| < draft-ietf-appsawg-uri-get-off-my-lawn-02.txt | draft-ietf-appsawg-uri-get-off-my-lawn-03.txt > | |||
|---|---|---|---|---|
| appsawg M. Nottingham | appsawg M. Nottingham | |||
| Internet-Draft April 3, 2014 | Internet-Draft April 7, 2014 | |||
| Updates: 3986 (if approved) | Updates: 3986 (if approved) | |||
| Intended status: BCP | Intended status: BCP | |||
| Expires: October 5, 2014 | Expires: October 9, 2014 | |||
| URI Design and Ownership | URI Design and Ownership | |||
| draft-ietf-appsawg-uri-get-off-my-lawn-02 | draft-ietf-appsawg-uri-get-off-my-lawn-03 | |||
| Abstract | Abstract | |||
| RFC3986 Section 3.1 defines URI syntax as "a federated and extensible | RFC3986 Section 1.1.1 defines URI syntax as "a federated and | |||
| naming system my further restrict the syntax and semantics of | extensible naming system wherein each scheme's specification may | |||
| identifiers using that scheme." In other words, the structure of a | further restrict the syntax and semantics of identifiers using that | |||
| URI is defined by its scheme. While it is common for schemes to | scheme." In other words, the structure of a URI is defined by its | |||
| further delegate their substructure to the URI's owner, publishing | scheme. While it is common for schemes to further delegate their | |||
| standards that mandate particular forms of URI substructure is | substructure to the URI's owner, publishing independent standards | |||
| inappropriate, because the effectively usurps ownership. | that mandate particular forms of URI substructure is inappropriate, | |||
| because the essentially usurps ownership. This document clarifies | ||||
| This document is intended to prevent this practice (sometimes called | both this problematic practice and some acceptable alternatives in | |||
| "URI Squatting") in standards, but updating RFC3986 to indicate where | standards. | |||
| it is acceptable. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 5, 2014. | This Internet-Draft will expire on October 9, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 27 ¶ | skipping to change at page 3, line 27 ¶ | |||
| response. Likewise, pre-packaged applications often have highly | response. Likewise, pre-packaged applications often have highly | |||
| structured URIs that can only be changed in limited ways (often, just | structured URIs that can only be changed in limited ways (often, just | |||
| the hostname and port they are deployed upon). | the hostname and port they are deployed upon). | |||
| Because the owner of the URI (as defined in [webarch] Section | Because the owner of the URI (as defined in [webarch] Section | |||
| 2.2.2.1) is choosing to use the server or the software, this can be | 2.2.2.1) is choosing to use the server or the software, this can be | |||
| seen as reasonable delegation of authority. When such conventions | seen as reasonable delegation of authority. When such conventions | |||
| are mandated by a party other than the owner, however, it can have | are mandated by a party other than the owner, however, it can have | |||
| several potentially detrimental effects: | several potentially detrimental effects: | |||
| o Collisions - As more conventions for URI structure become | o Collisions - As more ad hoc conventions for URI structure become | |||
| standardized, it becomes more likely that there will be collisions | standardized, it becomes more likely that there will be collisions | |||
| between such conventions (especially considering that servers, | between them (especially considering that servers, applications | |||
| applications and individual deployments will have their own | and individual deployments will have their own conventions). | |||
| conventions). | ||||
| o Dilution - When the information added to a URI is ephemeral, this | o Dilution - When the information added to a URI is ephemeral, this | |||
| dilutes its utility by reducing its stability (see [webarch] | dilutes its utility by reducing its stability (see [webarch] | |||
| Section 3.5.1), and can cause several alternate forms of the URI | Section 3.5.1), and can cause several alternate forms of the URI | |||
| to exist (see [webarch] Section 2.3.1). | to exist (see [webarch] Section 2.3.1). | |||
| o Rigidity - Fixed URI syntax often interferes with desired | o Rigidity - Fixed URI syntax often interferes with desired | |||
| deployment patterns. For example, if an authority wishes to offer | deployment patterns. For example, if an authority wishes to offer | |||
| several applications on a single hostname, it becomes difficult to | several applications on a single hostname, it becomes difficult to | |||
| impossible to do if their URIs do not allow the required | impossible to do if their URIs do not allow the required | |||
| flexibility. | flexibility. | |||
| o Operational Difficulty - Supporting some URI conventions can be | o Operational Difficulty - Supporting some URI conventions can be | |||
| skipping to change at page 4, line 6 ¶ | skipping to change at page 4, line 5 ¶ | |||
| application that fixes a base path for its operation (e.g., "/v1") | application that fixes a base path for its operation (e.g., "/v1") | |||
| makes it impossible to deploy other applications with the same | makes it impossible to deploy other applications with the same | |||
| prefix on the same host. | prefix on the same host. | |||
| o Client Assumptions - When conventions are standardized, some | o Client Assumptions - When conventions are standardized, some | |||
| clients will inevitably assume that the standards are in use when | clients will inevitably assume that the standards are in use when | |||
| those conventions are seen. This can lead to interoperability | those conventions are seen. This can lead to interoperability | |||
| problems; for example, if a specification documents that the "sig" | problems; for example, if a specification documents that the "sig" | |||
