IETF Logo Mail Archive

Re: Adding user@ to HTTP[S] URIs

Julian Reschke <julian.reschke@gmx.de> Sun, 26 January 2020 11:04 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E34B8120019 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 26 Jan 2020 03:04:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onq7z8qeaFLi for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 26 Jan 2020 03:04:17 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4B97120018 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 26 Jan 2020 03:04:16 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ivffi-0004kL-5p for ietf-http-wg-dist@listhub.w3.org; Sun, 26 Jan 2020 11:01:42 +0000
Resent-Date: Sun, 26 Jan 2020 11:01:42 +0000
Resent-Message-Id: <E1ivffi-0004kL-5p@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <julian.reschke@gmx.de>) id 1ivffg-0004ja-FF for ietf-http-wg@listhub.w3.org; Sun, 26 Jan 2020 11:01:40 +0000
Received: from mout.gmx.net ([212.227.15.18]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <julian.reschke@gmx.de>) id 1ivffe-0003FS-JT for ietf-http-wg@w3.org; Sun, 26 Jan 2020 11:01:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1580036494; bh=ZQy5hPPEWvLnzLvSLBb7MpJwLo7VcjOye82RyM47adM=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=YVt4A/2joxhcSnX0NROU+l0059tEjqtjKprhUrfucvVYWyqZJPpe/W3WnZhSQ//Fg ELakQc+SohhXDYusD8Yhn3sQfAoCyr79DDbCRK+b7mS1s4OZ8Ht8ZlgeJVamPJnyOs J3x2Pdv18X6BS3IIc87tofGmfJBOUnnqVMS/fRh8=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.124] ([217.251.130.4]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MPGRz-1jE1Mx0AXt-00PhIS; Sun, 26 Jan 2020 12:01:34 +0100
To: Rick van Rein <rick@openfortress.nl>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
References: <5E2B76EC.5000300@openfortress.nl> <5E2D64F3.1050807@openfortress.nl>
From: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <ee6987a1-e6a3-cc67-bb17-97cf9bf824d1@gmx.de>
Date: Sun, 26 Jan 2020 12:01:33 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <5E2D64F3.1050807@openfortress.nl>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:nR/+9cxIhUxRbfpePFABD17B2uT2Wcl/ZjgwGR+1FnIysP1wV9z /OwzqXNkoX6fNHwfYKNvhbkWeFFHoHkjbFQky3qY+GG7oWRXJLX9xjS1YGjEeWLeCn/ptPN K73hqXaeWV1hVfPgjIj64Th8QepLq6qAUO/WLWncsyrkW1EAN6VMEqzgmAE/zmlDcDptmei joogoK74QQJMfiRosiSMg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:89IgXoyj+Ug=:CDWeM7Xh5TIwNsx6h5kd0A O2tOQ3gIniJtDSkhe+QLiiDpDMqa85t5OuBUwLMh5x4N255RQmsRrp3FkJH59hkrq+R81DMvT K6OD1MopJe4bMzkbw0GRLjLf2X7Ckfb//VhNvKyJadb/WMEbn3IzShasd3VmNy3bZnBturgII jrfUhwuLgAtJ0dU1pJzZQghK1W++Ve88M8vQ4kXLByeKVVYoOoAx3c7xTS1dkiVnMdkLHwSFh VqPQ8RYMT5Ss2IpSt721Lu82uhf6pL42MNn/DB5Kw5hYlWeTrykhW0EJ/Ejd0R7ZQrsjmo2/q 5HZeXUjF8atS7qZquQbkoZ4G+k3EXL26TS7Apr0vTsRStPsV5UJddemid5PrE8W4x01tRlq8A fRIhlL32NYS0UyyeWgomfX2gXfqRZeBCb95gdW1SpKGRHizMAlvWUUGgxYjfd/I+twxl+DbEt B3r8BNFBOBg8qKU75EhVkaEGholLEiyB5k0+kZiB6Nq1Xo1v0C25dry4oX0WKjVHJ3fPWuD6z j7Rsbdg2GKk3l9Sx/oOmwdAEW0uxSbkBGi/KOKt3JqWdNWfnR/Hkh9d9GFxWDiHWLOAPv7PMu u3SXjllyaGTYDovZkU/gDFJfB28TQ9+5tfiXjgQvCqHNsj78TleA3E3fBnr5nHr/ke207/iT/ PEkCcWuei6bnlq3sUOa84h+9aCN5St15dUrN/9KXnTbdl91/+UMiuv/BebKJ6LsNt6ORM7lz6 PCD35pR3pFLAD554RNh2t5qHC3UGU5p2moiFmESk/LC1rY7VlDkcih66NtAD6yue6ah45iqZk iGyZX6x2Nfy/RCtColUwgpbIN/FQdP8a86IYCaE8nbKUxO9kGiV55A3u7oB/JvihHjwxr4rB6 GR3KnLVdjYVzBkXIZXEdH+x/3fFFO/jqKwdHzoJ+L0WaWcKYZczuAF+X6LToP+asmMsdMwOGq aKAZOejVn86o9cUYBLz9HFZtZPEXcWmYb6cx42sv3WVFngpIs3q5xiDUryKIfP+1a2x0fnKxC m7rPxmogvy/6gzEJtNJNtLv0yvqLqGiiJKLjIU3knFAzroiXJWi5D5cRuQzp+acADOCLsF1y8 YsGBRsOQuksYxy4GJE5DSlaSm8VCsWGl9ztD+lkwtlMhbTxlanT+8zYTjpMGTZQ4K5gxKj3qd wArPEdsTQjaHujGfNgTwOSG3sE7HZUCmbs1L8xEd2euM4MINAcvzJJRwwThfwNLpvC9S4PU12 C6UnDu8ZTA1EJu3uh
Received-SPF: pass client-ip=212.227.15.18; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-Spam-Status: No, score=-8.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1ivffe-0003FS-JT 41d00886a12396d25f3c1594c4fec41b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adding user@ to HTTP[S] URIs
Archived-At: <https://www.w3.org/mid/ee6987a1-e6a3-cc67-bb17-97cf9bf824d1@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37287
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 26.01.2020 11:07, Rick van Rein wrote:
> Hey,
>
> The lively response to my proposal to interpret the user name in the
> HTTP/S URI as intended in RFC3986 (namely for resource name scoping and
> recognising its orthogonality to authentication/authorisation) may be
> indications that I need to be clarify the idea.
>
> I published version 03 of the draft, adding an example HTTP session.  It
> demonstrates how a shared group account can be accessed by a member
> under an ACL that is local to the server,
>
> https://tools.ietf.org/html/draft-vanrein-http-unauth-user-03#section-4
>
>
> I hope this helps!
> ...

The example indeed helps.

I also understand that you like and prefer putting a username into the
authority part. What I don't get is how this enables things that weren't
possible before. It would be good to understand how this could be
deployed in practice in an environment where you don't control
implementations.

For instance, in your first step where Mary opens
"https://sales@example.com/docs" - what happens if the UA does not
implement it? Or in a subsequent step, what happens if the server
ignores the new header field?

Best regards, Julian

v2.23.0 | Report a Bug | By Email