Can "http://danbri.org" and "http://danbri.org/" URIs represent different things?

Hello TAG,

Talking with some SW folk about OpenID, and whether my "me-the-person"
URI could be practically usable as my OpenID, I came up with this
corner-case:

Could http://danbri.org be a URI for "me the person", and
http://danbri.org/ be a document about me (and also serve as my OpenID)?

As I understand HTTP, any client must request something, so the former
isn't directly de-referencable. The client has to decide to ask for /
from danbri.org instead. But they're still different URIs, aren't they?

Is...

<Person  xmlns:foaf="http://xmlns.com/foaf/0.1"/
          rdf:about="http://danbri.org">
  <openid>
     <Document rdf:about="http://danbri.org/"/>
  </openid>
</Person>

...at all feasible? I guess it depends on how exactly we think about the
"add a / to the end" step...

cheers,

Dan

Hi Dan,

This latter URI would make a fine OpenID, as long as an OpenID provider of your choice can assert that the URI is "under your control". In the case you describe, that URI might use OpenID delegation [1] to provide a link to an OpenID provider not directly run by you.

>
> As I understand HTTP, any client must request something, so the former
> isn't directly de-referencable. The client has to decide to ask for /
> from danbri.org instead. But they're still different URIs, aren't they?

RFC2616 section 3.2.2 [2] says that an HTTP URI with an empty path component must be "given as" a URI with a path component of "/".

OpenID itself would also find the two URIs to be equivalent for the purposes of OpenID (in that the OpenID provider must follow all redirects and apply RFC 3986 - and, hence, also HTTP URI scheme-specific rules to "normalize" the name [3])

- johnk

[1] http://www.windley.com/archives/2007/02/using_openid_delegation.shtml
[2] http://tools.ietf.org/html/rfc2616#page-18
[3] http://openid.net/specs/openid-authentication-2_0.html#normalization

Hi Dan,

Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible.

Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request.

So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference.

Stuart
--

GET http://danbri.org/ HTTP/1.1
Host: danbri.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 01 Jul 2009 09:45:32 GMT
Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
Last-Modified: Sat, 09 May 2009 15:01:37 GMT
ETag: "9b4b6-412-4697c05936f66"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-length: 1042
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:foaf="http://xmlns.com/foaf/0.1/" >
<head>
<title>Dan Brickley</title>
<link rel="meta" type="application/rdf+xml" title="FOAF" href="http://danbri.org/foaf.rdf" />

                        <link rel="openid2.provider" href="http://danbri.org/words/openid/server" />
                        <link rel="openid2.local_id" href="http://danbri.org/words/author/danbri/" />
                        <link rel="openid.server" href="http://danbri.org/words/openid/server" />
                        <link rel="openid.delegate" href="http://danbri.org/words/author/danbri/" />

</head>
<body>
<h1>danbri.org</h1>
<p>This is the new minimalist danbri.org.</p>
<p>Nearby: <a href="words/">Dan's blog</a></p>
</body>
</html>
<!--     <link rel="openid2.local_id" href="https://me.yahoo.com/danbri3" />
    <link rel="openid2.provider" href="https://open.login.yahooapis.com/openid/op/auth" />
    <meta http-equiv="X-XRDS-Location" content="https://me.yahoo.com/danbri3" />
-->

On 1/7/09 12:02, Williams, Stuart (HP Labs, Bristol) wrote:
> Hi Dan,
>
> Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible.

Thanks for investigating, and to John for digging out the spec citation,
http://tools.ietf.org/html/rfc2616#page-18

I don't see anything in RFC2616 that stops me from claiming the URI to
directly denote me, the person. Common sense makes me wary; it might
quite reasonably be taken to denote a Web site in it's entirety. But
that interpretation isn't widely established either in Web standards.

Let's leave the OpenID aspect aside for now, for clarity. Except:

One thing I learned recently when the danbri.org site was hacked, was
that it is a really horrible experience. In future I want my openid to
be kept WELL AWAY from my blog, my PHP scripts, and other possible entry
points for vandals, spammers, identity thieves etc. Because danbri.org
was compromised (for a while), my OpenID delegation could have been
mis-used, etc etc.

