| < draft-nottingham-rfc7320bis-01.txt | draft-nottingham-rfc7320bis-02.txt > | |||
|---|---|---|---|---|
| Network Working Group M. Nottingham | Network Working Group M. Nottingham | |||
| Internet-Draft August 27, 2019 | Internet-Draft October 7, 2019 | |||
| Obsoletes: 7320 (if approved) | Obsoletes: 7320 (if approved) | |||
| Updates: 3986 (if approved) | Updates: 3986 (if approved) | |||
| Intended status: Best Current Practice | Intended status: Best Current Practice | |||
| Expires: February 28, 2020 | Expires: April 9, 2020 | |||
| URI Design and Ownership | URI Design and Ownership | |||
| draft-nottingham-rfc7320bis-01 | draft-nottingham-rfc7320bis-02 | |||
| Abstract | Abstract | |||
| Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and | Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and | |||
| extensible naming system wherein each scheme's specification may | extensible naming system wherein each scheme's specification may | |||
| further restrict the syntax and semantics of identifiers using that | further restrict the syntax and semantics of identifiers using that | |||
| scheme." In other words, the structure of a URI is defined by its | scheme." In other words, the structure of a URI is defined by its | |||
| scheme. While it is common for schemes to further delegate their | scheme. While it is common for schemes to further delegate their | |||
| substructure to the URI's owner, publishing independent standards | substructure to the URI's owner, publishing independent standards | |||
| that mandate particular forms of substructure in URIs is often | that mandate particular forms of substructure in URIs is often | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 20 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 28, 2020. | This Internet-Draft will expire on April 9, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 31 ¶ | skipping to change at page 4, line 31 ¶ | |||
| URI structures, conventions, and formats in standards. It also | URI structures, conventions, and formats in standards. It also | |||
| offers strategies for specifications in Section 3. | offers strategies for specifications in Section 3. | |||
| 1.1. Intended Audience | 1.1. Intended Audience | |||
| This document's guidelines and requirements target the authors of | This document's guidelines and requirements target the authors of | |||
| specifications that constrain the syntax or structure of URIs or | specifications that constrain the syntax or structure of URIs or | |||
| parts of them. Two classes of such specifications are called out | parts of them. Two classes of such specifications are called out | |||
| specifically: | specifically: | |||
| o Protocol Extensions ("extensions") - specifications that offer new | o Protocol Extensions ("Extensions") - specifications that offer new | |||
| capabilities that could apply to any identifier, or to a large | capabilities that could apply to any identifier, or to a large | |||
| subset of possible identifiers; e.g., a new signature mechanism | subset of possible identifiers; e.g., a new signature mechanism | |||
| for 'http' URIs, metadata for any URI, or a new format. | for 'http' URIs, metadata for any URI, or a new format. | |||
| o Applications Using URIs ("applications") - specifications that use | o Applications Using URIs ("Applications") - specifications that use | |||
| URIs to meet specific needs; e.g., an HTTP interface to particular | URIs to meet specific needs; e.g., an HTTP interface to particular | |||
| information on a host. | information on a host. | |||
| Requirements that target the generic class "specifications" apply to | Requirements that target the generic class "Specifications" apply to | |||
| all specifications, including both those enumerated above and others. | all specifications, including both those enumerated above and others. | |||
| Note that this specification ought not be interpreted as preventing | Note that this specification ought not be interpreted as preventing | |||
| the allocation of control of URIs by parties that legitimately own | the allocation of control of URIs by parties that legitimately own | |||
| them, or have delegated that ownership; for example, a specification | them, or have delegated that ownership; for example, a specification | |||
| might legitimately define the semantics of a URI on IANA's Web site | might legitimately define the semantics of a URI on IANA's Web site | |||
| as part of the establishment of a registry. | as part of the establishment of a registry. | |||
| There may be existing IETF specifications that already deviate from | There may be existing IETF specifications that already deviate from | |||
| the guidance in this document. In these cases, it is up to the | the guidance in this document. In these cases, it is up to the | |||
| skipping to change at page 5, line 18 ¶ | skipping to change at page 5, line 18 ¶ | |||
| 1.2. Notational Conventions | 1.2. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 2. Best Current Practices for Standardizing Structured URIs | 2. Best Current Practices for Standardizing Structured URIs | |||
| This section updates [RFC3986] by advising other specifications how | This section updates [RFC3986] by advising Specifications how they | |||
| they should define structure and semantics within URIs. Best | should define structure and semantics within URIs. Best practices | |||
| practices differ depending on the URI component, as described below. | differ depending on the URI component, as described below. | |||
| 2.1. URI Schemes | 2.1. URI Schemes | |||
| Applications and extensions can require use of specific URI | Applications and Extensions can require use of specific URI | |||
| scheme(s); for example, it is perfectly acceptable to require that an | scheme(s); for example, it is perfectly acceptable to require that an | |||
