Re: comment on URI and resource ownership in WebArch document

From: Dan Connolly <connolly@w3.org>
Subject: Re: comment on URI and resource ownership in WebArch document
Date: Thu, 12 Feb 2004 11:50:44 -0600

> On Thu, 2004-02-12 at 11:32, Peter F. Patel-Schneider wrote:
> > Comments on 
> > 	Architecture of the World Wide Web, First Edition
> > 	W3C Working Draft 9 December 2003
> > 	http://www.w3.org/TR/2003/WD-webarch-20031209/

[...]

> > The major issue that I have with the contents of this document concerns the
> > related notions of ownership and authoritativeness.  I find that the
> > document neither adequately defines nor uses these fundamental notions and
> > that this problem undermines much of what the document is trying to do.
> > 
> > The document defines a resource as an ``item of interest''.  This is a very
> > broad definition, which includes things like 
> > 1/ the Oaxaca Weather Report from WeatherExample,
> > 2/ the Oaxaca weather report, i.e., some idealized representation of the
> >    Oaxaca weather, and
> > 3/ the Oaxaca weather.
> > The document also uses URIs, as they are normally defined.  
> > 
> > The document then talks about resource owners and URI owners.  However,
> > unfortunately neither resource owner nor URI owner is well defined in many
> > situations.
> 
> I'm quite sympathetic to this concern, but I just looked at the text
> of the document the other day, and I'm pretty happy with the way it's
> treated:
> 
> [[
> 2.2. URI Ownership
> The requirement for URIs to be unambiguous demands that different agents
> do not assign the same URI to different resources. URI scheme
> specifications assure this using a variety of techniques, including:
> 
>       * Hierarchical delegation of authority. This approach, exemplified
>         by the "http" and "mailto" schemes, allows the assignment of a
>         part of URI space to one party, reassignment of a piece of that
>         space to another, and so forth.
>       * Random numbers. The generation of a fairly large random number,
>         used in the "uuid" scheme, reduces the risk of ambiguity to a
>         calculated small risk.
>       * Checksums. The generation of a URI as a checksum based on a data
>         object has similar properties to the random number approach.
>         This is the approach taken by the "md5" scheme.
>       * Combination of approaches. The "mid" and "cid" schemes combine
>         some of the above approaches.
> The approach taken for the "http" URI scheme follows the pattern whereby
> the Internet community delegates authority, via the IANA URI scheme
> registry [IANASchemes] and the DNS, over a set of URIs with a common
> prefix to one particular owner. One consequence of this approach is the
> Web's heavy reliance on the central DNS registry.
> 
> Whatever the techniques used, except for the checksum case, the agent
> has a unique relationship with the URI, called URI ownership. The phrase
> "authority responsible for a URI" is synonymous with "URI owner" in this
> document.
> ]]
> 
> 
> The webarch doc doesn't say, for example, that for each URI there's
> exactly one human being who has final say on what it means.
> 
> Is it the choice of the term "ownership" that concerns you most?
> Could you help me understand what it is about the text that concerns
> you most?

Well, the assumption that I see in this bit of the document is that there
is a mapping from the normative specifications underlying the architecture
of the internet that in most cases of interest determines a unique agent or
individual that is ultimately responsible for the information that will be
served up in response to dereferencing a URI.  I believe that this is very
seldom the case.  For example, I believe that I am ultimately responsible
for quite a number of web pages, even many pages whose internet authority
is Lucent Technologies, Incorporated.

> > Some URIs, notably many URIs in the http URI scheme, have authority
> > components, which can be used to define a notion of ownership.  However,
> > even for such URIs, the authority is often not the owner.  (For example,
> > dl.kr.org is probably assigned to MIT, but doing a get on http://dl.kr.org/
> > does not return a page that is owned by MIT.  In fact, the true owner of
> > this page is Carsen Lutz.
> 
> Carsen Lutz does not have complete carte blanch to write anything on
> that page, does s/he? The webarch text above makes it reasonably
> clear, to me, that the "ownership" of this URI is held by some
> combination of Carsen Lutz acting on behalf of some part of MIT.

MIT is not involved anymore, even formally.  (Maybe they never were.)

The authority for kr.org is KR, Inc., but KR, Inc., certainly exercises no
day-to-day control over the contents of http://dl.kr.org/.  In some sense,
kr.org did delegate control over http://dl.kr.org/ to the Description
Logics community who, in turn, delegated control to Carsten.  However, I
do not believe that any of this delegation is accessible by software agents
working from Internet standards.  Certainly the Description Logic community
treats http://dl.kr.org/ as a good place to go for information about
Description Logics, but I don't see how this translates into the contents
of http://dl.kr.org/ being authoritative about Description Logics, let
alone about any other resource, except, perhaps, the resource that is the
current contents of the web page currently accessible at http://dl.kr.org/.

> >   This situation is actually quite common, where
> > the owner of an html document is best determined by looking for the
> > ``maintained by'' text.)  Many other URIs (e.g.,
> > http://weather.example.com, xxx:yyy) simply do not have any authority or
> > owner.
> > 
> > Even if a URI has an owner, this owner does not, in general, ``enable the
> > URI owner to serve authoritative representations of a resource.''
> > Certainly there is no way that the owner of
> > http://weather.example.com/oaxaca, if there was one, is in any special
> > relationship to the Oaxaca weather or even the Oaxaca weather report, as
> > this owner is not also the owner (or creator or controller or ...) of the
> > Oaxaca weather or even the Oaxaca weather report.
> 
> I don't think we're saying they have control over the weather...

I think that this indeed what is being said, or at least what is capable of
being derived from the document.

> But in this example scenario, they do control the weather report.

I dispute this claim.  At best they control some weather report for
Oaxaca.  They certainly do not control *the* weather report for Oaxaca.

> I don't think I understand your concern.

My concern is that the document appears to make it possible for the owners
of Internet domains to claim control over arbitrary resources.

> >   (Well, I suppose that it
> > might be possible for some owner to actually control the Oaxaca weather,
> > but this is highly unlikely.)
> > 
> > Even for resources that are created as documents on the World Wide Web, it
> > is not necessarily the case that the owner of a URI that identifies a
> > resource that is a Web document also owned by this owner will necessarily
> > serve authoritative representations of this document.  There are many cases
> > where better information about a Web document is available from other
> > sources.  (Consider the caches maintained by Google, leaked versions of
> > documents that are only available in censored form from their owner,
> > documents that are only available in summary form but which can be
> > reconstructed by others.)
> > 
> > Given all these problems I don't see how the architectural principles of
> > the World Wide Web can be so dependent on resource ownership.  Many of the
> > uses of ``resource owner'' in the document do not make sense at all and
> > need to be removed from the document.
> > 
> > Peter F. Patel-Schneider
> > Bell Labs Research
> >  
> -- 
> Dan Connolly, W3C http://www.w3.org/People/Connolly/
> see you at the W3C Tech Plenary in Cannes 1-5 Mar 2003?

Peter F. Patel-Schneider
Bell Labs Research

Received on Thursday, 12 February 2004 13:37:07 UTC