Re: [Uri-review] Review Provisional registration for app URI scheme
Graham Klyne <gk@ninebynine.org> Sun, 21 January 2018 12:27 UTC
Return-Path: <gk@ninebynine.org>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81E6126BF6 for <uri-review@ietfa.amsl.com>; Sun, 21 Jan 2018 04:27:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nW_21qRb9fWp for <uri-review@ietfa.amsl.com>; Sun, 21 Jan 2018 04:27:08 -0800 (PST)
Received: from relay11.mail.ox.ac.uk (relay11.mail.ox.ac.uk [129.67.1.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9479F126579 for <uri-review@ietf.org>; Sun, 21 Jan 2018 04:27:08 -0800 (PST)
Received: from smtp5.mail.ox.ac.uk ([163.1.2.207]) by relay11.mail.ox.ac.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <gk@ninebynine.org>) id 1edEiF-00021w-cK; Sun, 21 Jan 2018 12:27:06 +0000
Received: from gklyne38.plus.com ([81.174.129.24] helo=spare-94.atuin.ninebynine.org) by smtp5.mail.ox.ac.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <gk@ninebynine.org>) id 1edEiF-0001vM-Hr; Sun, 21 Jan 2018 12:27:03 +0000
Message-ID: <5A648716.9030500@ninebynine.org>
Date: Sun, 21 Jan 2018 12:27:02 +0000
From: Graham Klyne <gk@ninebynine.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Stian Soiland-Reyes <stain@apache.org>
CC: uri-review@ietf.org
References: <20180117144647.GC5245@biggie> <4d910f73-9ca4-c661-0ff1-f508b8ccbed2@gmx.de> <FCE36985-BDC4-419E-97AB-CC061B43A9C7@tzi.org> <CAMBJEmU2s8B8Rvz-GW=3n4Dt0c_qCQHzm1M52GpAXn+qQmHzvw@mail.gmail.com> <AFAEFB6C-CD3E-4BD1-B1B5-35E9749D45FC@tzi.org> <CAMBJEmWgTasuKMPhTXUBLgSuDKBXo+M1Eq98t-8=Ya+kKqgYXQ@mail.gmail.com> <BB6CCAEA-7604-4056-AFD4-A5FE87559973@tzi.org> <CAMBJEmUDEGz=vLQN-XGpkS7cF+TFAyc98RsYJSKDRkw5bJn7ww@mail.gmail.com>
In-Reply-To: <CAMBJEmUDEGz=vLQN-XGpkS7cF+TFAyc98RsYJSKDRkw5bJn7ww@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Oxford-Username: zool0635
X-Oxmail-Spam-Status: score=0.0 tests=none
X-Oxmail-Spam-Level: /
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/UFmqlbp0_Xb97yKLWPBJ2FqZFf0>
Subject: Re: [Uri-review] Review Provisional registration for app URI scheme
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jan 2018 12:27:11 -0000
Hi Stian, I finally get round to reading the scheme spec... I think this will be a useful piece of work, though at points I found myself wondering about its intended scope of purpose, particularly the level of interoperability that is intended to be provided by the URI scheme in general vs particular implementations. I offer a few comments (wearing personal hat): ... ## Section 2 [[ The semantics of the query component is undefined by this Internet-Draft. Implementations SHOULD NOT generate a query component for app URIs. The “fragment” component MAY be used by implementations according to [RFC3986] and the implied media type [RFC2046] of the resource at the path. This Internet-Draft does not specify how to determine the media type. ]] I could imagine using this scheme in conjunction with an web application I'm working on pretty much for the reasons indicated in the intro. But my application does use query URIs, so, while I'm OK with the semantics being undefined by this specification, the SHOULD NOT exhortation seems a bit strong to me. But this does make me wonder what kinds of interoperability are intended to be enabled by this specification... what software is expected to understand specific semantics that aren't provided by some existing scheme (e.g. for my application, I currently use an HTTP base URI associated with the web service, but I could imagine other URIs being workable. The later discussion about implementation via URI mapping (section 3.1) suggests that queries might be appropriate, e.g. if resolution is handled by an embedded web application. nit: "undefined by this Internet-Draft" might be better expressed as "undefined by this specification" (I-Ds are supposed to be transient, and if this idea progresses I would suggest requesting an informational RFC publication - possibly independent stream). ## Section 2.1 [[ .. extensions of this Internet-Draft are permitted to do so, if using a DNS domain name under their control. For instance, a vendor owning example.com may specify that {OID} in {OID}.oid.example.com has special semantics. ]] I'm a bit uneasy with this: it's not clear to me that there isn't some confusion here between I'd call "extension specifications" and "implementations" of this specification. If "implementations", then I'm not convinced there's any conflict with RFC7320. If "extension specifications", then to what extent would it be appropriate for these to be tied to a specific domain? (Noting, en passant, that control of domain names tends to be transient.) My suggestion would be to say nothing about this here, and leave it up to any specification that does want to impose a structure or semantics for URI authorities to justify why it does so in contravention of RFC7320 . (Also, see again above nit about "Internet-Draft". There are several more instances later in the document - I shalln't repeat this point.) ... ## Section 2.1 I'm not sure what useful purpose is served here by the discussion of choice of authority scheme. Suggest: for the syntax, just stick with RFC3986 "authority" production, and add some informative recommendations about using UUID and/or RFC6920, noting that they are syntactically subsumed. If, on the other hand, it is important to distinguish these authority forms for some reason, then I think it might be better (i.e. less prone to implementation error) by incorporating some clear syntactic marker into the format (that still confirms to RFC3986 syntax of course). ... ## Section 2.2 [[ In an app URI, each intermediate segment (or segment-nz) represent a directory name, while the last segment represent either a directory or file name. ]] It seems a little odd to me that a scheme that is intended for use where file: URIs are inappropriate is so dependent on the language of file systems. (e.g. how obvious is the interpretation of this scheme is used for referencing an LDP