- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 27 May 2013 09:14:46 -0400
- To: public-webid@w3.org
- Message-ID: <51A35C46.2070500@openlinksw.com>
On 5/27/13 8:39 AM, mike amundsen wrote: > If you decide to register a new header[1] ("webid") I suggest you also > consider registering a Link Relation Value[2] ("webid") so that the > WebID information can be easily included in message bodies (e.g. > HTML.LINK, HTML.A, etc.) when that is appropriate. > > [1] http://tools.ietf.org/html/rfc3864#section-4 > [2] http://tools.ietf.org/html/rfc5988#section-6.1 If taking this route we need three headers: 1. AgentID -- for denoting user agents using a URI as opposed to literals 2. WebID -- for denoting agents using an HTTP URI 3. NetID -- for denoting agents using URIs. I don't see the need for a specific Link Relation since one can use existing URIs from shared vocabularies to denote the relations for which any of the above could be a subject or object. Kingsley > > > > mamund > +1.859.757.1449 > skype: mca.amundsen > http://amundsen.com/blog/ > http://twitter.com/mamund > https://github.com/mamund > http://www.linkedin.com/in/mikeamundsen > > > On Mon, May 27, 2013 at 8:29 AM, Melvin Carvalho > <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote: > > > > > On 27 May 2013 14:17, mike amundsen <mamund@yahoo.com > <mailto:mamund@yahoo.com>> wrote: > > Register "webid" as a Link Relation Value and ese the LINK > header as in > Link: <http://...." rel="webid"> > > This will make sure you don't step on someone else's header, > no-one will step our yours. This will also allow you to > include it in the header and (when appropriate) include it > within a message body. > > > That could work so how about > > [[ > > > WebID > <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> > > The "WebID" header field contains a URI for a user who controls > the requesting user agent. > > WebID = user > > user = [[ Text linking to URI spec]] > > An example is: > > WebID:http://example.org/alice#me <mailto:webmaster@example.org> > > A user agent /SHOULD NOT/ send a WebID header field without > explicit configuration by the user, since that might conflict with > the user's privacy interests or their site's security policy. > > Servers /SHOULD NOT/ use the WebID header field for access control > or authentication, without extra out of band entropy, such as a > shared secret contained in the URL query string or a cookie. > > ]] > > > > mamund > +1.859.757.1449 <tel:%2B1.859.757.1449> > skype: mca.amundsen > http://amundsen.com/blog/ > http://twitter.com/mamund > https://github.com/mamund > http://www.linkedin.com/in/mikeamundsen > > > On Mon, May 27, 2013 at 7:18 AM, Melvin Carvalho > <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> > wrote: > > > > > On 3 April 2013 19:18, Kingsley Idehen > <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>> > wrote: > > All, > > I think the HTTP "From:" header [1] is now truly > archaic circa. 2013. If the range of this particular > predicate was a URI it would really aid our quest for > a RWW. > > Suggestion: > > As part of our RWW bootstrap effort, we could consider > an "X-From:" header that basically takes a URI or > Literal value. > > I think we can flesh this out across WebID and RWW via > implementations before moving up to TAG and IETF. > > Mark: what do you think, anyway ? :-) > > > After some investigation on this: > > Here is the current text, which is slightly different from > the RFC > > [[ > > > 5.5.1 > <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#rfc.section.5.5.1> > From > <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> > > The "From" header field contains an Internet email address > for a human user who controls the requesting user agent. > The address ought to be machine-usable, as defined by > "mailbox" in Section 3.4 > <http://tools.ietf.org/html/rfc5322#section-3.4> of > [RFC5322] > <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>: > > > From <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> =mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> > > mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> = <mailbox, defined in[RFC5322] <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>,Section 3.4 <http://tools.ietf.org/html/rfc5322#section-3.4>> > > An example is: > > From:webmaster@example.org <mailto:webmaster@example.org> > > The From header field is rarely sent by non-robotic user > agents. A user agent /SHOULD NOT/ send a From header field > without explicit configuration by the user, since that > might conflict with the user's privacy interests or their > site's security policy. > > Robotic user agents /SHOULD/ send a valid From header > field so that the person responsible for running the robot > can be contacted if problems occur on servers, such as if > the robot is sending excessive, unwanted, or invalid > requests. > > Servers /SHOULD NOT/ use the From header field for access > control or authentication, since most recipients will > assume that the field value is public information. > > ]] > > 1. "From" seems to be largely unused according to various > sources > > 2. Some people are already using "From" for http URIs > > 3. From my informal straw poll more people are in favour > of using HTTP URIs in From than against (roughly 2 to 1), > though those against seem to be strongly against > > 4. It may be possible to use another header, but that is > less intuitive, and we will need suggestions > > 5. It was pointed out that, what later became known as > "WebID" stuffed an HTTP URI in the header field. > > 6. The User-Agent field is used by spiders such as baidu > and google to give an HTTP URI > > IMHO, this is a valuable use case for identifying on the > web, without a dependency on X.509 certs which are (at > least perceived as) very hard to deploy. If you want > strong security use TLS but it need not be mandatory for > more casual usage. A use case might be to get a casual > social web going eg via the tabulator extenstion > > So the question is which header to use for identity on the > web ... > > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: > http://www.openlinksw.com/blog/~kidehen > <http://www.openlinksw.com/blog/%7Ekidehen> > Twitter/Identi.ca handle: @kidehen > Google+ Profile: > https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > > > > > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 27 May 2013 13:15:13 UTC