Re: Can "http://danbri.org" and "http://danbri.org/" URIs represent different things?

On 1/7/09 12:02, Williams, Stuart (HP Labs, Bristol) wrote:
> Hi Dan,
>
> Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible.

Thanks for investigating, and to John for digging out the spec citation, 
http://tools.ietf.org/html/rfc2616#page-18

I don't see anything in RFC2616 that stops me from claiming the URI to 
directly denote me, the person. Common sense makes me wary; it might 
quite reasonably be taken to denote a Web site in it's entirety. But 
that interpretation isn't widely established either in Web standards.

Let's leave the OpenID aspect aside for now, for clarity. Except:

One thing I learned recently when the danbri.org site was hacked, was 
that it is a really horrible experience. In future I want my openid to 
be kept WELL AWAY from my blog, my PHP scripts, and other possible entry 
points for vandals, spammers, identity thieves etc. Because danbri.org 
was compromised (for a while), my OpenID delegation could have been 
mis-used, etc etc.

My lesson here is that I want to use a new and separate sub-domain for 
OpenID purposes, FOAF files etc. And my main website can be a more 
chaotic, risky, lower security affair. So I expect to start using 
something like http://id.danbri.org/ as an OpenID. Or perhaps even 
http://id.danbri.org/

Can anyone find good reason (from deployment pragmatics, or specs) why

I can't write

  me-the-person: http://id.danbri.org
  my homepage, delegating openid page, etc. ... http://id.danbri.org/

This would be really nice, since at the moment SemWeb people are running 
around using either very different URIs for themselves and their 
homepages, or putting #me into them. With the above model, they could 
essentially put *almost* the same URL on their sig files, biz cards 
etc., and let the browser correct the difference transparently.

No browser knows to add or remove "#me" yet, by contrast.

> Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request.

So they're different URIs, and the shorter one does NOT return a 200. It 
can't be de-referenced directly, only adapted by universally known rules 
into a different URI. The adaptation step is under-documented, and 
doesn't make explicit whether the "before" and "after" forms denote 
different things. Is that a fair reading?

> So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference.

Yup. But it would make for a much more consistent story with other 
"social Web" folk who like URIs for people too...

Domain name registrars might be happy also.

cheers,

Dan


> --
>
> GET http://danbri.org/ HTTP/1.1
> Host: danbri.org
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-gb,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
>
> HTTP/1.1 200 OK
> Date: Wed, 01 Jul 2009 09:45:32 GMT
> Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
> Last-Modified: Sat, 09 May 2009 15:01:37 GMT
> ETag: "9b4b6-412-4697c05936f66"
> Accept-Ranges: bytes
> Vary: Accept-Encoding
> Content-Type: text/html
> Content-length: 1042
> Proxy-Connection: Keep-Alive
> Connection: Keep-Alive
> Age: 349
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml"
>        xmlns:foaf="http://xmlns.com/foaf/0.1/">
> <head>
> <title>Dan Brickley</title>
> <link rel="meta" type="application/rdf+xml" title="FOAF" href="http://danbri.org/foaf.rdf" />
>
> 			<link rel="openid2.provider" href="http://danbri.org/words/openid/server" />
> 			<link rel="openid2.local_id" href="http://danbri.org/words/author/danbri/" />
> 			<link rel="openid.server" href="http://danbri.org/words/openid/server" />
> 			<link rel="openid.delegate" href="http://danbri.org/words/author/danbri/" />
>
> </head>
> <body>
> <h1>danbri.org</h1>
> <p>This is the new minimalist danbri.org.</p>
> <p>Nearby:<a href="words/">Dan's blog</a></p>
> </body>
> </html>
> <!--<link rel="openid2.local_id" href="https://me.yahoo.com/danbri3" />
>      <link rel="openid2.provider" href="https://open.login.yahooapis.com/openid/op/auth" />
>      <meta http-equiv="X-XRDS-Location" content="https://me.yahoo.com/danbri3" />
> -->
>
>> -----Original Message-----
>> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org]
>> On Behalf Of Dan Brickley
>> Sent: 01 July 2009 01:54
>> To: www-tag@w3.org WG
>> Subject: Can "http://danbri.org" and "http://danbri.org/"
>> URIs represent different things?
>>
>> Hello TAG,
>>
>> Talking with some SW folk about OpenID, and whether my
>> "me-the-person"
>> URI could be practically usable as my OpenID, I came up with this
>> corner-case:
>>
>> Could http://danbri.org be a URI for "me the person", and
>> http://danbri.org/ be a document about me (and also serve as
>> my OpenID)?
>>
>> As I understand HTTP, any client must request something, so
>> the former
>> isn't directly de-referencable. The client has to decide to ask for /
>> from danbri.org instead. But they're still different URIs,
>> aren't they?
>>
>> Is...
>>
>> <Person  xmlns:foaf="http://xmlns.com/foaf/0.1"/
>>            rdf:about="http://danbri.org">
>>    <openid>
>>       <Document rdf:about="http://danbri.org/"/>
>>    </openid>
>> </Person>
>>
>> ...at all feasible? I guess it depends on how exactly we
>> think about the
>> "add a / to the end" step...
>>
>> cheers,
>>
>> Dan
>>
>>

Received on Wednesday, 1 July 2009 16:07:36 UTC