RE: [metadataInURI-31] New editors draft for Metadata In URIs Finding

Claude Bullard writes:

> That's a caveat emptor argument.  Trust the provider.  On the other
> hand, the smart move is trust but verify and that means the buyer always
> assumes the risk.

Indeed, but the finding is trying to make the point that the nature of the 
risk is qualitatively different when you are inferring information based 
on normative recommendations, vs. based on assumptions you just consider 
plausible.   Let's say someone sends you a link:

        http://example.org/weatherReports/Chicago

You as a consumer convince yourself of two things: 1) the authority for 
this resource is example.org and 2) it's for a weather report in Chicago. 

You're right that in both cases there's an element of buyer beware. Either 
of those inferrences could be wrong.  The provider could have maliciously 
sent you a URI that he or she knew was not in fact assigned by 
example.org.  You also could have guessed wrong that the word 
"weatherReports" meant you were getting weather reports.  In both cases, 
you as a consumer of the URI are taking a risk, but the two assumptions 
feel very different to me.   In particular, an omniscient observer could 
show that the malicious user has indeed done something wrong, I.e. has 
violated a Recommendation by appearing to assign a URI outside of its 
authority.  If someone publishes a work of art named 
"weatherReports/Chicago" under the URI above, then they have at worst 
violated good practice.   I still believe that the two cases are 
qualitatively very different.

Noah

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Wednesday, 17 May 2006 01:34:13 UTC