« Return to Thread: Can "http://danbri.org" and "http://danbri.org/" URIs represent different things?
Re: Can "http://danbri.org" and "http://danbri.org/" URIs represent different things?
by Dan Brickley-2
::
Rate this Message:
On 1/7/09 12:02, Williams, Stuart (HP Labs, Bristol) wrote:
> Hi Dan,
>
> Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible.
Thanks for investigating, and to John for digging out the spec citation,
http://tools.ietf.org/html/rfc2616#page-18
I don't see anything in RFC2616 that stops me from claiming the URI to
directly denote me, the person. Common sense makes me wary; it might
quite reasonably be taken to denote a Web site in it's entirety. But
that interpretation isn't widely established either in Web standards.
Let's leave the OpenID aspect aside for now, for clarity. Except:
One thing I learned recently when the danbri.org site was hacked, was
that it is a really horrible experience. In future I want my openid to
be kept WELL AWAY from my blog, my PHP scripts, and other possible entry
points for vandals, spammers, identity thieves etc. Because danbri.org
was compromised (for a while), my OpenID delegation could have been
mis-used, etc etc.
My lesson here is that I want to use a new and separate sub-domain for
OpenID purposes, FOAF files etc. And my main website can be a more
chaotic, risky, lower security affair. So I expect to start using
something like http://id.danbri.org/ as an OpenID. Or perhaps even
http://id.danbri.org/
Can anyone find good reason (from deployment pragmatics, or specs) why
I can't write
me-the-person: http://id.danbri.org
my homepage, delegating openid page, etc. ... http://id.danbri.org/
This would be really nice, since at the moment SemWeb people are running
around using either very different URIs for themselves and their
homepages, or putting #me into them. With the above model, they could
essentially put *almost* the same URL on their sig files, biz cards
etc., and let the browser correct the difference transparently.
No browser knows to add or remove "#me" yet, by contrast.
> Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request.
So they're different URIs, and the shorter one does NOT return a 200. It
can't be de-referenced directly, only adapted by universally known rules
into a different URI. The adaptation step is under-documented, and
doesn't make explicit whether the "before" and "after" forms denote
different things. Is that a fair reading?
> So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference.
Yup. But it would make for a much more consistent story with other
"social Web" folk who like URIs for people too...
Domain name registrars might be happy also.
cheers,
Dan
> --
>
> GET http://danbri.org/ HTTP/1.1
> Host: danbri.org
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-gb,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
>
> HTTP/1.1 200 OK
> Date: Wed, 01 Jul 2009 09:45:32 GMT
> Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
> Last-Modified: Sat, 09 May 2009 15:01:37 GMT
> ETag: "9b4b6-412-4697c05936f66"
> Accept-Ranges: bytes
> Vary: Accept-Encoding
> Content-Type: text/html
> Content-length: 1042
> Proxy-Connection: Keep-Alive
> Connection: Keep-Alive
> Age: 349
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml"
> xmlns:foaf="http://xmlns.com/foaf/0.1/">
> <head>
> <title>Dan Brickley</title>
> <link rel="meta" type="application/rdf+xml" title="FOAF" href="http://danbri.org/foaf.rdf" />
>
> <link rel="openid2.provider" href="http://danbri.org/words/openid/server" />
> <link rel="openid2.local_id" href="http://danbri.org/words/author/danbri/" />
> <link rel="openid.server" href="http://danbri.org/words/openid/server" />
> <link rel="openid.delegate" href="http://danbri.org/words/author/danbri/" />
>
> </head>
> <body>
> <h1>danbri.org</h1>
> <p>This is the new minimalist danbri.org.</p>
> <p>Nearby:<a href="words/">Dan's blog</a></p>
> </body>
> </html>
> <!--<link rel="openid2.local_id" href="https://me.yahoo.com/danbri3" />
> <link rel="openid2.provider" href="https://open.login.yahooapis.com/openid/op/auth" />
> <meta http-equiv="X-XRDS-Location" content="https://me.yahoo.com/danbri3" />
> -->
>
>> -----Original Message-----
>> From: www-tag-request@... [mailto:www-tag-request@...]
>> On Behalf Of Dan Brickley
>> Sent: 01 July 2009 01:54
>> To: www-tag@... WG
>> Subject: Can "http://danbri.org" and "http://danbri.org/"
>> URIs represent different things?
>>
>> Hello TAG,
>>
>> Talking with some SW folk about OpenID, and whether my
>> "me-the-person"
>> URI could be practically usable as my OpenID, I came up with this
>> corner-case:
>>
>> Could http://danbri.org be a URI for "me the person", and
>> http://danbri.org/ be a document about me (and also serve as
>> my OpenID)?
>>
>> As I understand HTTP, any client must request something, so
>> the former
>> isn't directly de-referencable. The client has to decide to ask for /
>> from danbri.org instead. But they're still different URIs,
>> aren't they?
>>
>> Is...
>>
>> <Person xmlns:foaf="http://xmlns.com/foaf/0.1"/
>> rdf:about="http://danbri.org">
>> <openid>
>> <Document rdf:about="http://danbri.org/"/>
>> </openid>
>> </Person>
>>
>> ...at all feasible? I guess it depends on how exactly we
>> think about the
>> "add a / to the end" step...
>>
>> cheers,
>>
>> Dan
>>
>>
> Hi Dan,
>
> Had a little play with wget, firefox and tcpmon. Interestingly, http://danbri.org doesn't seem to make it to the request line - all external appearance are that the request is for http://danbri.org/ . Kind of make http://danbri.org web inaccessible.
