W3C home > Mailing lists > Public > www-tag@w3.org > May 2006

[metaDataInURI-31] Raman's Review of "The use of Metadata in URIs"

From: <noah_mendelsohn@us.ibm.com>
Date: Tue, 30 May 2006 13:20:10 -0400
To: www-tag@w3.org
Message-ID: <OFDEFC36E3.98F531B2-ON8525717E.005EC618-8525717E.005F3B07@lotus.com>
With Raman's permission, I am forwarding this to the public TAG list. The 
original of his comments is included as an attachment to this file.  That 
same text is mostly quoted below, along with my responses.  I expect these 
will be discussed on the TAG call shortly.

Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142

----- Forwarded by Noah Mendelsohn/Cambridge/IBM on 05/30/2006 01:15 PM 

Noah Mendelsohn
05/30/2006 11:51 AM

        To:     "T.V Raman" <raman@google.com>
        cc:     ed.rice@hp.com, raman@google.com, tag@w3.org, 
TimBL@w3.org, Vincent.Quint@inrialpes.fr
        Subject:        Re: Review of "The use of Metadata in URIs"


Thank you so much for this detailed review.  Some initial comments are 
given below.  By the way, I'm responding on tag@w3.org since that's where 
you posted your comments, but I think this discussion would be better held 
on the public list.  Raman, any problem with my forwarding this note, 
along with your comments, to www-tag? 

Raman wrote: 

> ** Introduction 
> In the following sentence, we probably dont need _thus_. 
>     The authority that creates a URI is responsible for assuring 
>     that it is associated with the intended resource, and thus that 
>     the appropriate data is manipulated or returned in response to 
>     operations that use the URI as a resource designator. 

Hmm.  I thought that this text came from earlier drafts, but that seems 
not to be the case.  Anyway, I find it somewhat helpful in setting the 
general framework of the discussion, I.e. reminding readers of the main 
responsibilities of those who have authority over URIs.  That said, I 
agree that it's peripheral to the finding itself.  If the TAG consensus is 
to drop it or change it, that's OK with me. 

[In a later response, Raman made clear that his suggestion was merely to 
drop the word "thus".  NRM]

> I'd also consider rewriting it as follows to make it easier on 
> the reader: 
> The authority that creates a URI is responsible for assuring that: 
>   - The URI  is correctly associated with the intended resource, 
>   - The identified resource  is manipulated or returned in 
>     response to 
>     operations using the URI. 

I'm less comfortable with this suggestion.  In text of this sort, I find 
the bullet form to be a bit jarring.  If we these were really key points 
of the finding, I'd be more inclined to give the list the added editorial 
weight that you suggest.  I confess I'm not convinced in this case.  I can 
see dropping the text entirely, or replacing it with some other short 
reminder of what assignment authorities do, but I think that breaking out 
the bullets unduly disrupts the flow in this case.     

> The next two sentences imply that there is some metadata scheme 
> designed into the structure of URIs; and this might actually lie 
> at the root cause of some of our back and forth discussion on 
> this topic. 

Let's see.  Those next two sentences say: 

"Many URI schemes offer a flexible structure that can also be used to 
carry additional information, called metadata, about the resource. Such 
metadata might include the title of a document, the creation date of the 
resource, the MIME media type that is likely to be returned by an HTTP 
GET, a digital signature usable to verify the integrity or authorship of 
the resource content, or hints about URI assignment policies that would 
allow one to guess the URIs for related resources." 

Hmm.  When I selected the phrase "flexible structure that can also be 
used", I intended it to suggest that encoding metadata was not it's 
primary purpose (i.e. except in the limited ways that RFC 3986 is designed 
to convey scheme, hierarchy, etc.)  Obviously, you read it differently 
than I intended.  I'll be curious to hear whether other TAG members also 
had that misunderstanding, in which case I should try again.  I confess 
that saying that something "can also be used" for a purpose doesn't seem 
to me to be saying that it's "designed" for that purpose. 

> I think the truth is that the structure of URIs in themselves did 
> not design in metadata schemes; 


> however, URIs (and HTTP URIs in 
> particular) were human-readable, and consequently, people have 
> cleverly encoded metadata into them; the TAG question: how can 
> this be leveraged, and when can it be relied upon? 

I don't think it's just that they're human readable.  It's that, as the 
draft suggests, their format is quite flexible and that flexibility 
facilitates embedding of substructure, whether for human or machine 
consumers (e.g. HTML forms processors).   