container?) [http://www.w3.org/TR/ldp/] Suggest: drop this (and the following para). (Why is it needed?) ... ## Section 3 [[ This Internet-Draft does not constrain what particular format might constitute an archive, and neither does it require that the archive is retrievable as a single bytestream or file. Examples of archive media types include application/zip, application/vnd.android.package-archive, application/x-tar, application/x-gtar and application/x-7z-compressed. ]] I note all your examples *are* "retrievable as a single bytestream". May I suggest including an LDP container [http://www.w3.org/TR/ldp/] as a possible example? (This isn't entirely hypothetical - a colleague of mine has done work on an "object" scheme that uses LDP containers in ways that might constitute an "archive". The next paragraph says: [[ The authority component identifies the archive file. ]] Which appears to contradict the first quoted paragraph. I suspect the spec could benefit from an introductory section that describes what is meant by an "archive", then proceeds to use that term. ... ## Section 3/.1, bullet 7 [[ Return the archive file if the path component is missing/empty. ]] Appears to contradict section 3 (see comments above). I see you address this later. In view of that, I feel that the use of normative language ("SHOULD") is inappropriate - given the range of implementation options, it's not clear that this is really an interoperability concern. ... ## Section 5 [[ 5. An implementation describe an archive using the alg-val production, but a second implementation concurrently modifies the archive’s content. The first implementation may need to detect changes to the archive file stamp or re-calculate the checksum at the end of its operations. ]] This seems muddled to me. In this case, if the archive content is modified then it is no longer identifiable using the same "ni:" URI. I think this shouldn't be a concern for this spec. [[ 6. Two implementations might have different views of the content of the same archive if the format permits multiple entries with the same path. Care should be taken to follow the convention and specification of the particular archive format. ]] I think this point, if it arises, indicates a violation of the URI spec. I would suggest that if an archive can have multiple entries with the same path, then this spec should define some way of allocating unique paths to each occurrence. But that would probably be a pain for implementers. OR, simply say that if an internal path/identifier is duplicated within an archive, then the effect of dereferencing the archive URI s undefined. (Kind-of saying "don't do that"!) ... ## Section 6 (Some good points here :) ) [[ In particular for IRIs, an archive might contain multiple paths with similar-looking characters or with different Unicode combine sequences, which could be facilitated to mislead users. ]] nit: "facilitated"? Suggest maybe "intended" or "deployed" [[ An URI hyperlink might use or guess an app URI authority to attempt to climb into a different archive for malicious purposes. Applications SHOULD employ Same Orgin policy [RFC6454] checks. ]] I note that the use of an explicit reference to a different archive could be legitimate ... this comment might be read as suggesting that any such reference should be disallowed. (I have a potential use-case for valid cross-archive references.) ... ## Section 7 [[ This Internet-Draft contains the Provisional IANA registration of the app URI scheme according to [RFC7595]. ]] (Nit) Suggest this makes explicit equest to register the scheme; e.g. [[ This specification requests that IANA register the following URI scheme according to the provisions of [RFC7595]: ]] ... regards, #g -- On 19/01/2018 15:30, Stian Soiland-Reyes wrote: > OK, so after a bit back and forth, newtitle is: > > The Archive and Packaging Pointer (app) URI scheme > https://tools.ietf.org/id/draft-soilandreyes-app-03.html > > I've also fixed and clarified some other minor things here and there, > thanks everyone for feedback. > > > Suggested new registration: > > > Scheme name: app > > Status: provisional > > Applications/protocols that use this protocol: Hypermedia-consuming > application that handle archives or packages. > > Contact: Stian Soiland-Reyes stain@apache.org > > Change controller: Stian Soiland-Reyes > > Reference: https://tools.ietf.org/id/draft-soilandreyes-app-03.html > > > > BTW, people have been reporting 404 Not Found from server 4.31.198.61 > on the https://tools.ietf.org/html URIs - I've reported this to > webmaster@ietf) > > On 18 January 2018 at 05:43, Carsten Bormann <cabo@tzi.org> wrote: >> On Jan 18, 2018, at 03:27, Stian Soiland-Reyes <stain@apache.org> wrote: >>> >>> Now title of Internet-Draft is "The Archive and Packaging Pointer system" >>> https://tools.ietf.org/html/draft-soilandreyes-app-01 >>> >>> -- or should it still be "the app URI scheme"? >> >> It is nice to expand the retronym, but I think you also need the actual name of the URI scheme in the title. >> >> Grüße, Carsten >> > > >
- [Uri-review] Review Provisional registration for … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Alexey Melnikov
- Re: [Uri-review] Review Provisional registration … Julian Reschke
- Re: [Uri-review] Review Provisional registration … Carsten Bormann
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Carsten Bormann
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Carsten Bormann
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … S Moonesamy
- Re: [Uri-review] Review Provisional registration … Roy T. Fielding
- Re: [Uri-review] Review Provisional registration … Graham Klyne
- Re: [Uri-review] Review Provisional registration … Graham Klyne
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Graham Klyne
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Frank Ellermann
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes
- Re: [Uri-review] Review Provisional registration … Graham Klyne
- Re: [Uri-review] Review Provisional registration … Stian Soiland-Reyes