- From: Dan Connolly <connolly@w3.org>
- Date: Thu, 11 May 2006 17:34:32 -0500
- To: noah_mendelsohn@us.ibm.com
- Cc: www-tag@w3.org, Stuart Williams <skw@hp.com>
On Thu, 2006-05-11 at 18:02 -0400, noah_mendelsohn@us.ibm.com wrote: > I am very pleased to announce the availability of a new editors' draft of > a TAG finding: "The use of Metadata in URIs". HTML and XML versions are > available at [1,2,3]. This is a significant revision to the previous > draft [4]. Note that I recently published a guide to work-to-date on this > issue at [5]. and that served as input to this rewrite. Those new to this > issue might want to check out the guide. > > The principle goals of this rewrite include: > > * The use of more examples and stories to motivate conclusions, as long > ago requested by Dan Connolly: "hmm... no story atop 4 July 2003 draft of > finding" [6]. In fact, I originally set out to add just a story or two, > and came to feel that examples were a good way to make most of the points. > So, most of the conclusions and suggestions are introduced in a > succession of little Dirk & Nadia-style stories. :) Regarding... | HTML forms [HTMLForms] and now XForms [XFORMS] each provide a means by | which a authority can assert its support for a class of parameterized | URIs, while simultaneously programming Web clients to prompt for the | necessary parameters. You might note that the action= attribute allows a form to point anywhere in the web, so in fact, HTML forms allows anyone, not just an authority, to make claims about the URI structure of http://example.org/cityweather . That introduces a 3rd party into the discussion. That might be more trouble than it's worth. Hmm. (FYI, I think the way-cool trick of decentralizing forms thru the action URI is due to Tony Sanders of BSDI... somewhere near 25 Oct 1993 http://webhistory.org/www.lists/www-talk.1993q4/0280.html ) I think the "Hiding metadata for security reasons" story is a little thin. It's in the right direction, but there are more credible threats than a "malicious worker at an Internet Service Provider" these days. Does anybody have a cross-site scripting horror story or something that's not too hard to follow? > [1] http://www.w3.org/2001/tag/doc/metaDataInURI-31 -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Thursday, 11 May 2006 22:34:37 UTC