My lesson here is that I want to use a new and separate sub-domain for
OpenID purposes, FOAF files etc. And my main website can be a more
chaotic, risky, lower security affair. So I expect to start using
something like http://id.danbri.org/ as an OpenID. Or perhaps even
http://id.danbri.org/

Can anyone find good reason (from deployment pragmatics, or specs) why

I can't write

  me-the-person: http://id.danbri.org
  my homepage, delegating openid page, etc. ... http://id.danbri.org/

This would be really nice, since at the moment SemWeb people are running
around using either very different URIs for themselves and their
homepages, or putting #me into them. With the above model, they could
essentially put *almost* the same URL on their sig files, biz cards
etc., and let the browser correct the difference transparently.

No browser knows to add or remove "#me" yet, by contrast.

> Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request.

So they're different URIs, and the shorter one does NOT return a 200. It
can't be de-referenced directly, only adapted by universally known rules
into a different URI. The adaptation step is under-documented, and
doesn't make explicit whether the "before" and "after" forms denote
different things. Is that a fair reading?

> So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference.

Yup. But it would make for a much more consistent story with other
"social Web" folk who like URIs for people too...

Domain name registrars might be happy also.

cheers,

Dan

Not in RFC 2616, no.

> Common sense makes me wary; it might
> quite reasonably be taken to denote a Web site in it's entirety. But
> that interpretation isn't widely established either in Web standards.

Well, in common practice (as Stuart's results indicated), using an HTTP URI without a path component typically results either in an HTTP (301/302) redirect, or an HTTP 200 with an actual representation returned. Neither of these seems particularly suited to seeing such a URI as a URI for "me, the person" unless that URI is used only as an identifier in other cases (ie. your RDF example).

I think this depends on what you want to do with that URI. In OpenID, the above would become http://id.danbri.org/ anyway under the OpenID normalization rules.

Having just gone there and looked in Firebug, http://danbri.org does indeed appear to return an HTTP 200, but the browser address bar shows http://danbri.org/. No redirect operation is shown in Firebug. That usage is consistent with some other sites, but others use an HTTP 301 or 302 to redirect to another URI.

> It
> can't be de-referenced directly, only adapted by universally known
> rules
> into a different URI. The adaptation step is under-documented, and
> doesn't make explicit whether the "before" and "after" forms denote
> different things. Is that a fair reading?

My reading of the MUST in RFC 2616:

"If the abs_path is not present in the URL, it MUST be given as "/" when
   used as a Request-URI for a resource"

is that "no path" is considered to be the equivalent of a path of "/".

My reading would thus be that the URIs denote the /same/ thing.

Regards,

- johnk

On Jul 2, 2009, at 10:48 AM, <john.1.kemp@...> <john.1.kemp@...
 > wrote:

...


What you cite refers to "when it is used as a Request-URI". That is  
precisely why it does not necessarily refer to denotation. It is  
centrally important in all these discussions to keep the two things  
clearly separate. URIs can be used to request (access to) a network  
resource, and they can be used as names, to denote a resource. The two  
functions are distinct, and need not coincide. Some URIs can denote  
without being able to be usable to request anything; others may work  
as requests but not denote what it is that they request (according to  
http-range-14, a 303 redirect sets up this possibility.)

That wording of RFC 26167 that you cite may not have been intended  
this way, but in fact it gives a perfect justification for a decision  
that the "/"-less URI might denote something other than what the "/"-
normalized URI requests, as danbri originally proposed

Pat Hayes

On Tue, Jun 30, 2009 at 8:54 PM, Dan Brickley<danbri@...> wrote:

>From an RDF point of view the URI strings are different means that
they can denote different things.

I guess the question I have about this is: Why be so "clever"?

-Alan

On Jul 2, 2009, at 3:42 PM, Alan Ruttenberg wrote:

I think I can answer that. Because people are. In fact, people use the  
same name for a person and the person's website and the person's name,  
etc., often without even noticing that they are doing it, and  
certainly without falling into instant incoherence or having their  
brains catch fire. But our inference engines can't handle this kind of  
ambiguity, at present. So it would be handy if a notational convention  
could be adopted that allowed the dumb machinery to keep its prissy  
distinctions distinct, while allowing human readers to be sloppy  
without even noticing that they are being sloppy. This idea is an  
elegant step in that direction, if it can be made to work.

