Re: [Uri-review] Request for review of "ab:" URI scheme

[Barry Leiba <barryleiba@computer.org>]

>>In the Sieve working group, draft-ietf-sieve-external-lists defines an
>>address-book URI scheme, "ab:".  See the draft, here:
>>http://tools.ietf.org/html/draft-ietf-sieve-external-lists

In response to comments by Bjoern and Mykyta, I have changed the
scheme to "addrbook".  Apart from that change, I've made the following
other changes to the draft.  If these satisfy the concerns, I will get
approval from the working group, and we'll proceed with sending the
document to the IESG.

Barry

===============================================
In Introduction, section 1:
OLD
<    The "ab" URI scheme (in particular, the URI "ab:default"), defined in
<    Section 4.3 MUST be supported.  The mandatory-to-implement URI "ab:
<    default" gives access to the user's default address book (usually the
<    user's personal address book).
NEW
>    The "addrbook" URI scheme (in particular, the reserved URI "addrbook:
>    default"), defined in Section 4.3 MUST be supported.  The mandatory-
>    to-implement URI "addrbook:default" gives access to the user's
>    default address book (usually the user's personal address book).
>    Note that these are URIs, subject to normal URI encoding rules,
>    including percent-encoding.  The reserved name "default" MUST be
>    considered case-insensitive after decoding.  That means that the
>    following URIs are all equivalent:
>
>       addrbook:default
>
>       ADDRBOOK:DEFAULT
>
>       aDdRbOOk:DeFauLt
>
>       AddrBook:%44%65%66ault
>
>     Address book names other than "default" MAY be case-sensitive,
>     depending upon the implementation, so their case (after URI
>     decoding) MUST be maintained.


At the end of Security Considerations, section 3:
NEW
>    Applications SHOULD ensure appropriate restrictions are in place to
>    protect sensitive information that might be revealed by "addrbook"
>    URIs from access or modification by untrusted sources.


In "URI scheme semantics:" in section 4.3:
NEW
>        The address book name (the "addrbook" element in the ABNF above)
>        refers to a specifically named address book, as defined by the
>        implementation.  A user might, for example, have access to a
>        number of different address books, such as a personal one, a
>        family one, a company one, and one for the town where the user
>        lives.
>
>        The extension information (the "extensions" element in the ABNF
>        above) is available for use in future extensions.  It might allow
>        for things such as dynamic subsets of an address book (for
>        example, "addrbook:personal?name.contains=fred").  There are no
>        extensions defined at this time.


In "Encoding considerations:" in section 4.3:
NEW
>        In particular, note that implementations MUST properly implement
>        URI processing, including percent-encoding.  Any comparisons,
>        lookups, and so forth are done after all decoding of the URI.


In "Intended usage:" in section 4.3:
Remove the word "internally" in the first sentence, and add
"case-insensitive" in the second paragraph.


In "Interoperability considerations:" in section 4.3:
OLD
<        Applications are only REQUIRED to
<        support "ab:default".
NEW
>        Applications are only REQUIRED to
>        support "addrbook:default", where all cases and encodings of
>        "default" are considered equivalent.  Address book names other
>        than "default" MAY be case-sensitive, depending upon the
>        implementation, so their case (after URI decoding) MUST be
>        maintained.

===============================================