< draft-nottingham-rfc7320bis-01.txt   draft-nottingham-rfc7320bis-02.txt >
Network Working Group M. Nottingham Network Working Group M. Nottingham
Internet-Draft August 27, 2019 Internet-Draft October 7, 2019
Obsoletes: 7320 (if approved) Obsoletes: 7320 (if approved)
Updates: 3986 (if approved) Updates: 3986 (if approved)
Intended status: Best Current Practice Intended status: Best Current Practice
Expires: February 28, 2020 Expires: April 9, 2020
URI Design and Ownership URI Design and Ownership
draft-nottingham-rfc7320bis-01 draft-nottingham-rfc7320bis-02
Abstract Abstract
Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and
extensible naming system wherein each scheme's specification may extensible naming system wherein each scheme's specification may
further restrict the syntax and semantics of identifiers using that further restrict the syntax and semantics of identifiers using that
scheme." In other words, the structure of a URI is defined by its scheme." In other words, the structure of a URI is defined by its
scheme. While it is common for schemes to further delegate their scheme. While it is common for schemes to further delegate their
substructure to the URI's owner, publishing independent standards substructure to the URI's owner, publishing independent standards
that mandate particular forms of substructure in URIs is often that mandate particular forms of substructure in URIs is often
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 28, 2020. This Internet-Draft will expire on April 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 31 skipping to change at page 4, line 31
URI structures, conventions, and formats in standards. It also URI structures, conventions, and formats in standards. It also
offers strategies for specifications in Section 3. offers strategies for specifications in Section 3.
1.1. Intended Audience 1.1. Intended Audience
This document's guidelines and requirements target the authors of This document's guidelines and requirements target the authors of
specifications that constrain the syntax or structure of URIs or specifications that constrain the syntax or structure of URIs or
parts of them. Two classes of such specifications are called out parts of them. Two classes of such specifications are called out
specifically: specifically:
o Protocol Extensions ("extensions") - specifications that offer new o Protocol Extensions ("Extensions") - specifications that offer new
capabilities that could apply to any identifier, or to a large capabilities that could apply to any identifier, or to a large
subset of possible identifiers; e.g., a new signature mechanism subset of possible identifiers; e.g., a new signature mechanism
for 'http' URIs, metadata for any URI, or a new format. for 'http' URIs, metadata for any URI, or a new format.
o Applications Using URIs ("applications") - specifications that use o Applications Using URIs ("Applications") - specifications that use
URIs to meet specific needs; e.g., an HTTP interface to particular URIs to meet specific needs; e.g., an HTTP interface to particular
information on a host. information on a host.
Requirements that target the generic class "specifications" apply to Requirements that target the generic class "Specifications" apply to
all specifications, including both those enumerated above and others. all specifications, including both those enumerated above and others.
Note that this specification ought not be interpreted as preventing Note that this specification ought not be interpreted as preventing
the allocation of control of URIs by parties that legitimately own the allocation of control of URIs by parties that legitimately own
them, or have delegated that ownership; for example, a specification them, or have delegated that ownership; for example, a specification
might legitimately define the semantics of a URI on IANA's Web site might legitimately define the semantics of a URI on IANA's Web site
as part of the establishment of a registry. as part of the establishment of a registry.
There may be existing IETF specifications that already deviate from There may be existing IETF specifications that already deviate from
the guidance in this document. In these cases, it is up to the the guidance in this document. In these cases, it is up to the
skipping to change at page 5, line 18 skipping to change at page 5, line 18
1.2. Notational Conventions 1.2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2. Best Current Practices for Standardizing Structured URIs 2. Best Current Practices for Standardizing Structured URIs
This section updates [RFC3986] by advising other specifications how This section updates [RFC3986] by advising Specifications how they
they should define structure and semantics within URIs. Best should define structure and semantics within URIs. Best practices
practices differ depending on the URI component, as described below. differ depending on the URI component, as described below.
2.1. URI Schemes 2.1. URI Schemes
Applications and extensions can require use of specific URI Applications and Extensions can require use of specific URI
scheme(s); for example, it is perfectly acceptable to require that an scheme(s); for example, it is perfectly acceptable to require that an
application support 'http' and 'https' URIs. However, applications Application support 'http' and 'https' URIs. However, Applications
ought not preclude the use of other URI schemes in the future, unless ought not preclude the use of other URI schemes in the future, unless
they are clearly only usable with the nominated schemes. they are clearly only usable with the nominated schemes.
