W3C home > Mailing lists > Public > www-tag@w3.org > May 2006

Re: [metadataInURI-31] New editors draft for Metadata In URIs Finding

From: Dan Connolly <connolly@w3.org>
Date: Thu, 11 May 2006 17:34:32 -0500
To: noah_mendelsohn@us.ibm.com
Cc: www-tag@w3.org, Stuart Williams <skw@hp.com>
Message-Id: <1147386872.22658.675.camel@dirk.w3.org>

On Thu, 2006-05-11 at 18:02 -0400, noah_mendelsohn@us.ibm.com wrote:
> I am very pleased to announce the availability of a new editors' draft of 
> a TAG finding: "The use of Metadata in URIs".   HTML and XML versions are 
> available at [1,2,3].  This is a significant revision to the previous 
> draft [4].  Note that I recently published a guide to work-to-date on this 
> issue at [5]. and that served as input to this rewrite.  Those new to this 
> issue might want to check out the guide.
> The principle goals of this rewrite include:
> * The use of more examples and stories to motivate conclusions, as long 
> ago requested by Dan Connolly: "hmm... no story atop 4 July 2003 draft of 
> finding" [6].  In fact, I originally set out to add just a story or two, 
> and came to feel that examples were a good way to make most of the points. 
>  So, most of the conclusions and suggestions are introduced in a 
> succession of little Dirk & Nadia-style stories.



| HTML forms [HTMLForms] and now XForms [XFORMS] each provide a means by
| which a authority can assert its support for a class of parameterized
| URIs, while simultaneously programming Web clients to prompt for the 
| necessary parameters.

You might note that the action= attribute allows a form to point
anywhere in the web, so in fact, HTML forms allows anyone,
not just an authority, to make claims about the URI structure
of http://example.org/cityweather .

That introduces a 3rd party into the discussion. That might
be more trouble than it's worth. Hmm.

(FYI, I think the way-cool
trick of decentralizing forms thru the action URI is due
to Tony Sanders of BSDI... somewhere near 25 Oct 1993 
http://webhistory.org/www.lists/www-talk.1993q4/0280.html )

I think the "Hiding metadata for security reasons" story
is a little thin. It's in the right direction, but there
are more credible threats than a "malicious worker at
an Internet Service Provider" these days.

Does anybody have a cross-site scripting horror story
or something that's not too hard to follow?

> [1] http://www.w3.org/2001/tag/doc/metaDataInURI-31

Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Thursday, 11 May 2006 22:34:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:12 UTC