- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 27 May 2013 09:14:46 -0400
- To: public-webid@w3.org
- Message-ID: <51A35C46.2070500@openlinksw.com>
On 5/27/13 8:39 AM, mike amundsen wrote:
> If you decide to register a new header[1] ("webid") I suggest you also
> consider registering a Link Relation Value[2] ("webid") so that the
> WebID information can be easily included in message bodies (e.g.
> HTML.LINK, HTML.A, etc.) when that is appropriate.
>
> [1] http://tools.ietf.org/html/rfc3864#section-4
> [2] http://tools.ietf.org/html/rfc5988#section-6.1
If taking this route we need three headers:
1. AgentID -- for denoting user agents using a URI as opposed to literals
2. WebID -- for denoting agents using an HTTP URI
3. NetID -- for denoting agents using URIs.
I don't see the need for a specific Link Relation since one can use
existing URIs from shared vocabularies to denote the relations for which
any of the above could be a subject or object.
Kingsley
>
>
>
> mamund
> +1.859.757.1449
> skype: mca.amundsen
> http://amundsen.com/blog/
> http://twitter.com/mamund
> https://github.com/mamund
> http://www.linkedin.com/in/mikeamundsen
>
>
> On Mon, May 27, 2013 at 8:29 AM, Melvin Carvalho
> <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
>
>
>
>
> On 27 May 2013 14:17, mike amundsen <mamund@yahoo.com
> <mailto:mamund@yahoo.com>> wrote:
>
> Register "webid" as a Link Relation Value and ese the LINK
> header as in
> Link: <http://...." rel="webid">
>
> This will make sure you don't step on someone else's header,
> no-one will step our yours. This will also allow you to
> include it in the header and (when appropriate) include it
> within a message body.
>
>
> That could work so how about
>
> [[
>
>
> WebID
> <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from>
>
> The "WebID" header field contains a URI for a user who controls
> the requesting user agent.
>
> WebID = user
>
> user = [[ Text linking to URI spec]]
>
> An example is:
>
> WebID:http://example.org/alice#me <mailto:webmaster@example.org>
>
> A user agent /SHOULD NOT/ send a WebID header field without
> explicit configuration by the user, since that might conflict with
> the user's privacy interests or their site's security policy.
>
> Servers /SHOULD NOT/ use the WebID header field for access control
> or authentication, without extra out of band entropy, such as a
> shared secret contained in the URL query string or a cookie.
>
> ]]
>
>
>
> mamund
> +1.859.757.1449 <tel:%2B1.859.757.1449>
> skype: mca.amundsen
> http://amundsen.com/blog/
> http://twitter.com/mamund
> https://github.com/mamund
> http://www.linkedin.com/in/mikeamundsen
>
>
> On Mon, May 27, 2013 at 7:18 AM, Melvin Carvalho
> <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>>
> wrote:
>
>
>
>
> On 3 April 2013 19:18, Kingsley Idehen
> <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>>
> wrote:
>
> All,
>
> I think the HTTP "From:" header [1] is now truly
> archaic circa. 2013. If the range of this particular
> predicate was a URI it would really aid our quest for
> a RWW.
>
> Suggestion:
>
> As part of our RWW bootstrap effort, we could consider
> an "X-From:" header that basically takes a URI or
> Literal value.
>
> I think we can flesh this out across WebID and RWW via
> implementations before moving up to TAG and IETF.
>
> Mark: what do you think, anyway ? :-)
>
>
> After some investigation on this:
>
> Here is the current text, which is slightly different from
> the RFC
>
> [[
>
>
> 5.5.1
> <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#rfc.section.5.5.1>
> From
> <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from>
>
> The "From" header field contains an Internet email address
> for a human user who controls the requesting user agent.
> The address ought to be machine-usable, as defined by
> "mailbox" in Section 3.4
> <http://tools.ietf.org/html/rfc5322#section-3.4> of
> [RFC5322]
> <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>:
>
>
> From <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> =mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from>
>
> mailbox <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#header.from> = <mailbox, defined in[RFC5322] <https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p2-semantics.html#RFC5322>,Section 3.4 <http://tools.ietf.org/html/rfc5322#section-3.4>>
>
> An example is:
>
> From:webmaster@example.org <mailto:webmaster@example.org>
>
> The From header field is rarely sent by non-robotic user
> agents. A user agent /SHOULD NOT/ send a From header field
> without explicit configuration by the user, since that
> might conflict with the user's privacy interests or their
> site's security policy.
>
> Robotic user agents /SHOULD/ send a valid From header
> field so that the person responsible for running the robot
> can be contacted if problems occur on servers, such as if
> the robot is sending excessive, unwanted, or invalid
> requests.
>
> Servers /SHOULD NOT/ use the From header field for access
> control or authentication, since most recipients will
> assume that the field value is public information.
>
> ]]
>
> 1. "From" seems to be largely unused according to various
> sources
>
> 2. Some people are already using "From" for http URIs
>
> 3. From my informal straw poll more people are in favour
> of using HTTP URIs in From than against (roughly 2 to 1),
> though those against seem to be strongly against
>
> 4. It may be possible to use another header, but that is
> less intuitive, and we will need suggestions
>
> 5. It was pointed out that, what later became known as
> "WebID" stuffed an HTTP URI in the header field.
>
> 6. The User-Agent field is used by spiders such as baidu
> and google to give an HTTP URI
>
> IMHO, this is a valuable use case for identifying on the
> web, without a dependency on X.509 certs which are (at
> least perceived as) very hard to deploy. If you want
> strong security use TLS but it need not be mandatory for
> more casual usage. A use case might be to get a casual
> social web going eg via the tabulator extenstion
>
> So the question is which header to use for identity on the
> web ...
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog:
> http://www.openlinksw.com/blog/~kidehen
> <http://www.openlinksw.com/blog/%7Ekidehen>
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile:
> https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
>
>
>
--
Regards,
Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 27 May 2013 13:15:13 UTC