A specification that defines substructure for URI schemes overall A Specification that defines substructure for URI schemes overall
(e.g., a prefix or suffix for URI scheme names) MUST do so by (e.g., a prefix or suffix for URI scheme names) MUST do so by
modifying [BCP115] (an exceptional circumstance). modifying [BCP115] (an exceptional circumstance).
2.2. URI Authorities 2.2. URI Authorities
Scheme definitions define the presence, format and semantics of an Scheme definitions define the presence, format and semantics of an
authority component in URIs; all other specifications MUST NOT authority component in URIs; all other Specifications MUST NOT
constrain, or define the structure or the semantics for URI constrain, or define the structure or the semantics for URI
authorities, unless they update the scheme registration itself, or authorities, unless they update the scheme registration itself, or
the structures it relies upon (e.g., DNS name syntax, defined in the structures it relies upon (e.g., DNS name syntax, defined in
Section 3.5 of [RFC1034]). Section 3.5 of [RFC1034]).
For example, an extension or application cannot say that the "foo" For example, an Extension or Application cannot say that the "foo"
prefix in "http://foo_app.example.com" is meaningful or triggers prefix in "http://foo_app.example.com" is meaningful or triggers
special handling in URIs, unless they update either the HTTP URI special handling in URIs, unless they update either the HTTP URI
scheme, or the DNS hostname syntax. scheme, or the DNS hostname syntax.
Applications can nominate or constrain the port they use, when Applications can nominate or constrain the port they use, when
applicable. For example, BarApp could run over port nnnn (provided applicable. For example, BarApp could run over port nnnn (provided
that it is properly registered). that it is properly registered).
2.3. URI Paths 2.3. URI Paths
Scheme definitions define the presence, format, and semantics of a Scheme definitions define the presence, format, and semantics of a
path component in URIs, although these are often delegated to the path component in URIs, although these are often delegated to the
application(s) in a given deployment. application(s) in a given deployment.
To avoid collisions, rigidity, and erroneous client assumptions, To avoid collisions, rigidity, and erroneous client assumptions,
specifications MUST NOT define a fixed prefix for their URI paths; Specifications MUST NOT define a fixed prefix for their URI paths;
for example, "/myapp", unless allowed by the scheme definition. for example, "/myapp", unless allowed by the scheme definition.
One such exception to this requirement is registered "well-known" One such exception to this requirement is registered "well-known"
URIs, as specified by [RFC8615]. See that document for a description URIs, as specified by [RFC8615]. See that document for a description
of the applicability of that mechanism. of the applicability of that mechanism.
Note that this does not apply to applications defining a structure of Note that this does not apply to Applications defining a structure of
URIs paths "under" a resource under control of the server. Because URIs paths "under" a resource under control of the server. Because
the prefix is under control of the party deploying the application, the prefix is under control of the party deploying the application,
collisions and rigidity are avoided, and the risk of erroneous client collisions and rigidity are avoided, and the risk of erroneous client
assumptions is reduced. assumptions is reduced.
For example, an application might define "app_root" as a deployment- For example, an Application might define "app_root" as a deployment-
controlled URI prefix. Application-defined resources might then be controlled URI prefix. Application-defined resources might then be
assumed to be present at "{app_root}/foo" and "{app_root}/bar". assumed to be present at "{app_root}/foo" and "{app_root}/bar".
Extensions MUST NOT define a structure within individual URI Extensions MUST NOT define a structure within individual URI
components (e.g., a prefix or suffix), again to avoid collisions and components (e.g., a prefix or suffix), again to avoid collisions and
erroneous client assumptions. erroneous client assumptions.
2.4. URI Queries 2.4. URI Queries
The presence, format and semantics of the query component of URIs is The presence, format and semantics of the query component of URIs is
dependent upon many factors, and can be constrained by a scheme dependent upon many factors, and can be constrained by a scheme
definition. Often, they are determined by the implementation of a definition. Often, they are determined by the implementation of a
resource itself. resource itself.
