- From: <noah_mendelsohn@us.ibm.com>
- Date: Tue, 16 May 2006 21:33:53 -0400
- To: "Bullard, Claude L \(Len\)" <len.bullard@intergraph.com>
- Cc: "Frank Manola" <fmanola@acm.org>, www-tag@w3.org
Claude Bullard writes: > That's a caveat emptor argument. Trust the provider. On the other > hand, the smart move is trust but verify and that means the buyer always > assumes the risk. Indeed, but the finding is trying to make the point that the nature of the risk is qualitatively different when you are inferring information based on normative recommendations, vs. based on assumptions you just consider plausible. Let's say someone sends you a link: http://example.org/weatherReports/Chicago You as a consumer convince yourself of two things: 1) the authority for this resource is example.org and 2) it's for a weather report in Chicago. You're right that in both cases there's an element of buyer beware. Either of those inferrences could be wrong. The provider could have maliciously sent you a URI that he or she knew was not in fact assigned by example.org. You also could have guessed wrong that the word "weatherReports" meant you were getting weather reports. In both cases, you as a consumer of the URI are taking a risk, but the two assumptions feel very different to me. In particular, an omniscient observer could show that the malicious user has indeed done something wrong, I.e. has violated a Recommendation by appearing to assign a URI outside of its authority. If someone publishes a work of art named "weatherReports/Chicago" under the URI above, then they have at worst violated good practice. I still believe that the two cases are qualitatively very different. Noah -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Wednesday, 17 May 2006 01:34:13 UTC