> So I'd suggest reworking 
> the following extract: 
>     Many URI schemes offer a flexible structure that can also be used 
>     to carry additional information, called metadata, about the 
>     resource. Such metadata might include the title of a document, 
>     the creation date of the resource, the MIME media type that is 
>     likely to be returned by an HTTP GET, a digital signature usable 
>     to verify the integrity or authorship of the resource content, or 
>     hints about URI assignment policies that would allow one to guess 
>     the URIs for related resources. 
> Rewrite as: 
> URIs are flexible in their structure and are often human-readable. 
> This structure has been exploited to carry implicit metadata such as: 
>   - Document Title 
>   - Date 
>   - Mime type 
>   - a digital signature usable to verify content integrity 
>   - hints about URI assignment policies that enable guessing 
>     related URIs. 
> As an example, 
> _http://example.com/2006/web/introduction/chapter-01.html_ hints 
> at the document title, the date it was created, the overall 
> position of this document within the larger document, and its 
> content-type. 

I confess that I find the original to flow better, to be shorter, and to 
be more readable.  I suppose I can live with the mention of human 
readability, but I think you are putting more emphasis on the difference 
between human and software users of the Web than I would.  (see below) 
Again, if other TAG members prefer the bullet form, I can live with it, 
but I prefer the flow and feel of the original, perhaps with minor edits 
if we want to include the human readability point. 

> Simplify the following somewhat bureaucratic sentence? 
>     The first question is focused on people and software acting
> in the role of or 
>     on behalf of a URI assignment authority (authorities) for 
> URI assignments 
>     within the scope of that authority. 
> Here, (1) is focused on entities acting on behalf of a URI 
> assignment authority when creating URIs within the scope of that 
> authority. 

This traces to versions of the finding [1] that predate my work on it.  I 
find it somewhat helpful, but could be easily convinced to remove or 
reword it. 

> **Encoding And Using Metadata In URIs 
> *** Reword Constraint in 2.1 
> I like this example. 
> However I'd request a minor re-wording of the identified 
> constraint: 
>   Constraint: Users of the Web and Web software MUST NOT attempt 
>   to draw unverifiable conclusions about a resource or its 
>   representations by inspection of its URI, except as licensed by 
>   relevant normative specifications or by URI assignment policies 
>   published by the relevant URI assignment authority. 
> Suggestion: Could we limit the above constraint to software, 
> and not have it extend to users (where users mean human users)? 

> Put differently, I would like Martin's software to be sent to TAG 
> jail, but Martin himself should not b  punished if he said "that 
> is XML" by looking at the URL. 
> Let's face it, Martin as a typical  intelligent human can: 
>   - Guess the content is XMl from the extension, 
>   - Even guess that it is broken XML, 
>   - - Probably did not get to see the HTTP headers, 
>   -  And would never take the time to go ask _the relevant 
> authority_ if he is correct, 
>   -  And given a longer XML document, would not know *how* it was 
>     broken without software assistance. 

I really don't think I want to draw such sharp distinctions between people 
and software.  In fact, human Martin >should< be sent to TAG jail if he 
picks up the phone and tells you "Hey, I found an XML version of that 
document" just by looking at the URI.  He's crossed the line by telling 
you this non-fact in a tone that suggest he's not accounting for the 
possibility that he's guessed wrong.  You might go on to trust that 
erroneous information.  Similarly, as you say below, a human who has good 
reason for guessing may indeed write software that helps him act on those 
guesses, but both the code and the human have to be prepared for the 
possibility that the guesses are wrong. 

I think the draft finding has it about right on all of that.  I'm just not 
convinced that telling a detailed story about the differences between 
people and software is on the mark in this case. 

*** Best Practice in 2.2 

> I agree with the conclusion of this section, but  dont agree 
> entirely with its tone. 
> As best practice, could we write it such that authorities 
> assigning URIs are encouraged to do the reasonable thing, as 
> opposed to putting the entire blame for the failure on Bob? 
> In the long run, Darwin will take care of people who create bogus 
> URIs that do not meet the end-user's expectations. 

Good point.  The text currently says: 

"Still, the ability to explore the Web informally and experimentally is 
very valuable, and Web users act on guesses about URIs all the time. Many 
authorities facilitate such flexible use of the Web by assigning URIs in 
an orderly and predictable manner. Nonetheless, in the example above, Bob 
is responsible for determining whether the information returned is indeed 
what he needs." 

That sentence about authorities facilitating use through orderly 
assignment was intended to signal that it's good practice, but we could 
indeed say that a bit more strongly.  I'll try and come up with rewording 
for the next draft. 

> *** Possible Erroneous Assumption In 2.3 
> Assumes that the HTML Form is _authoritative_ 
> --- note that this is  true *if and only if* the HTML form was 
> authored by the authority assigning the URI --- and that on  the 
> Web today, this is not always the norm. 