This might not be danbri's motivation, but it is why the idea appeals  
to me :-)

Pat

>
> -Alan
>
>
>

------------------------------------------------------------
IHMC                                     (850)434 8903 or (650)494 3973
40 South Alcaniz St.           (850)202 4416   office
Pensacola                            (850)202 4440   fax
FL 32502                              (850)291 0667   mobile
phayesAT-SIGNihmc.us       http://www.ihmc.us/users/phayes

On Thu, Jul 2, 2009 at 4:50 PM, Pat Hayes<phayes@...> wrote:
I can kind of see this, but: Words are ambiguous in many many cases,
not only suffering the ambiguity stated here, but more often than not
that same word has multiple senses.
So supposing you support this little bit of ambiguity. By doing this
little thing you've given folks a false confidence that maybe they can
rely on "words" for semweb communication.

Until we know a lot more about having machines disambiguate word
senses the way people do (which might take a while) I'm afraid we
really need to get across that one has to be *much* more explicit in
those communications in which we expect a machine to be a reliable
assistant. To do this one needs to cultivate a justified attitude of
suspicion about using words in semweb contexts. They are just so
seductively easy for us to understand that's it's hard to even imagine
what the problem might be for the receiver of such communications. Of
course any of us who have actually tried to do data integration as
more than a hobby are painfully aware of the problems.

So I think we need to bite the bullet and discourage being too
"clever". Instead we should convince people that there is a
predictable, if seemingly over-analytic, approach in all these cases
of ambiguity. Allways assume that if you use a word it is likely to
cause trouble. Always look at a dictionary to remind you how ambiguous
the word you are about to use is. Practice making distinctions, and
coining URIs to support different meanings.

I mean it would be really great if the masses could build the semantic
web, but is it realistic? We all depend on bridges working, but don't
expect that anyone off the street is a civil engineer. Why think that
building an effective semantic web is easier than building a bridge?

-Alan

On 2/7/09 22:50, Pat Hayes wrote:
That's pretty much it. I somehow feel awkward when "normal" Web folk are
in the practice of putting URIs for their homepage and blogs into
business cards and email sigs, while SemWeb folk put URIs "for
themselves not their pages", which are usually somewhat different and
contain random different punctuation like prefixing "me-as-me" to the
domain name, or "#me" to the end of the URI. This convention means that
  - for those prepared to actually buy a domain name - there is
essentially one thing to remember and not two, and that the "with / it's
a doc, without it's a person" can be a re-usable, memorable pattern.

cheers,

Dan

Dan Brickley wrote: I fell for both Dan/Pat and Alan's view.  As humans, we are lazy by
nature.  If things ain't broken, we usually won't fix it. But on the
other hand, as Alan suggested, ambiguity can only be removed by
education and careful usage.

Xiaoshu

>>>> Could http://danbri.org be a URI for "me the person", and
>>>> http://danbri.org/
>>>> be a document about me (and also serve as my OpenID)?

Allowing http://danbri.org and http://danbri.org/ to "represent"
different things would be a bad design choice. Don't do it.

Perhaps there isn't an audit trail in RFC 2616 that doesn't
tell you that you shouldn't do something, but that doesn't
mean that it isn't a bad idea.

RFC 2616 was not written with the "semantic web" in mind,
wasn't intended to solve the "semantic web"'s design problems
for how to use URIs to represent abstract concepts, and
so trying to do a close reading of the words (at least
some of which were written by me) is -- I can claim --
a futile exercise.
>>>> As I understand HTTP, any client must request something, so the former
isn't
>>>> directly de-referencable. The client has to decide to ask for / from
>>>> danbri.org instead. But they're still different URIs, aren't they?


The mapping of "http" URIs to actions of the HTTP protocol is defined
in the HTTP spec, which indicates that, as far as the action of
identifying HTTP protocol interactions go (which is as far as
it goes).

http://danbri.org and http://danbri.org/  are equivalent.

Any problems with disambiguating "denotation" are problems of
the denotation system.


Larry

On Thu, Jul 2, 2009 at 9:11 PM, Dan Brickley<danbri@...> wrote:
Perhaps this is too clever too. Something on a business card is going
to be typed into a browser window. Seems to me that it is perfectly
reasonable to expect it is a bona fide web page. At this stage of the
game, it seems to me that the proper thing is to explain on the web
page a bit about this semweb stuff and there include a URI that
denotes the person themselves, explaining why it's important. (if it's
important enough to put on your business card instead of the usual
thing, it's important enough to introduce the idea clearly on your
home page, and probably more effective too).