| URI query parameter indicates that its payload is a cryptographic | URI query parameter indicates that its payload is a cryptographic | |||
| signature for the URI, it can lead to undesirable behavior. | signature for the URI, it can lead to undesirable behavior. | |||
| Publishing standards that constrain URI structure in ways which | Publishing an independent standard that constrains an existing URI | |||
| aren't explicitly allowed by [RFC3986] (e.g., by defining it in the | structure in ways which aren't explicitly allowed by [RFC3986] (e.g., | |||
| URI scheme) is usually inappropriate, because the structure of a URI | by defining it in the URI scheme) is usually inappropriate, because | |||
| needs to be firmly under the control of its owner, and the IETF (as | the structure of a URI needs to be firmly under the control of its | |||
| well as other organizations) should not usurp it. | owner, and the IETF (as well as other organizations) should not usurp | |||
| it. | ||||
| This document explains best current practices for establishing URI | This document explains best current practices for establishing URI | |||
| structures, conventions and formats in standards. It also offers | structures, conventions and formats in standards. It also offers | |||
| strategies for specifications to avoid violating these guidelines in | strategies for specifications to avoid violating these guidelines in | |||
| Appendix B. | Appendix B. | |||
| 1.1. Who This Document Is For | 1.1. Who This Document Is For | |||
| This document's requirements primarily target a few different types | This document's requirements primarily target a few different types | |||
| of specifications: | of specifications: | |||
| skipping to change at page 4, line 47 ¶ | skipping to change at page 4, line 47 ¶ | |||
| site as part of the establishment of a registry. | site as part of the establishment of a registry. | |||
| 1.2. Notational Conventions | 1.2. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Best Current Practices for Standardizing Structured URIs | 2. Best Current Practices for Standardizing Structured URIs | |||
| Best practices differ depending on the URI component. | Best practices differ depending on the URI component, as described in | |||
| this section. | ||||
| 2.1. URI Schemes | 2.1. URI Schemes | |||
| Applications and extensions MAY require use of specific URI | Applications and extensions MAY require use of specific URI | |||
| scheme(s); for example, it is perfectly acceptable to require that an | scheme(s); for example, it is perfectly acceptable to require that an | |||
| application support 'http' and 'https' URIs. However, applications | application support 'http' and 'https' URIs. However, applications | |||
| SHOULD NOT preclude the use of other URI schemes in the future, | SHOULD NOT preclude the use of other URI schemes in the future, | |||
| unless they are clearly specific to the nominated schemes. | unless they are clearly specific to the nominated schemes. | |||
| A specification that defines substructure within a URI scheme MUST do | A specification that defines substructure within a URI scheme MUST do | |||
| so in the defining document for the URI scheme in question, or by | so in the defining document for that URI scheme, or by modifying | |||
| modifying [RFC4395]. | [RFC4395]. | |||
| 2.2. URI Authorities | 2.2. URI Authorities | |||
| Scheme definitions define the presence, format and semantics of an | Scheme definitions define the presence, format and semantics of an | |||
| authority component in URIs; all other specifications MUST NOT | authority component in URIs; all other specifications MUST NOT | |||
| constrain, define structure or semantics for URI authorities, unless | constrain, or define the structure or the semantics for URI | |||
| they update the scheme registration itself. | authorities, unless they update the scheme registration itself. | |||
| For example, an extension or application cannot say that the "foo" | For example, an extension or application cannot say that the "foo" | |||
| prefix in "foo_app.example.com" is meaningful or triggers special | prefix in "foo_app.example.com" is meaningful or triggers special | |||
| handling. | handling in URIs. | |||
| 2.3. URI Paths | 2.3. URI Paths | |||
| Scheme definitions define the presence, format, and semantics of a | Scheme definitions define the presence, format, and semantics of a | |||
| path component in URIs; all other specifications MUST NOT constrain, | path component in URIs; all other specifications MUST NOT constrain, | |||
| define structure or semantics for any path component. | or define the structure or the semantics for any path component. | |||
| The only exception to this requirement is registered "well-known" | The only exception to this requirement is registered "well-known" | |||
| URIs, as specified by [RFC5785]. See that document for a description | URIs, as specified by [RFC5785]. See that document for a description | |||
| of the applicability of that mechanism. | of the applicability of that mechanism. | |||
| For example, an application cannot specify a fixed URI path "/myapp", | For example, an application cannot specify a fixed URI path "/myapp", | |||
| since this usurps the host's control of that space. Specifying a | since this usurps the host's control of that space. Specifying a | |||
| fixed path relative to another (e.g., {whatever}/myapp) is also bad | fixed path relative to another (e.g., {whatever}/myapp) is also bad | |||
| practice, since it "locks" the URIs in use; while doing so might | practice, since it "locks" the URIs in use; while doing so might | |||
| prevent collisions, it does not avoid the other issues discussed. | prevent collisions, it does not avoid the other issues discussed. | |||
| End of changes. 13 change blocks. | ||||
| 31 lines changed or deleted | 31 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||