IETF Logo Mail Archive

RE: [Uri-review] Request for review

"Jerry Dunietz" <jerryd@windows.microsoft.com> Sat, 24 June 2006 00:54 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FtwPs-0006Gk-T9; Fri, 23 Jun 2006 20:54:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FtwPr-0005w6-3g for uri-review@ietf.org; Fri, 23 Jun 2006 20:54:27 -0400
Received: from mail2.microsoft.com ([131.107.1.7]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FtwPq-0003fT-LL for uri-review@ietf.org; Fri, 23 Jun 2006 20:54:27 -0400
Received: from mailout6.microsoft.com ([157.54.69.150]) by mail2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 23 Jun 2006 17:54:26 -0700
Received: from tuk-hub-01.redmond.corp.microsoft.com ([157.54.70.27]) by mailout6.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 23 Jun 2006 17:54:25 -0700
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by tuk-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 23 Jun 2006 17:54:25 -0700
Received: from WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.25]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.2706); Fri, 23 Jun 2006 17:54:24 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Uri-review] Request for review
Date: Fri, 23 Jun 2006 17:53:58 -0700
Message-ID: <5F3AAFB2FEC5ED4AA6DE79A3E0B47D80015067DA@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <c70bc85d0606182202g384b9ddk20313d324f352f6d@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Uri-review] Request for review
thread-index: AcaTXaCCP+tEwrxaRGuvlnglrGT2GwDykqbA
From: Jerry Dunietz <jerryd@windows.microsoft.com>
To: Mark Baker <distobj@acm.org>
X-OriginalArrivalTime: 24 Jun 2006 00:54:24.0859 (UTC) FILETIME=[BCCBB2B0:01C69728]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1a1bf7677bfe77d8af1ebe0e91045c5b
Cc: "John Calhoon (LCA)" <john.calhoon@microsoft.com>, Andrey Shur <andreysh@exchange.microsoft.com>, TedHardie <hardie@qualcomm.com>, uri-review@ietf.org, Gregg Brown <greggb@microsoft.com>, Jerry@scmailgw1.scop.aoyama.ac.jp
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
Errors-To: uri-review-bounces@ietf.org

On 6/18/06, Mark Baker <distobj@acm.org> wrote:
> Yep!  I should just mention too, that the new URI registration
> requirements require (with SHOULD strength) that permanent
> registrations demonstrate that existing URI schemes are insufficient,
> which is what motivates the questions I've been asking;
> 
>   "New URI schemes SHOULD have clear utility to the broad Internet
community,
>    beyond that available with already registered URI schemes"
>   -- RFC 4395 sec 2.1

Thanks for clarifying the context of our discussion.

> Yes, certainly, code to process the media type of the archive format
> is required in both cases.  But I assume that the media type name
> would suffice for your "out-of-band knowledge" above, no?  More below
> ...

If one is willing to relax other goals, then yes, it would be
sufficient to know the media type name or names, and to explicitly
include or reference code whose implementation matches the details
of the package format.  But I will return below to the goals that
make this approach unsatisfactory.

> I'm not sure I'm following you.  What do you mean by "the code works
with"?

Let me elaborate.  There exist programming frameworks in both
the Java and .NET worlds that includes classes for dealing with and
dereferencing URIs and/or URLs.  (The exact class names used varies.)

My point was that any code which written to use such a general
URI-dereferencing class need not be modified to deal with the
introduction of the "pack:" scheme; the only modification would be
the one required to incorporate "pack:" support into the URI-
dereferencing class.  If a component's source code deals with, for
example, the SVG media type, then it need not be modified to
support SVG embedded within a package.

Furthermore, as I stated before, our goal is to allow for dereference-
able external URIs pointing to individual part-resources within a
package.  If we were to model the package only with a media type (or
set of media types), then we would have to invent a fragment-identifier
mechanism to allow for the referencing of individual parts within the
package.  And if we were to use fragment-identifiers for this purpose,
we would raise the problematic question of what base URI should be
used when dereferencing relative-URIs embedded within an individual
part. If we used a fragment-identifier to address the individual
part, then by ordinary conventions, the base URI for resolving
relative references embedded in the individual part would be the
(fragment-identifier-free) URI of the package as a whole.

The combination of our three goals lead us to our specification:

1.  External absolute references to individual parts.
2.  An individual part's URI can serve as a base URI.
3.  Package can reside on any server implementing any protocol
supporting a GET-like operation, without requiring new code to be
deployed on the server.

> As I see it, if the package were downloaded to the client, be it with
> HTTP, FTP, or a pack-specific PACK-TP, it should ideally be
> transferred using a media type which declares the format; say,
> application/vnd.ms.pack.  And that media type should be used in
> locating an application which can process the package.  I don't see
> why the URI should be used in that process, because a) URIs are names
> and don't typically carry that kind of info (the data scheme
> notwithstanding), and b) that sounds just like what a media type is
> for.

We do have a number of media types for domain- or application-
specific data formats that are defined in terms of the package-format
spec.  We are considering the possibility, as you suggest, of a
domain-independent media-type for a generic package, applicable
independently of what the package holds.

> It doesn't require any more server-side support than the new URI
scheme, AFAICT.

We believe that the URI scheme we propose requires *no* server-side
support.  What server-side support are you suggesting?  The only
thing I can think of would be convincing the server to return the
correct mime type for each package, but I don't think of that as a
code change.

Finally, I would now like to re-introduce the "security" argument
that I set aside earlier in this thread.  I said before that I didn't
believe that the "security" topic was necessary to motivate our
specification.  But we observe that some existing software makes
security decisions based on determining whether or not two URIs
reference resources within the same "site" or "zone".  We regard it
to be a feature of our proposal that any such pre-existing software
will consider any package-boundary to be a "site" boundary.  Any
protections for cross-site references will apply to references
that cross a package boundary.

-- Jerry

P.S.  Unfortunately, I will not be able to contribute to this
interesting exchange for the next three weeks.  During that period,
my colleague Andrey Shur will be continue to participate and respond
as appropriate.

_______________________________________________
Uri-review mailing list
Uri-review@ietf.org
https://www1.ietf.org/mailman/listinfo/uri-review

v2.23.0 | Report a Bug | By Email