Re: [apps-discuss] The acct: scheme question

[Graham Klyne <GK@ninebynine.org>]

Pater,

(comments below)

On 01/07/2012 04:09, Peter Saint-Andre wrote:
> On 6/28/12 10:53 AM, Peter Saint-Andre wrote:
>> On 6/28/12 5:09 AM, Graham Klyne wrote:
>>> On 28/06/2012 08:28, Melvin Carvalho wrote:
>>>> Should acct: be rejected, we can simply use mailto: as per SWD.
>>>> Similarly
>>>> you could simply use ?acct=user@host as has been suggested.
>>>
>>> Since my comments with reviewer hat on have been cited, I feel I should
>>> summarize my personal feelings about the specification of the acct: scheme.
>>>
>>> *Reviewer hat OFF*
>>>
>>> Roughly, I think the acct: scheme does provide a useful, possibly minor,
>>> purpose that is not served by other URI schemes, and as such it has
>>> reasonable claim to meet the bar for registering a new scheme.  But I
>>> think the description of the acct: scheme in the WebFinger document does
>>> a poor job of explaining this; i.e. I think there is a document quality
>>> issue here around the acct: scheme registration/specification.
>>>
>>> I've had private exchanges with one of the document editors, but I don't
>>> think my suggestions have been reflected in the current draft.  In
>>> summary, what I think is not as clear as it should be in the scheme
>>> registration includes:
>>> * what does an acct URI identify
>>> * how are acct URIs allocated; what's the assignment delegation structure?
>>> * how should an acct: URI be dereferenced?  (e.g. if one were used as a
>>> link in a web page, how should it be handled?).
>>>
>>> I suspect that most of this information can be inferred if one has a
>>> detailed knowledge of WebFinger protocol, but for an average Joe web
>>> developer I don't think that's really helpful.
>>>
>>> I don't think this is a sufficiently important issue for me to engage
>>> more actively with the discussion.
>>
>> Graham, I think you're right about the fact that these matters are
>> underspecified. I hereby offer to propose some text, and will do that in
>> the next few days.
>
> I went beyond proposing text and decided to write a standalone I-D:
>
> http://datatracker.ietf.org/doc/draft-saintandre-acct-uri/
>
> Graham, I think that text answers the questions you posed, hopefully in
> an accurate way.

Generally, this is in line with my understanding of the intent of acct: scheme. 
  Paul and/or the WebFinger folks will be better placed to judge.

Some comments:


== Section 3 ==

[[
For example, if a user has an account name of
    "foobar" on a microblogging service "status.example.net", it can be
    inferred that the user's 'acct' URI at that provider is
    acct:foobar@status.example.net even if the provider has not
    explicitly assigned such a URI.
]]

I might say thus:
[[
For example, if a user has an account name of
    "foobar" on a microblogging service "status.example.net", it
    is taken as convention that the string "foobar@status.example.net"
    designates that account.  This is expressed as a URI using the
    acct: scheme as "acct:foobar@status.example.net".
]]

(The phrasing is intended to take account of the fact that WebFinger clients are 
expected to accept the "foobar@status.example.net" without the acct: prefix.)


== Section 4.4 ==

My understanding is that an acct: URI is intended to be dereferenced using the 
WebFinger protocol.  I'm not sure about associated MIME types: does WebFinger 
define any such?


== Section 4.6 ==

I'm a little unsure about the phrasing "only the WebFinger protocol uses the 
'acct' URI scheme", but I can't put my finger on any problem or offer better 
phrasing at this time.


== Section 5 ==

Maybe add:
[[
Dereferencing an acct: URI could reveal information about a user's account.  As 
such, care should be taken that personally identifying information is not 
released without appropriate permissions and/or credentials.
]]

?

...

HTH,

#g
--