URI schemes - is widget: OK, but xri: not?

Hi All,

I haven't seen any messages complaining about a URI scheme for widget:. I've seen plenty of messages complaining about a URI scheme for xri:. 

Does the TAG consider a new scheme for widget: to be justified?

If so, then could someone please explain why a widget: scheme is justifiable, but an xri: scheme is not?

Thanks,

Marty.Schleiff@boeing.com; CISSP
Associate Technical Fellow - Cyber Identity Specialist
Information Security - Technical Controls
(206) 679-5933

-----Original Message-----
From: Marcos Caceres [mailto:marcosscaceres@gmail.com] 
Sent: Thursday, August 07, 2008 1:20 AM
To: Krzysztof Maczyński; Williams, Stuart (HP Labs, Bristol); www-tag@w3.org; public-webapps@w3.org
Subject: Re: Comments on Widgets 1.0: Requirements LCWD

Hi Stuart, All,

This email is a continuation of the discussion about the Widget URI scheme we've had in the past [1]. WebApps is trying to draft the final text for the Widget Requirements document regarding a URI scheme for widgets and we would again appreciate some input from the TAG. WebApps WG believes that we share similar (if not the same) objective to resolving the TAG's issue number 61 (URI Based Access to Packaged
Items) [2].

Regarding URI based access to packaged items, the Widgets 1.0 Requirements document [3] contains the following Requirement:

------
R6. Addressing Scheme

A conforming specification MUST specify or recommend an addressing scheme to address the individual resources within the widget resource at runtime. The addressing scheme MUST be able to address individual widget instances, while potentially allowing widgets to address each other. The addressing scheme MUST NOT expose the underlying file system to the instantiated widget and an instantiated widget MUST NOT be able to address resources outside the widget resource via the addressing scheme. The addressing scheme SHOULD be one that web authors would feel comfortable using or to which they are already accustomed.

Motivation:
    Ease of use, compatibility with other standards, current development practice or industry best-practices, security.
Rationale:
    To allow resources to be resolved and normalized within DOM attributes. To make it easy for authors to address and load resources into their instantiated widgets, either declaratively or programmatically. For example, addressing a resource via an IRI (e.g.
<img src="images/bg.png'/> where the src attribute resolves to something akin to "widget://myWidget/images/bg.png")).
-------

However, Krzysztof Maczyński has suggested we change the text above based on the following reasoning:

>On 2008/7/26 Krzysztof Maczyński <1981km@gmail.com> wrote:
>> must not be able to address resources outside the widget resource via 
>> the addressing scheme
> Such ability may be useful (in some future version or even in this one), although I can see the concerns. But it seems harmless, for example, to use URNs (with semantics handled by widget user agent, such as accessing the default instance (forms in older versions of VB have those) or some operating environment motives and artifacts - these are "outside the widget resource", right?). I presume there will be places where IRIs unconstrained by this addressing scheme can be used to allow such usage. Still, I think this must not cannot be enforced syntactically without disallowing relative IRI references (and I can see no reason for disallowing them). Another issue with this is that other instances of the same widget are themselves "resources outside the widget resource" (but not widget resources). Even though R5 currently only provides for addressing resources contained in the widget resource associated withj a given instance of the widget, I believe the goal is (or should be) to enable addressing the instances themselves as well. I would therefore suggest the wording given below for the entire paragraph. Also please clarify that "addressing scheme" means some recipe for minting URIs, not necessarily a URI scheme (which may or may not result from ongoing discussion as the best solution).
> --
> A conforming specification must specify an addressing scheme (a new URI scheme or some prescribed use of an existing one) which must or should be used to address at runtime the individual resources within the widget resource in association with the current or another instance of the widget, as well as these instances themselves. This does not preclude allowing use of arbitrary IRI references in some contexts defined by a conforming specification. When the addressing scheme is used, the widget user agent must be required not to expose any other resources to the widget instance. For this purpose a conforming specification may require that accessing resources identified by IRIs using the addressing scheme which leave the allowed space described above must fail. If addressing resources outside the allowed set described above is possible with the addressing scheme, determining that this is the case for a given IRI reference should be easy for the author, at least for absolute IRI references. The addressing scheme should be one that web authors would feel comfortable using or are already accustomed to.


Any thoughts or comments from WebApps members or the TAG are welcomed.

[1] http://lists.w3.org/Archives/Public/www-tag/2008May/0121.html
[2] http://www.w3.org/2001/tag/group/track/issues/61
[3] http://dev.w3.org/2006/waf/widgets-reqs/#r6.-addressing
--
Marcos Caceres
http://datadriven.com.au

Received on Thursday, 7 August 2008 22:09:18 UTC