Thanks for investigating, and to John for digging out the spec citation,
http://tools.ietf.org/html/rfc2616#page-18
I don't see anything in RFC2616 that stops me from claiming the URI to
directly denote me, the person. Common sense makes me wary; it might
quite reasonably be taken to denote a Web site in it's entirety. But
that interpretation isn't widely established either in Web standards.
Let's leave the OpenID aspect aside for now, for clarity. Except:
One thing I learned recently when the danbri.org site was hacked, was
that it is a really horrible experience. In future I want my openid to
be kept WELL AWAY from my blog, my PHP scripts, and other possible entry
points for vandals, spammers, identity thieves etc. Because danbri.org
was compromised (for a while), my OpenID delegation could have been
mis-used, etc etc.
My lesson here is that I want to use a new and separate sub-domain for
OpenID purposes, FOAF files etc. And my main website can be a more
chaotic, risky, lower security affair. So I expect to start using
something like http://id.danbri.org/ as an OpenID. Or perhaps even
http://id.danbri.org/
Can anyone find good reason (from deployment pragmatics, or specs) why
I can't write
me-the-person: http://id.danbri.org
my homepage, delegating openid page, etc. ... http://id.danbri.org/
This would be really nice, since at the moment SemWeb people are running
around using either very different URIs for themselves and their
homepages, or putting #me into them. With the above model, they could
essentially put *almost* the same URL on their sig files, biz cards
etc., and let the browser correct the difference transparently.
No browser knows to add or remove "#me" yet, by contrast.
> Note wget and firefox both appear to make request for http://danbri.org/ - which is what gets rewritten into the browser address bar - no redirections, no content-location... all before fact of making the request.
So they're different URIs, and the shorter one does NOT return a 200. It
can't be de-referenced directly, only adapted by universally known rules
into a different URI. The adaptation step is under-documented, and
doesn't make explicit whether the "before" and "after" forms denote
different things. Is that a fair reading?
> So a bit like using #'d URI, the URI that makes it to the request line is different from the one used in the reference.
Yup. But it would make for a much more consistent story with other
"social Web" folk who like URIs for people too...
Domain name registrars might be happy also.
cheers,
Dan
> --
>
> GET http://danbri.org/ HTTP/1.1
> Host: danbri.org
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-gb,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
>
> HTTP/1.1 200 OK
> Date: Wed, 01 Jul 2009 09:45:32 GMT
> Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
> Last-Modified: Sat, 09 May 2009 15:01:37 GMT
> ETag: "9b4b6-412-4697c05936f66"
> Accept-Ranges: bytes
> Vary: Accept-Encoding
> Content-Type: text/html
> Content-length: 1042
> Proxy-Connection: Keep-Alive
> Connection: Keep-Alive
> Age: 349
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml"
> xmlns:foaf="http://xmlns.com/foaf/0.1/">
> <head>
> <title>Dan Brickley</title>
> <link rel="meta" type="application/rdf+xml" title="FOAF" href="http://danbri.org/foaf.rdf" />
>
> <link rel="openid2.provider" href="http://danbri.org/words/openid/server" />
> <link rel="openid2.local_id" href="http://danbri.org/words/author/danbri/" />
> <link rel="openid.server" href="http://danbri.org/words/openid/server" />
> <link rel="openid.delegate" href="http://danbri.org/words/author/danbri/" />
>
> </head>
> <body>
> <h1>danbri.org</h1>
> <p>This is the new minimalist danbri.org.</p>
> <p>Nearby:<a href="words/">Dan's blog</a></p>
> </body>
> </html>
> <!--<link rel="openid2.local_id" href="https://me.yahoo.com/danbri3" />
> <link rel="openid2.provider" href="https://open.login.yahooapis.com/openid/op/auth" />
> <meta http-equiv="X-XRDS-Location" content="https://me.yahoo.com/danbri3" />
> -->
>
>> -----Original Message-----
>> From: www-tag-request@... [mailto:www-tag-request@...]
>> On Behalf Of Dan Brickley
>> Sent: 01 July 2009 01:54
>> To: www-tag@... WG
>> Subject: Can "http://danbri.org" and "http://danbri.org/"
>> URIs represent different things?
>>
>> Hello TAG,
>>
>> Talking with some SW folk about OpenID, and whether my
>> "me-the-person"
>> URI could be practically usable as my OpenID, I came up with this
>> corner-case:
>>
>> Could http://danbri.org be a URI for "me the person", and
>> http://danbri.org/ be a document about me (and also serve as
>> my OpenID)?
>>
>> As I understand HTTP, any client must request something, so
>> the former
>> isn't directly de-referencable. The client has to decide to ask for /
>> from danbri.org instead. But they're still different URIs,
>> aren't they?
>>
>> Is...
>>
>> <Person xmlns:foaf="http://xmlns.com/foaf/0.1"/
>> rdf:about="http://danbri.org">
>> <openid>
>> <Document rdf:about="http://danbri.org/"/>
>> </openid>
>> </Person>
>>
>> ...at all feasible? I guess it depends on how exactly we
>> think about the
>> "add a / to the end" step...
>>
>> cheers,
>>
>> Dan
>>
>>
« Return to Thread: Can "http://danbri.org" and "http://danbri.org/" URIs represent different things?
| Free embeddable forum powered by Nabble | Forum Help |