| application support 'http' and 'https' URIs. However, applications | Application support 'http' and 'https' URIs. However, Applications | |||
| ought not preclude the use of other URI schemes in the future, unless | ought not preclude the use of other URI schemes in the future, unless | |||
| they are clearly only usable with the nominated schemes. | they are clearly only usable with the nominated schemes. | |||
| A specification that defines substructure for URI schemes overall | A Specification that defines substructure for URI schemes overall | |||
| (e.g., a prefix or suffix for URI scheme names) MUST do so by | (e.g., a prefix or suffix for URI scheme names) MUST do so by | |||
| modifying [BCP115] (an exceptional circumstance). | modifying [BCP115] (an exceptional circumstance). | |||
| 2.2. URI Authorities | 2.2. URI Authorities | |||
| Scheme definitions define the presence, format and semantics of an | Scheme definitions define the presence, format and semantics of an | |||
| authority component in URIs; all other specifications MUST NOT | authority component in URIs; all other Specifications MUST NOT | |||
| constrain, or define the structure or the semantics for URI | constrain, or define the structure or the semantics for URI | |||
| authorities, unless they update the scheme registration itself, or | authorities, unless they update the scheme registration itself, or | |||
| the structures it relies upon (e.g., DNS name syntax, defined in | the structures it relies upon (e.g., DNS name syntax, defined in | |||
| Section 3.5 of [RFC1034]). | Section 3.5 of [RFC1034]). | |||
| For example, an extension or application cannot say that the "foo" | For example, an Extension or Application cannot say that the "foo" | |||
| prefix in "http://foo_app.example.com" is meaningful or triggers | prefix in "http://foo_app.example.com" is meaningful or triggers | |||
| special handling in URIs, unless they update either the HTTP URI | special handling in URIs, unless they update either the HTTP URI | |||
| scheme, or the DNS hostname syntax. | scheme, or the DNS hostname syntax. | |||
| Applications can nominate or constrain the port they use, when | Applications can nominate or constrain the port they use, when | |||
| applicable. For example, BarApp could run over port nnnn (provided | applicable. For example, BarApp could run over port nnnn (provided | |||
| that it is properly registered). | that it is properly registered). | |||
| 2.3. URI Paths | 2.3. URI Paths | |||
| Scheme definitions define the presence, format, and semantics of a | Scheme definitions define the presence, format, and semantics of a | |||
| path component in URIs, although these are often delegated to the | path component in URIs, although these are often delegated to the | |||
| application(s) in a given deployment. | application(s) in a given deployment. | |||
| To avoid collisions, rigidity, and erroneous client assumptions, | To avoid collisions, rigidity, and erroneous client assumptions, | |||
| specifications MUST NOT define a fixed prefix for their URI paths; | Specifications MUST NOT define a fixed prefix for their URI paths; | |||
| for example, "/myapp", unless allowed by the scheme definition. | for example, "/myapp", unless allowed by the scheme definition. | |||
| One such exception to this requirement is registered "well-known" | One such exception to this requirement is registered "well-known" | |||
| URIs, as specified by [RFC8615]. See that document for a description | URIs, as specified by [RFC8615]. See that document for a description | |||
| of the applicability of that mechanism. | of the applicability of that mechanism. | |||
| Note that this does not apply to applications defining a structure of | Note that this does not apply to Applications defining a structure of | |||
| URIs paths "under" a resource under control of the server. Because | URIs paths "under" a resource under control of the server. Because | |||
| the prefix is under control of the party deploying the application, | the prefix is under control of the party deploying the application, | |||
| collisions and rigidity are avoided, and the risk of erroneous client | collisions and rigidity are avoided, and the risk of erroneous client | |||
| assumptions is reduced. | assumptions is reduced. | |||
| For example, an application might define "app_root" as a deployment- | For example, an Application might define "app_root" as a deployment- | |||
| controlled URI prefix. Application-defined resources might then be | controlled URI prefix. Application-defined resources might then be | |||
| assumed to be present at "{app_root}/foo" and "{app_root}/bar". | assumed to be present at "{app_root}/foo" and "{app_root}/bar". | |||
| Extensions MUST NOT define a structure within individual URI | Extensions MUST NOT define a structure within individual URI | |||
| components (e.g., a prefix or suffix), again to avoid collisions and | components (e.g., a prefix or suffix), again to avoid collisions and | |||
| erroneous client assumptions. | erroneous client assumptions. | |||
| 2.4. URI Queries | 2.4. URI Queries | |||
| The presence, format and semantics of the query component of URIs is | The presence, format and semantics of the query component of URIs is | |||
| dependent upon many factors, and can be constrained by a scheme | dependent upon many factors, and can be constrained by a scheme | |||
| definition. Often, they are determined by the implementation of a | definition. Often, they are determined by the implementation of a | |||
| resource itself. | resource itself. | |||
| Applications can specify the syntax of queries for the resources | Applications can specify the syntax of queries for the resources | |||
| under their control. However, doing so can cause operational | under their control. However, doing so can cause operational | |||
