W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2014

Re: HTTP Signatures draft published at IETF

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 29 Jul 2014 14:47:36 +1000
Cc: public-webpayments@w3.org, Blaine Cook <romeda@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, Melvin Carvalho <melvincarvalho@gmail.com>
Message-Id: <2B8769CE-9B9B-4D69-84BB-027E04780454@mnot.net>
To: Kingsley Idehen <kidehen@openlinksw.com>
Hmm. In RFC5988, we say:

>    By default, the context of a link conveyed in the Link header field
>    is the IRI of the requested resource.

So, the default context of a request is the requested resource URI, *not* the payload of the request.

I think that's a bug, but by the spec, that's still the case. I opened:
  https://github.com/mnot/I-D/issues/61

Cheers,


On 29 Jul 2014, at 12:36 am, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 7/27/14 8:12 PM, Mark Nottingham wrote:
>> They're not invalid, but establishing the context of the link is a bit tricky (since the payload of a request is usually anonymous; i.e., it doesn't have a URI).
>> 
>> Whether that matters or not depends on what you're doing.
> Mark,
> 
> Thanks for the quick response!
> 
> "Link:" in HTTP requests is a game-changer. It certainly solves the problem at hand re. a payload relation that associates a payload (originating from a browser) with the actual human of machine that instigated the payload. For example, in HTTP, one could then represent an <http://example.org/action#onBehalfOf> relation via the following triple:
> 
> Link: <http://kingsley.idehen.net/dataspace/person/kidehen#this> ; rel="http://example.org/action#onBehalfOf"
> 
> 
> Kingsley
>> 
>> Cheers,
>> 
>> 
>> On 27 Jul 2014, at 6:27 am, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>> 
>>> On 5/9/13 8:05 PM, Mark Nottingham wrote:
>>>> Hi,
>>>> 
>>>> From's semantics and syntax are well-defined, and they are in use. If you want to do this, I'd suggest defining a new header, or a new link relation (to use in Link); From isn't going to fly.
>>>> 
>>>> Regards,
>>> All,
>>> 
>>> Coming back to the issue above, is the use of "Link:" in HTTP requests valid? I ask because, It could resolve this issue in a way that prevents custom header bloat.
>>> 
>>> Regards,
>>> 
>>> Kingsley
>>>> 
>>>> On 09/05/2013, at 7:18 PM, ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org> wrote:
>>>> 
>>>>> Excerpts from Kingsley Idehen's message of 2013-05-08 20:29:19 +0000:
>>>>>> On 5/7/13 2:12 PM, Melvin Carvalho wrote:
>>>>>>> On 7 May 2013 19:01, Manu Sporny <msporny@digitalbazaar.com
>>>>>>> <mailto:msporny@digitalbazaar.com>> wrote:
>>>>>>> 
>>>>>>>    On 05/07/2013 04:04 AM, Melvin Carvalho wrote:
>>>>>>>> Yeah, I'll ping Julian Reschke or Mark Nottingham about it to see if
>>>>>>>> we can update the HTTP header field easily.
>>>>>>>> 
>>>>>>>> +1
>>>>>>>> 
>>>>>>>> There have been proponents of this for many years e.g. Toby, Nathan,
>>>>>>>> Kingsley, myself ... just need to get the spec tweaked to
>>>>>>>> distinguish between strings and URIs.
>>>>>>>    Do one of you want to take the lead on this? :)
>>>>>>> 
>>>>>>> 
>>>>>>> Sure, I would be happy to.  Kingsley already asked Mark Nottingham
>>>>>>> about this last month.  Im unsure what the most productive next steps
>>>>>>> should be.
>>>>>> Mark,
>>>>>> 
>>>>>> Another dimension to the same issue.
>>>>>> 
>>>>>> We can loosen the HTTP spec requirements for "From:" without disrupting
>>>>>> existing products that assume the header value is an Email address.
>>>>>> 
>>>>>> All:
>>>>>> 
>>>>>> Do we have any data about how broad current use of "From:" actually is?
>>>>> +1 on allowing URI in "From:" request header :)
>>>>> 
>>>>> I set it myself to email for about 2 years now using firefox extension: http://www.garethhunt.com/modifyheaders
>>>>> 
>>>>> I also mentioned it in this email with link to work of Blaine Cook on *Privacy-over-Webfinger*
>>>>> https://groups.google.com/group/webfinger/browse_thread/thread/52599662c273a043
>>>>> 
>>>>> warning: mentioned thread got mixed with another thread so few messages went off topic first!
>>>> --
>>>> Mark Nottingham   http://www.mnot.net/
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> -- 
>>> Regards,
>>> 
>>> Kingsley Idehen	
>>> Founder & CEO
>>> OpenLink Software
>>> Company Web: http://www.openlinksw.com
>>> Personal Weblog 1: http://kidehen.blogspot.com
>>> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
>>> Twitter Profile: https://twitter.com/kidehen
>>> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
>>> 
>>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
> -- 
> Regards,
> 
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
> 
> 

--
Mark Nottingham   https://www.mnot.net/
Received on Tuesday, 29 July 2014 04:48:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC