Re: [apps-discuss] I-D Action: draft-ietf-appsawg-acct-uri-05.txt

[Peter Saint-Andre <stpeter@stpeter.im>]

On 7/1/13 12:13 PM, Markus Lanthaler wrote:
> On Monday, July 01, 2013 8:02 PM, Peter Saint-Andre wrote:
>> On 7/1/13 11:19 AM, Markus Lanthaler wrote:
>>> I'm wondering whether it would make sense to add a feature allowing
>>> associate a date to an account. This would address problems arising
>> from
>>> account recycling (think Yahoo). Maybe something like
>>>
>>>    acct:bob@example.com?date=20130701
>>>
>>> I think at the very least this should be covered in the security
>>> considerations.
>>
>> IMHO we're beyond the point of adding new features to the 'acct' URI
>> scheme (it has completed Working Group Last Call, IETF Last Call, and
>> IESG review -- currently I'm working to address one issue about i18n
>> that arose during IESG review, so that the document can be approved for
>> publication).
> 
> Sorry for bringing it up so late in the process.

No worries. It happens. :-)

>> However, a date could be included in an API or protocol that enables
>> applications to use 'acct' URIs. Is there a reason why this would need
>> to be included in the URI itself?
> 
> Sure.. but I think the date should actually be a (perhaps optional) part of
> the identifier, i.e., the acct URI. That would also make it easier to
> exchange it between various applications and protocols.

Are you arguing that it would be easier or *safer*?

Also, it seems that your argument would apply to URIs in general (e.g.,
HTTP URIs for web pages) and not just 'acct' URIs. However, we seem to
have ways to deal with stale/old HTTP URIs and the like. Thus I wonder
what in your mind is special about 'acct' URIs in this respect.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/