Delegating authority (was Re: Comments on arch document (15 November draft)

Hi Mark,

On Thu, Dec 19, 2002 at 03:32:44PM -0800, Mark Nottingham wrote:
> * Status of Authority - I think it would be good to highlight (somewhere
> in section two) the special status of the authority URI component, when
> present; it serves to identify the publisher (in a Web sense) of a
> resource, and therefore a large number of assertions stem from it
> (especially surrounding trust and policy, e.g., P3P). Problems are
> introduced when truly unrelated Web resources are grouped under the same
> authority (we saw a lot of this in P3P). So,
> should be
> if it doesn't have *any* relationship to
> other content on the same server.

As much as I'd like it to be, I don't believe that's the case.

Since the http: URI scheme uses the DNS as an authority system, it also
inherits its capacity to delegate authority.  And AFAIK, DNS can't
delegate, meaning that "" and
"" identify the same authority, and that
authority is the entity (person/company) you see when you do a "whois"
on "".

It may be the case that Mary has to pay that entity for
"", and in return receives certain rights to
that name.  But that isn't the general rule, so shouldn't be a rule for
http: URIs, IMO.

Today, if Mary wants to be an authority, she needs to fork over money
for her own domain name.


Mark Baker.   Ottawa, Ontario, CANADA.
Web architecture consulting, technical reports, evaluation & analysis

Received on Thursday, 19 December 2002 23:04:40 UTC