Re: URLs for resources within unsigned packages: a new scheme? from Jeffrey Yasskin on 2019-11-08 (uri@w3.org from November 2019)

From: Jeffrey Yasskin <jyasskin@google.com>
Date: Fri, 8 Nov 2019 14:42:40 -0800
To: Graham Klyne <gk@ninebynine.org>
Cc: uri@w3.org, Stian Soiland-Reyes <soiland-reyes@cs.manchester.ac.uk>, Marcos Caceres <marcos@marcosc.com>
Message-ID: <CANh-dXk4KkfZ_tuO04kcSwZCoKRoWzP2crwrxqhHe4nifnF=Ow@mail.gmail.com>

Thank you for the pointer to the previous work, and hi Marcos!

Looking over draft-soilandreyes-arcp, the main mismatch between arcp: and
web packaging is that arcp: assumes resources inside an archive are
addressed by path, while web packaging addresses them by URI.

I'm pretty sure we could live with arcp: being a URI scheme, as opposed to
the URL scheme included in my document
<https://docs.google.com/document/d/1BYQEi8xkXDAg9lxm3PaoMzEutuQAZi1r8Y0pLaFJQoo/edit#heading=h.7qtpt7qj0i5c>,
and arcp: has some interesting extra forms of authority. On the other hand,
that flexibility in spelling the authority seems to make it more likely
that a user opening the same archive twice will lose the data they stored
with the first instance.

Jeffrey

On Thu, Nov 7, 2019 at 2:52 AM Graham Klyne <gk@ninebynine.org> wrote:

> There's been some discussion of a similar idea a little while ago.
> There's an
> (expired) ID at https://datatracker.ietf.org/doc/draft-soilandreyes-arcp/.
>
> And there's some code: https://arcp.readthedocs.io/en/latest/
>
> And a paper: http://s11.no/2018/arcp.html
>
> There's a small amount of discussion about here
> [
> https://mailarchive.ietf.org/arch/msg/uri-review/XZHLGuuR6JSw4XoYmTRK6Fli8A0],
>
> and some related discussion here
> [
> https://mailarchive.ietf.org/arch/msg/uri-review/B2OYkX7_BTs4EBtH0A8Y_4hPkdQ
> ]
>
> #g
> --
>
>
> On 06/11/2019 23:20, Jeffrey Yasskin wrote:
> > Hi URI experts,
> >
> > As you may have seen, we're working on a way to package web resources at
> > https://github.com/WICG/webpackage. One of the use cases is to let
> users save a
> > web page, site, or collection of sites to a single local file and share
> it to
> > their peers without an internet connection. If those sites use the
> browser's
> > local storage systems, I think each site should get its own partition.
> Since the
> > user generated the package, the sites within it aren't signed, so that
> partition
> > can't be the same one used by the online version of the site. So, what
> origin
> > does an unsigned resource within a package get?
> >
> >
> https://docs.google.com/document/d/1BYQEi8xkXDAg9lxm3PaoMzEutuQAZi1r8Y0pLaFJQoo/edit
> discusses
> > the problem in some detail, and suggests that the origin should include
> both the
> > full absolute URI of the package itself and the claimed origin of the
> > subresource. ("Claimed" because it's not signed.) To get that to happen
> within
> > browsers, I think that means we need to define a new scheme for URLs that
> > address a subresource within a package. The document suggests a couple
> ways to
> > define that scheme.
> >
> > I'd appreciate if the experts on this list would think about the problem
> a bit
> > and suggest how best to solve it.
> >
> > I've been iterating within the linked Google Doc, but if anyone would be
> more
> > comfortable iterating on GitHub, I can translate it to markdown and
> check it in.
> >
> > Thanks a bunch,
> > Jeffrey
>
>

Received on Friday, 8 November 2019 22:42:56 UTC