Re: HTTPS and the Semantic Web from Melvin Carvalho on 2016-05-23 (semantic-web@w3.org from May 2016)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 23 May 2016 14:20:04 +0200
To: Nathan Rixham <nathan@webr3.org>
Cc: Phil Archer <phila@w3.org>, Semantic Web IG <semantic-web@w3.org>
Message-ID: <CAKaEYhLS=j=jHwC9-AY0hZhfAK7oVrDqvb_w+WkrLMa4NbyyGA@mail.gmail.com>

On 21 May 2016 at 02:02, Nathan Rixham <nathan@webr3.org> wrote:

> Dereferencing should be blackbox, let TLS+UIR+HSTS handle that side.
>
> An x:alias predicate which asserts that one name (IRI) is an alias of
> another name (IRI) would be very useful. <a#b> x:alias <c#d> .
>
> An x:canonical predicate which asserts <a#b> x:alias <c#d> . and that
> <a#b> is the preferred IRI more useful still.
>
> Using syntax shortcuts you could add the following triple to the turtle
> document at https://www.w3.org/1999/02/22-rdf-syntax-ns#
>
>    rdf: x:canonical <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
>
> Result:
> <http://www.w3.org/1999/02/22-rdf-syntax-ns#> a owl:Ontology .
> <https://www.w3.org/1999/02/22-rdf-syntax-ns#> a owl:Ontology .
>
>
> Point 2:
>
> Using a 307 redirect for the semantic is nice, but practically click
> http://www.w3.org/ns/dcat# and you are redirected, refresh and you find
> the client does use the redirected url for subsequent requests.
>
> As a general person or developer search w3.org for dcat and the results
> are https://www.google.com/search?q=site:w3.org%20dcat - the url listed
> is the https url.
>
> Usage of the https IRIs will enter the web of data ever increasingly,
> whether people say the http one should be used or not.
>

I didnt realize http 307 was being used.

Redirects can be a very useful tactic, but tend to be a rather large pain
in semantic web programming.

>From our experience to date we it would probably be valid to say "3xx
Redirects are considered harmful".

5 years from now we might be in a better situation, with better inferencing
and automatic updates to systems, but I am not sure I would bet on that.

>
>
> Point 3:
>
> Practically taking a simple real world step like migrating to a CDN will
> often give http/2+tls thus https IRIs automatically.
>
> Test case:
>
> Alice has a wordpress/drupal site that publishes RDF automatically. She
> doesn't know about the RDF.
> Alice clicks the "free CDN" button in her hosting account.
> Alice now has https and http IRIs in RDF on both http:// and https://
> protocols.
>
> Personally I cannot think of anything easier than as best practise adding
> a single triple to rdf documents when migrating protocols. Anything within
> the black box will fail and be implemented incorrectly.
>
> On Sat, May 21, 2016 at 12:42 AM, Melvin Carvalho <
> melvincarvalho@gmail.com> wrote:
>
>>
>>
>> On 20 May 2016 at 20:08, Phil Archer <phila@w3.org> wrote:
>>
>>> Not a moan about spam, or a CfP, but an actual discussion point, yay!
>>>
>>> I've just blogged about our use of HTTPS across www.w3.org which raises
>>> some questions for this community. Please see
>>> https://www.w3.org/blog/2016/05/https-and-the-semantic-weblinked-data/
>>
>>
>> On the one hand more security is a nice to have, but on the other, Cool
>> URIs dont change.  It's really hard to estimate the cost, and unintended
>> consequences of changing URIs.  But my feeling is that we systematically
>> underestimate it.
>>
>> IMHO, It's kind of a shame that http wasnt made secure, and that a new
>> scheme https was invented.
>>
>>
>>>
>>>
>>> Comments welcome.
>>>
>>> Thanks
>>>
>>> --
>>>
>>>
>>> Phil Archer
>>> W3C Data Activity Lead
>>> http://www.w3.org/2013/data/
>>>
>>> http://philarcher.org
>>> +44 (0)7887 767755
>>> @philarcher1
>>>
>>>
>>
>

Received on Monday, 23 May 2016 12:20:32 UTC