W3C home > Mailing lists > Public > www-tag@w3.org > July 2010

Re: User Information in a URI

From: Tim Berners-Lee <timbl@w3.org>
Date: Wed, 7 Jul 2010 17:01:01 -0400
Cc: "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <03ED62CA-05F7-4ED6-B777-AB1BE29E26ED@w3.org>
To: nathan@webr3.org
I don't know quite what you are designing but in general it is a bad idea to use the user info part at all, especially with HTTP.  That is giving auth information away to those who see the URL.
It s making an architectural commitment to a particular for of identity which you might later wan to dump for something else (like email based or pub key based etc).


Tim

On 2010-07 -06, at 13:19, Nathan wrote:

> Hi,
> 
> A quick (perhaps stupid) question - when comparing URIs for equivalence, should the userinfo part be included in the comparison?
> 
> The specific context / use-case I'm looking at is including a 'fingerprint' of a public key in a webid, where over time all composite parts of the URI would stay identical but the userinfo would change.
> 
> This would require userinfo to be stripped from URIs when comparing for equivalence; thus the three following names would all be considered equivalent:
> 
>  <http://domain.tld/nathan#me>
>  <http://abcde@domain.tld/nathan#me>
>  <http://vwxyz@domain.tld/nathan#me>
> 
> Thanks for any clarification,
> 
> Nathan
> 
> 
Received on Wednesday, 7 July 2010 21:01:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:34 UTC