Indeed.  That important point was raised by Dan in [2], where he wrote: 

"You might note that the action= attribute allows a form to point 
anywhere in the web, so in fact, HTML forms allows anyone, 
not just an authority, to make claims about the URI structure 
of http://example.org/cityweather ." 

My suggestion in response was [3]: 

"Well, the subtlety seems to me that the claims are authoritative (in the 
sense the finding discusses) only if the authority sourcing the form and 
the authority for the ACTION URI are the same.  It's cool that I can serve 

up lots of Web forms with ACTIONs pointing to danconnolly.com, but I 
expect you shouldn't be held responsible for either the implied structure 
of your URIs, or for anything I might say about them in the natural 
language text of the form.  I'm thinking it might be worth a sentence in 
the finding to give that warning, I.e. that 3rd party claims in forms have 

the same standing or lack thereof as 3rd party claims in books, ordinary 
web pages, or on the sides of busses: trust claims that (appear to be) 
made by someone other than the resource authority only at your own risk." 

Does that seem like the right way to handle it? 

> *** One URI Space Please In 2.5 
> Implies that there might be two *URI spaces* one for writing on 
> backs of buses and another for writing inside HTML hyperlinks. 
> I would personally consider that *extremely* bad practice. 

I don't see anything there that suggests disjoint URI spaces.  It says: 

"URIs optimized for use by the assignment authority may sometimes be 
inconvenient for resource users. " 

I think that's manifestly true, and we encounter the consequences on the 
Web quite regularly. 

It then concludes: 

"Good Practice: URIs intended for direct use by people should be easy to 
understand, and should be suggestive of the resource actually named." 

That's presumably what suggested two spaces to you, but it seems 
appropriate to me.  I believe that it's clearly true, and to be 
encouraged, that of all the URI's in the world, a subset is indeed 
optimized for convenient direct memorization, typing or manipulation by 
human users (e.g. http://www.w3.org) and others that are optimized more 
for the benefit of the resource owner:  (

I don't think that the draft inappropriately suggests that the distinction 
is crisp, or that there are two disjoint spaces.  The good practice note 
suggests, correctly in my opinion, that if you are assigning a URI, and if 
it's a goal that the URI be directly used by people, that it should be 
both easy to understand (maybe remember?) and suggestive of the resource 

> * Conclusion 
> Overall I like the document. 
> I'd throughout emphasize that: 
>   - Human users should be encouraged to guess. 
>   - Software should rely on documented and verifiable metadata. 

As I've said above, I'm afraid I'm not convinced this is a good 

>   - Humans creating bleeding edge software should not be 
>     imprisoned for depending on guesses. 

Right, which is among the reasons I don't want to organize the story 
around the differences between people and software.  It seems that you're 
actually saying that there's:  (1) ordinary software, in which guessing is 
very bad; (2) people, whom you actually encourage to guess; and (3) 
software that's written specifically to help people who are guessing, and 
that software can guess after all. 

>   - Such guesses should be documented, and where possible 
>     communicated to the authority issuing the URI. 

Are you saying that Bob should call the Web site and say "Hey, I saw that 
URI on the side of the bus and I also guessed that you had some others?". 
In fact, why does Bob have to document anything to anyone?  In the privacy 
of his own home he took a gamble, and as far as he can tell it's paid off. 
 Why does he have to document anything or tell anyone anything? 

>   - Sometimes, human-authored software that encapsulates guesses 
>     made by the developer can prove a useful tool in discovering 
>     additional means of using Web resources not originally 
>     envisioned by the owner of the resource. 

I agree, though I'm not sure where you're going with this thought.  Are 
you saying: therefore people should write such software?  Therefore people 
should call up the resource owner and explain what they've discovered? 
What would you like the finding to say in this area? 

>   -  Where such *additional* use does not contravene the original 
>     terms of use e.g., guessing the URL to someone else's bank 
>     account,  the Web architecture should encourage these, since 
>     it leads to an overall democratization of available services 
>     on the Web, with users being able to implicitly ask for the 
>     _right_ API. 

Thank you for the very detailed comments.  They are truly very helpful. 
I'm sorry that I haven't been more immediately agreeable on your main 
point, about the differences between people and software, but I'm just not 
yet convinced on that one.  I think a lot of the others are editorial or 
matters of emphasis, and I'll be glad to try and capture whatever the 
group as a whole thinks is best based on your input. 

I'm also sorry that this response is coming right before the call, but I 
was mostly out of email contact last week. 


[1] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20030708.html 
[2] http://lists.w3.org/Archives/Public/www-tag/2006May/0020.html 
[3] http://lists.w3.org/Archives/Public/www-tag/2006May/0028.html 

Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142

Received on Tuesday, 30 May 2006 17:20:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:12 UTC