| difficulties for deployments that do not support a particular form of | difficulties for deployments that do not support a particular form of | |||
| a query. For example, a site may wish to support an application | a query. For example, a site may wish to support an Application | |||
| using "static" files that do not support query parameters. | using "static" files that do not support query parameters. | |||
| Extensions MUST NOT constrain the format or semantics of queries, to | Extensions MUST NOT constrain the format or semantics of queries, to | |||
| avoid collisions and erroneous client assumptions. For example, an | avoid collisions and erroneous client assumptions. For example, an | |||
| extension that indicates that all query parameters with the name | Extension that indicates that all query parameters with the name | |||
| "sig" indicate a cryptographic signature would collide with | "sig" indicate a cryptographic signature would collide with | |||
| potentially preexisting query parameters on sites and lead clients to | potentially preexisting query parameters on sites and lead clients to | |||
| assume that any matching query parameter is a signature. | assume that any matching query parameter is a signature. | |||
| HTML [W3C.REC-html401-19991224] constrains the syntax of query | HTML [W3C.REC-html401-19991224] constrains the syntax of query | |||
| strings used in form submission. New form languages are encouraged | strings used in form submission. New form languages are encouraged | |||
| to allow creation of a broader variety of URIs (e.g., by allowing the | to allow creation of a broader variety of URIs (e.g., by allowing the | |||
| form to create new path components, and so forth). | form to create new path components, and so forth). | |||
| 2.5. URI Fragment Identifiers | 2.5. URI Fragment Identifiers | |||
| Section 3.5 of [RFC3986] specifies fragment identiers' syntax and | Section 3.5 of [RFC3986] specifies fragment identiers' syntax and | |||
| semantics as being dependent upon the media type of a potentially | semantics as being dependent upon the media type of a potentially | |||
| retrieved resource. As a result, other specifications MUST NOT | retrieved resource. As a result, other Specifications MUST NOT | |||
| define structure within the fragment identifier, unless they are | define structure within the fragment identifier, unless they are | |||
| explicitly defining one for reuse by media types in their definitions | explicitly defining one for reuse by media types in their definitions | |||
| (for example, as JSON Pointer [RFC6901] does). | (for example, as JSON Pointer [RFC6901] does). | |||
| An application that defines common fragment identifiers across media | An Application that defines common fragment identifiers across media | |||
| types not controlled by it would engender interoperability problems | types not controlled by it would engender interoperability problems | |||
| with handlers for those media types (because the new, non-standard | with handlers for those media types (because the new, non-standard | |||
| syntax is not expected). | syntax is not expected). | |||
| 3. Alternatives to Specifying Structure in URIs | 3. Alternatives to Specifying Structure in URIs | |||
| Given the issues described in Section 1, the most successful strategy | Given the issues described in Section 1, the most successful strategy | |||
| for applications and extensions that wish to use URIs is to use them | for Applications and Extensions that wish to use URIs is to use them | |||
| in the fashion they were designed: as links that are exchanged as | in the fashion they were designed: as links that are exchanged as | |||
| part of the protocol, rather than statically specified syntax. | part of the protocol, rather than statically specified syntax. | |||
| Several existing specifications can aid in this. | Several existing specifications can aid in this. | |||
| [RFC8288] specifies relation types for Web links. By providing a | [RFC8288] specifies relation types for Web links. By providing a | |||
| framework for linking on the Web, where every link has a relation | framework for linking on the Web, where every link has a relation | |||
| type, context and target, it allows applications to define a link's | type, context and target, it allows Applications to define a link's | |||
| semantics and connectivity. | semantics and connectivity. | |||
| [RFC6570] provides a standard syntax for URI Templates that can be | [RFC6570] provides a standard syntax for URI Templates that can be | |||
| used to dynamically insert application-specific variables into a URI | used to dynamically insert Application-specific variables into a URI | |||
| to enable such applications while avoiding impinging upon URI owners' | to enable such Applications while avoiding impinging upon URI owners' | |||
| control of them. | control of them. | |||
| [RFC8615] allows specific paths to be 'reserved' for standard use on | [RFC8615] allows specific paths to be 'reserved' for standard use on | |||
| URI schemes that opt into that mechanism ('http' and 'https' by | URI schemes that opt into that mechanism ('http' and 'https' by | |||
| default). Note, however, that this is not a general "escape valve" | default). Note, however, that this is not a general "escape valve" | |||
| for applications that need structured URIs; see that specification | for applications that need structured URIs; see that specification | |||
| for more information. | for more information. | |||
| Specifying more elaborate structures in an attempt to avoid | Specifying more elaborate structures in an attempt to avoid | |||
| collisions is not an acceptable solution, and does not address the | collisions is not an acceptable solution, and does not address the | |||
| End of changes. 23 change blocks. | ||||
| 26 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||