Re: HTML5 proposes introduction of new family of URI schemes from Jonathan A Rees on 2012-01-14 (www-tag@w3.org from January 2012)

From: Jonathan A Rees <rees@mumble.net>
Date: Sat, 14 Jan 2012 17:52:44 -0500
To: Noah Mendelsohn <nrm@arcanedomain.com>
Cc: "www-tag@w3.org" <www-tag@w3.org>, Julian Reschke <julian.reschke@gmx.de>, Paul Cotton <Paul.Cotton@microsoft.com>, Maciej Stachowiak <mjs@apple.com>, Sam Ruby <rubys@intertwingly.net>
Message-ID: <CAGnGFMLu71iZgY-66q5UeaazfiXw=Zjfr2LN7UQs7O8QYV8qfQ@mail.gmail.com>

I guess I would like to know what problem is supposed to be solved by
web+ before weighing in.

And I'd like to know the intended scope of the handler in
'Any Web page is able to register a handler for all "web+" schemes.'
The wording in [2] seems too vague to allow any kind of analysis.

Is there more complete documentation for this feature somewhere?

Jonathan

On Sat, Jan 14, 2012 at 12:36 PM, Noah Mendelsohn <nrm@arcanedomain.com> wrote:
> The attached note from Julian relates to HTTP working group issue 189 [1].
> Specifically, that issue raises concerns about the inclusion in the HTML5
> drafts [2] of a proposed naming pattern for "web+xxxx" URI schemes. The
> explanation in the specification is "The scheme is expected to be used in
> the context of Web applications."  The security considerations section give
> the additional information that "Any Web page is able to register a handler
> for all "web+" schemes. As such, these schemes must not be used for features
> intended to be core platform features (e.g. network transfer protocols like
> HTTP or FTP). Similarly, such schemes must not store confidential
> information in their URLs, such as usernames, passwords, personal
> information, or confidential project names."
>
> The Architecture of the World Wide Web offers the following advice regarding
> creation of new URI schemes [3]:
>
> "While Web architecture allows the definition of new schemes, introducing a
> new scheme is costly. Many aspects of URI processing are scheme-dependent,
> and a large amount of deployed software already processes URIs of well-known
> schemes. Introducing a new URI scheme requires the development and
> deployment not only of client software to handle the scheme, but also of
> ancillary agents such as gateways, proxies, and caches. See [RFC2718] for
> other considerations and costs related to URI scheme design.
>
> "Because of these costs, if a URI scheme exists that meets the needs of an
> application, designers should use it rather than invent one."
>
> In general, the TAG has in the past promoted the use of existing schemes,
> especially http and https, in preference to the registration of new ones.
>
> So, I'm wondering whether TAG members would like for me to schedule a TAG
> telcon session on the web+xxx scheme proposal? If so, it would be very
> helpful if at least one TAG member would volunteer to do some advance work
> to help us understand what the use cases are for the new family of schemes,
> and what the state of debate is on HTML WG issue 189.
>
> Thank you.
>
> Noah
>
>
>
> [1] https://www.w3.org/html/wg/tracker/issues/189
> [2] http://dev.w3.org/html5/spec/Overview.html#web-scheme-prefix
> [3] http://www.w3.org/TR/webarch/#URI-scheme
>
> -------- Original Message --------
> Subject: HTML5 and URI scheme *name* prefixes
> Resent-Date: Sat, 14 Jan 2012 13:18:06 +0000
> Resent-From: public-iri@w3.org
> Date: Sat, 14 Jan 2012 14:16:42 +0100
> From: Julian Reschke <julian.reschke@gmx.de>
> To: PUBLIC-IRI@W3.ORG <PUBLIC-IRI@w3.org>
>
> Hi there,
>
> ref: <https://www.w3.org/html/wg/tracker/issues/189>
>
> HTML5 introduces a naming convention for URI scheme *names*; see
> <http://dev.w3.org/html5/spec/Overview.html#web-scheme-prefix>:
>
>> 12.6 web+ scheme prefix
>>
>> This section describes a convention for use with the IANA URI scheme
>> registry. It does not itself register a specific scheme. [RFC4395]
>>
>> URI scheme name
>>    Schemes starting with the four characters "web+" followed by one or
>> more letters in the range a-z.
>> Status
>>    permanent
>> URI scheme syntax
>>    Scheme-specific.
>> URI scheme semantics
>>    Scheme-specific.
>> Encoding considerations
>>    All "web+" schemes should use UTF-8 encodings were relevant.
>> Applications/protocols that use this URI scheme name
>>    Scheme-specific.
>> Interoperability considerations
>>    The scheme is expected to be used in the context of Web applications.
>> Security considerations
>>    Any Web page is able to register a handler for all "web+" schemes. As
>> such, these schemes must not be used for features intended to be core
>> platform features (e.g. network transfer protocols like HTTP or FTP).
>> Similarly, such schemes must not store confidential information in their
>> URLs, such as usernames, passwords, personal information, or confidential
>> project names.
>> Contact
>>    Ian Hickson <ian@hixie.ch>
>> Author/Change controller
>>    Ian Hickson <ian@hixie.ch>
>> References
>>    W3C
>
>
> I'm in the process of writing a Change Proposal asking for a removal of
> this feature. In the meantime, it would be useful if the WG came up with
> "official" feedback on overloading the scheme name.
>
> Best regards, Julian
>
>
>

Received on Saturday, 14 January 2012 22:53:41 UTC