-Alan

 which are usually somewhat different and contain random different

On Jul 2, 2009, at 9:55 PM, Larry Masinter wrote:

>>>>> Could http://danbri.org be a URI for "me the person", and
>>>>> http://danbri.org/
>>>>> be a document about me (and also serve as my OpenID)?
>
> Allowing http://danbri.org and http://danbri.org/ to "represent"

I didn't use that word, nor the "identifies" word. I said, denote. Why  
would that be a bad design choice?

> different things would be a bad design choice. Don't do it.
>
> Perhaps there isn't an audit trail in RFC 2616 that doesn't
> tell you that you shouldn't do something, but that doesn't
> mean that it isn't a bad idea.

True, but it also doesn't mean it is a bad idea.

>
> RFC 2616 was not written with the "semantic web" in mind,
> wasn't intended to solve the "semantic web"'s design problems
> for how to use URIs to represent abstract concepts, and
> so trying to do a close reading of the words (at least
> some of which were written by me) is -- I can claim --
> a futile exercise.

I agree its futile if the intent is to discover some intended original  
meaning. But once made into an actual spec document, words acquire a  
kind of patina of their own, regardless of the original intent; and  
they acquire a kind of authority which goes beyond what the authors  
may have had in mind. (Although I often ridicule Derrida, this is one  
case where he may have had a point.) And if one can use the words of a  
spec to some constructive use, even one that was not intended by the  
author, then lets do it.

Yes, I know. And that is part of why this idea is so neat. For http  
purposes, the two are equivalent: so equivalent, indeed, that one can  
be invisibly changed into the other. But for other purposes, they are  
different, and we can use that difference to our advantage, while also  
using the http identity to our advantage.

>
> Any problems with disambiguating "denotation" are problems of
> the denotation system.

Denoting isn't something that is done by systems. Names denote by  
virtue of having a meaning.

Pat


>
>
> Larry
>
>
>
>
>

------------------------------------------------------------
IHMC                                     (850)434 8903 or (650)494 3973
40 South Alcaniz St.           (850)202 4416   office
Pensacola                            (850)202 4440   fax
FL 32502                              (850)291 0667   mobile
phayesAT-SIGNihmc.us       http://www.ihmc.us/users/phayes

On Jul 2, 2009, at 10:14 PM, Alan Ruttenberg wrote:

Seems reasonable that when typed into a browser window, you will **get  
to see** a webpage, yes. But if I have a name on my business card,  
seems to me that the obvious assumption is that this name **refers  
to** the person. And the clever thing about this is that you can have  
it both ways, without anyone noticing. Also, BTW, if this notational  
convention about the trailing / can be made to work, then it provides  
a vastly easier way of handling the http-range-14 issue than the  
current recommended practice, one that I bet any 6-year-old could grok  
in a few minutes. A great deal of the name ambiguity on the Web seems  
to be this confusion of thing with web-document-about-thing, and if we  
could handle all of that with this simple a convention, I'm all for it.

Pat

------------------------------------------------------------
IHMC                                     (850)434 8903 or (650)494 3973
40 South Alcaniz St.           (850)202 4416   office
Pensacola                            (850)202 4440   fax
FL 32502                              (850)291 0667   mobile
phayesAT-SIGNihmc.us       http://www.ihmc.us/users/phayes

On Friday, July 3, 2009, Pat Hayes <phayes@...> wrote:
Sure. But the telephone number doesn't nor the address, nor the
company name. I don't see what make the URL special.

Web pages are interfaces for people. Semweb for machines. When
machines start handing out business cards to each other your argument
will perhaps be more persuasive. (to me, anyways)

-Alan

And the clever thing about this is that you can have it both ways,
without anyone noticing. Also, BTW, if this notational convention
about the trailing / can be made to work, then it provides a vastly
easier way of handling the http-range-14 issue than the current
recommended practice, one that I bet any 6-year-old could grok in a
few minutes. A great deal of the name ambiguity on the Web seems to be
this confusion of thing with web-document-about-thing, and if we could
handle all of that with this simple a convention, I'm all for it.

On Thu, 2 Jul 2009, Larry Masinter wrote:

>>>>> Could http://danbri.org be a URI for "me the person", and
>>>>> http://danbri.org/
>>>>> be a document about me (and also serve as my OpenID)?
>
> Allowing http://danbri.org and http://danbri.org/ to "represent"
> different things would be a bad design choice. Don't do it.