Applications can specify the syntax of queries for the resources Applications can specify the syntax of queries for the resources
under their control. However, doing so can cause operational under their control. However, doing so can cause operational
difficulties for deployments that do not support a particular form of difficulties for deployments that do not support a particular form of
a query. For example, a site may wish to support an application a query. For example, a site may wish to support an Application
using "static" files that do not support query parameters. using "static" files that do not support query parameters.
Extensions MUST NOT constrain the format or semantics of queries, to Extensions MUST NOT constrain the format or semantics of queries, to
avoid collisions and erroneous client assumptions. For example, an avoid collisions and erroneous client assumptions. For example, an
extension that indicates that all query parameters with the name Extension that indicates that all query parameters with the name
"sig" indicate a cryptographic signature would collide with "sig" indicate a cryptographic signature would collide with
potentially preexisting query parameters on sites and lead clients to potentially preexisting query parameters on sites and lead clients to
assume that any matching query parameter is a signature. assume that any matching query parameter is a signature.
HTML [W3C.REC-html401-19991224] constrains the syntax of query HTML [W3C.REC-html401-19991224] constrains the syntax of query
strings used in form submission. New form languages are encouraged strings used in form submission. New form languages are encouraged
to allow creation of a broader variety of URIs (e.g., by allowing the to allow creation of a broader variety of URIs (e.g., by allowing the
form to create new path components, and so forth). form to create new path components, and so forth).
2.5. URI Fragment Identifiers 2.5. URI Fragment Identifiers
Section 3.5 of [RFC3986] specifies fragment identiers' syntax and Section 3.5 of [RFC3986] specifies fragment identiers' syntax and
semantics as being dependent upon the media type of a potentially semantics as being dependent upon the media type of a potentially
retrieved resource. As a result, other specifications MUST NOT retrieved resource. As a result, other Specifications MUST NOT
define structure within the fragment identifier, unless they are define structure within the fragment identifier, unless they are
explicitly defining one for reuse by media types in their definitions explicitly defining one for reuse by media types in their definitions
(for example, as JSON Pointer [RFC6901] does). (for example, as JSON Pointer [RFC6901] does).
An application that defines common fragment identifiers across media An Application that defines common fragment identifiers across media
types not controlled by it would engender interoperability problems types not controlled by it would engender interoperability problems
with handlers for those media types (because the new, non-standard with handlers for those media types (because the new, non-standard
syntax is not expected). syntax is not expected).
3. Alternatives to Specifying Structure in URIs 3. Alternatives to Specifying Structure in URIs
Given the issues described in Section 1, the most successful strategy Given the issues described in Section 1, the most successful strategy
for applications and extensions that wish to use URIs is to use them for Applications and Extensions that wish to use URIs is to use them
in the fashion they were designed: as links that are exchanged as in the fashion they were designed: as links that are exchanged as
part of the protocol, rather than statically specified syntax. part of the protocol, rather than statically specified syntax.
Several existing specifications can aid in this. Several existing specifications can aid in this.
[RFC8288] specifies relation types for Web links. By providing a [RFC8288] specifies relation types for Web links. By providing a
framework for linking on the Web, where every link has a relation framework for linking on the Web, where every link has a relation
type, context and target, it allows applications to define a link's type, context and target, it allows Applications to define a link's
semantics and connectivity. semantics and connectivity.
[RFC6570] provides a standard syntax for URI Templates that can be [RFC6570] provides a standard syntax for URI Templates that can be
used to dynamically insert application-specific variables into a URI used to dynamically insert Application-specific variables into a URI
to enable such applications while avoiding impinging upon URI owners' to enable such Applications while avoiding impinging upon URI owners'
control of them. control of them.
[RFC8615] allows specific paths to be 'reserved' for standard use on [RFC8615] allows specific paths to be 'reserved' for standard use on
URI schemes that opt into that mechanism ('http' and 'https' by URI schemes that opt into that mechanism ('http' and 'https' by
default). Note, however, that this is not a general "escape valve" default). Note, however, that this is not a general "escape valve"
for applications that need structured URIs; see that specification for applications that need structured URIs; see that specification
for more information. for more information.
Specifying more elaborate structures in an attempt to avoid Specifying more elaborate structures in an attempt to avoid
collisions is not an acceptable solution, and does not address the collisions is not an acceptable solution, and does not address the
 End of changes. 23 change blocks. 
26 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/