Re: Request for feedback: HTTP-based Resource Descriptor Discovery (2)

Left out a couple of other comments. If you forward my previous  
messages, tack these on the end.

By the way I hope it is obvious that I'm speaking for myself, not for  
the TAG.

- Under <link> element (section 7), please include XHTML along with  
HTML (this came up on a TAG telecon). I'm not sure either of these is  
"fully compatible with" the link header, but the DR discovery protocol  
doesn't need full compatibility, it only needs a way to express  
describedby links. But neither format specifies 'describedby' or leads  
one to the new registry that will contain it. For XHTML with RDFa, you  
can write describedby by giving a CURIE for the relation URI, so  
that's OK. I have no idea what HTML says about link relations that  
aren't explicitly documented, but I would expect a problem, from a  
standards point of view if not in practice.

- I understand that we desire to stay away from a rigorous treatment  
of authentication, authority, and authorization, leaving that up  
either to risk acceptance or an orthogonal security infrastructure.  
However, we need to specify what the protocol's position is on  
attribution, in the situation where communication *is* secure and/or  
risks are accepted.

<link> has problems in this regard that Link: and site-meta don't.  
Although in the normal case a document speaks for the owner of the URI  
that names it, there are important cases where this doesn't hold. One  
is where the resource is obsolete, so that what it said before is no  
longer true. This is not just a mistake to be fixed as faithfully  
retaining unmodified old versions is often very important. Another is  
where the URI owner is acting as an archiving or mirroring service and  
is bound by expectation or even by contract to serve information that  
it itself may not believe. Examples would include the Internet  
Archive, W3C, IETF, and OCLC (purl.org).

 From a communication point of view, <link> is the best of the three  
methods to link to a DR since there is the least risk that it will get  
detached from the representation. (Even better would be a way to  
include a DR in the document itself -- this is in effect a goal of  
RDFa.) But from an attribution point of view, it is weak, since there  
are many normal situations in which the <link> to the DR, and  
therefore the DR itself, may come to not speak for the URI owner).

Since we're not talking about protecting against security attacks  
here, but rather against well-meaning misinterpretation that might  
happen even in a fully secure, authenticated context, this is not a  
security problem. But your memo does talk about authority (here I  
think we mean what statements can be put in the mouths of what  
principals) as if it's a question it cares about. I think the problem  
of whether <link> speaks for the URI owner ought to be addressed  
somehow. You could deny that the protocol, correctly executed, says  
anything about it; or you could give a warning about the risks. But  
given that you've invoked the word "authority" elsewhere and that  
(IMO) this is not a question of protection against attack, I think  
it's dangerous to leave the disclaimer to the 'security  
considerations' section.

Option 1 (maybe for intro): The protocol is one particular way to lead  
you from a URI to a single DR. It is what it is. The DR has no  
particular standing by virtue of resulting from the protocol, even in  
the absence of attack. To authenticate the DR as speaking for anyone  
in particular, you have to do something else.

Option 2: Same as above, except that DRs obtained via Link: or site- 
meta (not <link>!) speak for the URI owner, assuming correct and  
secure implementation of this protocol. I think this is my preference  
as it is much stronger -- it lets you hear from the URI owner, even if  
you don't know who they are!

"URI owner" (defined in AWWW) is a bit fuzzy of course. For HTTP it's  
the same as the agent that gets to decide what HTTP responses to  
deliver for the URI. Figuring out who this is is tricky given that  
delegation (originating from the domain name owner) can be secret and/ 
or informal. But for the "identification" application you don't care  
who the owner is, only what they say that bears on what AWWW gives  
them authority over (URI/resource binding and delegation of URI  
ownership).

Ideally we'd have some kind of MUST somewhere: If a server  
implementing this protocol provides a DR URI, then the DR must speak  
for (be authorized by) the URI owner (unless the DR was found via  
<link>, in which case that needs to be made evident somehow). Ideally  
this would be true of *all* uses of Link: rel=describedby and site- 
meta - any server using this relation in this way should make sure the  
DR speaks for the URI owner (as opposed to, say, the domain holder).  
Maybe this should be documented in the published description of  
describedby, or in the Link: RFC, since not everyone reading those  
will necessarily be aware of the resource discovery protocol. Or maybe  
I've convinced you to pick option 1... but that leaves me short of the  
kind of communication channel I'd like to have.

Obviously I'm extemporizing here, so please take the preceding as  
brainstorming and not criticism or demand.

Best
Jonathan

Received on Thursday, 29 January 2009 17:30:21 UTC