There is the interesting case of 'OPTIONS' in RFC 2616.

OPTIONS * HTTP/1.1
Host: danbri.org

<<
    The four options for Request-URI are dependent on the nature of the
    request. The asterisk "*" means that the request does not apply to a
    particular resource, but to the server itself, and is only allowed
    when the method used does not necessarily apply to a resource.
>>

as opposed to
OPTIONS / HTTP/1.1
Host: danbri.org

Issue is... there is no way to express in an URI that you want to do a
OPTIONS * htp://danbri.org instead of http://danbri.org/ is the closest
way of indicating such request (but still far from identifying something
abstract).

--
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves

On 2009-07 -03, at 03:55, Larry Masinter wrote:

Well said.

Tim

On 4/7/09 16:36, Tim Berners-Lee wrote:
Doesn't the "use a 303 redirect if you're representing a non-digital
thing" http-range-14 guidance violate this same advice?

Let's forget the domain-name-only scenario for a moment:

Per http-range ... I can deploy http://danbri.org/id as  naming "me,
myself", but redirect with HTTP 303 to http://danbri.org/id/ as naming
"a document about me".

Does that TAG approve, disapprove, tolerate or discourage this latter
usage?

cheers,

Dan

On Thu, 2009-07-02 at 15:50 -0500, Pat Hayes wrote:
I agree that a *clear* notational convention would be helpful.   But I
do *not* think that using subtly different URIs to distinguish between
Dan and his web page is a wise design choice.   It is just inviting
confusion and error.  The likely result is that *both* URIs would be
used for both purposes, without the intended distinction.  I think it
would be better to "ambiguously" use the same URI for both than to use
two URIs that differ so subtly that even the HTTP protocol cannot
distinguish them.

The semantic web community needs to learn to deal with resource
ambiguity, and this is a good example.  The ambiguity that is created
when the same URI is used both to denote Dan Brickley the person and
Dan's web page is not fundamentally different from ambiguity that is
inescapable in the semantic web world at large.  (See Pat Hayes' "In
Defence of Ambiguity":
http://www.ibiblio.org/hhalpin/irw2006/presentations/HayesSlides.pdf )

The essential problem is that ambiguity is in the eye of the beholder.
Or perhaps I should say: ambiguity is in the *application* of the
beholder.  What one application views as a single resource having
multiple aspects -- and hence having a single URI to denote -- another
application requiring finer distinctions may view as multiple resources,
each deserving of its own URI.

This is exactly what happens when Mark Baker uses http://markbaker.ca/
to denote both himself and his blog.  Some applications will see no
ambiguity in such usage because they don't need to distinguish between
Mark and his blog.  Others will see this as an ambiguity that causes
problems.  And still others will recognize the ambiguity, but will be
able to distinguish between cases where the URI is used to denote the
person and those where it denotes the blog.  This process of "splitting"
the identity of an ambiguous resource is described in
http://dbooth.org/2007/splitting/

There is no escaping this problem.  No matter how fine the distinctions
or how carefully a resource is described there will always be
applications that require finer distinctions.  The best we can do is ask
people to consider the future users of the URIs they mint, and try to
make choices that will best benefit the range of applications they wish
to support, minting distinct URIs if a single URI is likely to cause
confusion.

Finally, there is a tension between precision and reusability.  The more
precisely a resource is described -- the more tightly constrained it is
-- the less *reusable* it is.  For example, in figure 2 of
http://dbooth.org/2009/denotation/#rdfsem
a certain set of interpretations are possible.  If additional
constraints are added, this set of possible interpretations can only
shrink.  As two RDF graphs are merged, the resulting set of possible
interpretations is limited to the intersection of the sets of
interpretations possible for each graph individually.  If the
intersection is empty, the graphs are incompatible: they cannot be used
together without first "splitting" the ambiguous resource.
This issue is further described here:
http://lists.w3.org/Archives/Public/www-tag/2009Jun/0087.html

This does *not* mean that it is okay to be sloppy in our descriptions.
Rather, it means we must accept the inherent limitations and trade-offs
involved when dealing with resource identity, we should not expect
someone else's resource description to always match our own needs, and
we should learn how to work around the ambiguity when we still want to
use their data.


--
David Booth, Ph.D.
Cleveland Clinic (contractor)

Opinions expressed herein are those of the author and do not necessarily
reflect those of Cleveland Clinic.