most other places it doesn't really matter. > > > While `integrity` isn't limited to HTML, there's plenty of precedent for > > using URIs outside use as network identifiers in HTML, namely the `rel` > and > > `xmlns` attributes, and the `profile` media type property. > > These are all terrible precedents that we don't want to follow. > You'll have to explain what you mean, I don't think I've *ever* heard this before, and to the contrary, I notice a kind of Zawinski's law: Every identifier syntax tends to assume more and more URI-like features. Those which don't are replaced by URIs outright. That is, it's not a position shared by me or my colleagues; nor have I heard it in the entire Semantic Web community, where we develop so-called "linked data" APIs and use them every day. JSON Schema, JSON-LD, Hydra, RDFa, and even plain old HTML are all hypermedia formats where using anything but a URI for identifying things would simply be unfathomable. It has been a point of contention in JSON Schema, though, and we're open to ideas. Perhaps you'd like to explain your vision to re-invent this format, or any of these formats, without any URIs? How would I refer to a JSON Schema defined by another party entirely? As far as I can tell, anything that supports the required functionality will just be re-inventing the URI. Firefox, too, uses linked data in its internal execution, using URIs for representing data (even if in one of the oldest, biggest eyesores of a syntax): <https://developer.mozilla.org/en-US/Add-ons/Install_Manifests> Maybe you're opposed to the length/verbosity, but that's sort of a mathematical certainly when you've got hundreds of millions of authorities minting identifiers for billions and billions of resources, your globally unambiguous identifiers are going to get *kind of lengthy*. > In any event, Web browsers shouldn't need to care, the syntax is arbitrary > > to them. > > As I explained the more complicated processing model is not at all > something arbitrary that can be ignored. > I didn't follow your explanation, since the syntax is just a well-defined ABNF. The processing model, for Web browser purposes, is /^ni:\/\/\/([a-zA-Z0-9._~\-]+);([[a-zA-Z0-9._~\-]+)$/ (compare to the CSP syntax: /^(sha256|sha384|sha512)-([a-zA-Z0-9+\/]+={0,2})$/) That's all there is to it. If you're making it any more complex than that, I'd venture to guess you're thinking too hard. Austin.
Received on Friday, 24 April 2015 10:09:10 UTC