- From: mike amundsen <mamund@yahoo.com>
- Date: Mon, 27 May 2013 08:39:31 -0400
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Kingsley Idehen <kidehen@openlinksw.com>, "public-rww@w3.org" <public-rww@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
- Message-ID: <CAPW_8m7p=4ZGzB0X-Z-TiAVe6nVTux5=3H_WxkhxX67Wi7eZ7Q@mail.gmail.com>
If you decide to register a new header[1] ("webid") I suggest you also consider registering a Link Relation Value[2] ("webid") so that the WebID information can be easily included in message bodies (e.g. HTML.LINK, HTML.A, etc.) when that is appropriate. [1] http://tools.ietf.org/html/rfc3864#section-4 [2] http://tools.ietf.org/html/rfc5988#section-6.1 mamund +1.859.757.1449 skype: mca.amundsen http://amundsen.com/blog/ http://twitter.com/mamund https://github.com/mamund http://www.linkedin.com/in/mikeamundsen On Mon, May 27, 2013 at 8:29 AM, Melvin Carvalho <melvincarvalho@gmail.com>wrote: > > > > On 27 May 2013 14:17, mike amundsen <mamund@yahoo.com> wrote: > >> Register "webid" as a Link Relation Value and ese the LINK header as in >> Link: <http://...." rel="webid"> >> >> This will make sure you don't step on someone else's header, no-one will >> step our yours. This will also allow you to include it in the header and >> (when appropriate) include it within a message body. >> > > That could work so how about > > [[ > WebID<https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> > > The "WebID" header field contains a URI for a user who controls the > requesting user agent. > > WebID = user > > user = [[ Text linking to URI spec]] > > An example is: > > WebID: http://example.org/alice#me <webmaster@example.org> > > A user agent *SHOULD NOT* send a WebID header field without explicit > configuration by the user, since that might conflict with the user's > privacy interests or their site's security policy. > Servers *SHOULD NOT* use the WebID header field for access control or > authentication, without extra out of band entropy, such as a shared secret > contained in the URL query string or a cookie. > > ]] > > >> >> >> mamund >> +1.859.757.1449 >> skype: mca.amundsen >> http://amundsen.com/blog/ >> http://twitter.com/mamund >> https://github.com/mamund >> http://www.linkedin.com/in/mikeamundsen >> >> >> On Mon, May 27, 2013 at 7:18 AM, Melvin Carvalho < >> melvincarvalho@gmail.com> wrote: >> >>> >>> >>> >>> On 3 April 2013 19:18, Kingsley Idehen <kidehen@openlinksw.com> wrote: >>> >>>> All, >>>> >>>> I think the HTTP "From:" header [1] is now truly archaic circa. 2013. >>>> If the range of this particular predicate was a URI it would really aid our >>>> quest for a RWW. >>>> >>>> Suggestion: >>>> >>>> As part of our RWW bootstrap effort, we could consider an "X-From:" >>>> header that basically takes a URI or Literal value. >>>> >>>> I think we can flesh this out across WebID and RWW via implementations >>>> before moving up to TAG and IETF. >>>> >>>> Mark: what do you think, anyway ? :-) >>>> >>> >>> After some investigation on this: >>> >>> Here is the current text, which is slightly different from the RFC >>> >>> [[ >>> 5.5.1<https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#rfc.section.5.5.1> >>> From<https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> >>> >>> The "From" header field contains an Internet email address for a human >>> user who controls the requesting user agent. The address ought to be >>> machine-usable, as defined by "mailbox" in Section 3.4<http://tools.ietf.org/html/rfc5322#section-3.4>of >>> [RFC5322]<https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>: >>> >>> >>> From <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> = mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> >>> >>> mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> = <mailbox, defined in [RFC5322] <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>, Section 3.4 <http://tools.ietf.org/html/rfc5322#section-3.4>> >>> >>> An example is: >>> >>> From: webmaster@example.org >>> >>> The From header field is rarely sent by non-robotic user agents. A user >>> agent *SHOULD NOT* send a From header field without explicit >>> configuration by the user, since that might conflict with the user's >>> privacy interests or their site's security policy. >>> >>> Robotic user agents *SHOULD* send a valid From header field so that the >>> person responsible for running the robot can be contacted if problems occur >>> on servers, such as if the robot is sending excessive, unwanted, or invalid >>> requests. >>> >>> Servers *SHOULD NOT* use the From header field for access control or >>> authentication, since most recipients will assume that the field value is >>> public information. >>> >>> ]] >>> >>> 1. "From" seems to be largely unused according to various sources >>> >>> 2. Some people are already using "From" for http URIs >>> >>> 3. From my informal straw poll more people are in favour of using HTTP >>> URIs in From than against (roughly 2 to 1), though those against seem to be >>> strongly against >>> >>> 4. It may be possible to use another header, but that is less intuitive, >>> and we will need suggestions >>> >>> 5. It was pointed out that, what later became known as "WebID" stuffed >>> an HTTP URI in the header field. >>> >>> 6. The User-Agent field is used by spiders such as baidu and google to >>> give an HTTP URI >>> >>> IMHO, this is a valuable use case for identifying on the web, without a >>> dependency on X.509 certs which are (at least perceived as) very hard to >>> deploy. If you want strong security use TLS but it need not be mandatory >>> for more casual usage. A use case might be to get a casual social web >>> going eg via the tabulator extenstion >>> So the question is which header to use for identity on the web ... >>> >>> >>>> >>>> -- >>>> >>>> Regards, >>>> >>>> Kingsley Idehen >>>> Founder & CEO >>>> OpenLink Software >>>> Company Web: http://www.openlinksw.com >>>> Personal Weblog: http://www.openlinksw.com/**blog/~kidehen<http://www.openlinksw.com/blog/~kidehen> >>>> Twitter/Identi.ca handle: @kidehen >>>> Google+ Profile: https://plus.google.com/**112399767740508618350/about<https://plus.google.com/112399767740508618350/about> >>>> LinkedIn Profile: http://www.linkedin.com/in/**kidehen<http://www.linkedin.com/in/kidehen> >>>> >>>> >>>> >>>> >>>> >>>> >>> >> >
Received on Monday, 27 May 2013 12:40:30 UTC