- From: Trevor Perrin <trevp@trevp.net>
- Date: Tue, 29 Apr 2003 16:36:33 -0700
- To: Simon Josefsson <jas@extundo.com>
- Cc: "Roy T. Fielding" <fielding@apache.org>, uri@w3.org
At 12:59 AM 4/30/2003 +0200, Simon Josefsson wrote: >There are merits to the idea that security metadata should not be part >of URIs. Here is one idea that implement the fundamental idea (which >I still believe is useful) without modifying URIs, like the above >approach does. > >The syntax would be: > >meta:<METADATA>:<URI> > >So to embed that a HTTP resource should have a certain SHA-1 hash (for >integrity, or even authentication, purposes) would be (this happens to >be a working example): > >meta:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro=:http://josefsson.org/key.txt > >Thoughts? I like that too. I'd put the <URI> first, for readability. Then it doesn't look too different from my suggestion. One difference is I was using brackets to separate the URI from crypto data. Since brackets aren't "uric" characters, that's probably a bad idea. So if I change my initial approach to use a colon, like yours does, and change yours to put the URI first, we can see the remaining difference: http-://josefsson.org/key.txt:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro= meta:http://josefsson.org/key.txt:sha1=oHn3H7i+rYwEnZulnHb09KO/6Ro= I'm denoting a secure scheme by appending "-" to the base scheme, you're denoting a secure scheme (or metadata-enhanced scheme) by "meta", with the base scheme in the scheme-specific part. I'm not sure which way is better. Trevor
Received on Tuesday, 29 April 2003 19:38:04 UTC