RE: XRI vote aftermath - 1 from Schleiff, Marty on 2008-06-09 (www-tag@w3.org from June 2008)

From: Schleiff, Marty <marty.schleiff@boeing.com>
Date: Mon, 9 Jun 2008 16:26:58 -0700
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
Cc: <www-tag@w3.org>
Message-ID: <173625C7A199934BA40AAA1CD296D2B50B5BFB@XCH-NW-03P.nw.nos.boeing.com>
Hi Henry (& All),

We're using LDAP to lookup X.509 certificates for secure encrypted
messaging. The certificates belong to users at partner companies
collaborating on programs such as Boeing's new 787, and a military
program I'm not sure I should mention by name. Each partner publishes
their users' certificates via LDAP so that users at other partnering
companies can find them. 

One way you could find my certificate is to teach your LDAP-capable mail
client about the Boeing directory where my certificate is published.
Another way you can find my cert (or any Boeing person's cert if it's
published and you know their email address) is with an LDAP-capable
browser. Try this in your browser:

	ldap://dir.boeing.com/???mail=marty.schleiff@boeing.com

While this may not be a "general-purpose Web context" as you suggest, it
is definitely a business context, used in production by lots of
partnering companies, protecting highly valuable information.

Marty.Schleiff@boeing.com; CISSP
Associate Technical Fellow - Cyber Identity Specialist
Information Security - Technical Controls
(206) 679-5933

-----Original Message-----
From: Henry S. Thompson [mailto:ht@inf.ed.ac.uk] 
Sent: Thursday, June 05, 2008 2:54 PM
To: Schleiff, Marty
Cc: www-tag@w3.org
Subject: Re: XRI vote aftermath

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Schleiff, Marty writes:

> I'll start by asking for help to understand the TAG's stance on 
> introduction of new URI schemes. I understand the part about it being 
> costly to introduce new schemes. What I wonder about is the idea that 
> the http: scheme should be used for everything (I probably didn't 
> state that very well - perhaps you can put it into better words).
>
> If there existed no mailto:, or ldap:, or https: scheme today (the 
> three I'm most familiar with beyond http:), what would be the TAG's 
> reaction to a request for a new scheme for mailto: or ldap: or https?

I am not speaking for the TAG, only myself, in this, but the core of my
answer is in fact from the IETF [1]:

  "[T]he unbounded registration of new schemes is harmful.  New URI
   schemes SHOULD have clear utility to the broad Internet community,
   beyond that available with already registered URI schemes."

I simply don't think that's true for XRIs.  In trying to explain this to
someone else, before reading your email, I actually used Boeing as an
example:  I believe it's the case that most desktops in Boeing (and
there are a _lot_ of them) are centrally managed and tightly
constrained, with a multi-year roll-out cycle.  That means that no-one
at Boeing will be able to click on an xri: or hdl: or doi: URI for at
_least_ three years, given that IE7 does not support any of those out of
the box.  "So," I said to my interlocutor, "do you really want to
recommend that your users use URIs which no-one at Boeing, or dozens of
other similar companies, can click on for years to come?"

Yes, this is an argument against _any_ new URI scheme where there is
real value to be gained by allowing as many people as possible to use it
to access resources on the Web.  And the network effect (because that's
what we're talking about) is what _made_ the Web.  Using a new URI
scheme when you could use http: is intentionally cutting yourself off
from the network effect.

I think that mailto: is pretty clearly _not_ in that category, and its
non-retrieval semantics makes it a reasonable special case.  And
https: is really just http: with a bit of metadata encoded in the scheme
name.  ldap: is a less clear case -- I'm not really familiar with its
operation, but my superficial understanding is that it is not central to
the functioning of the LDAP system, and that its semantics mean that it
is unlikely that it will appear in general-purpose Web contexts, which
distinguishes it pretty well from http:.

The TAG is working on a detailed exposition of its position in this
matter, which I expect will address your question in more detail -- I
hope this quicker personal reply will be helpful in the meantime.

ht

[1] http://tools.ietf.org/html/rfc4395
- --
 Henry S. Thompson, HCRC Language Technology Group, University of
Edinburgh
                     Half-time member of W3C Team
    2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
            Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk
                   URL: http://www.ltg.ed.ac.uk/~ht/ [mail really from
me _always_ has this .sig -- mail without it is forged spam] -----BEGIN
PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFISGBakjnJixAXWBoRAg5xAKCCtOGlabdVqMUj7VT3uV47nxOFbQCePoUr
Uyf5aybDYwSd1lBh1h9edRQ=
=2ENu
-----END PGP SIGNATURE-----
Received on Monday, 9 June 2008 23:28:05 UTC