Protocol Proposal: Use Link instead of X-Account-Management
1 view
Skip to first unread message
Mike Hanson
May 5, 2010, 2:09:43 PM5/5/10
to mozilla-labs-o...@googlegroups.com, Mark Nottingham
(forwarding proposal from Mark Nottingham)
The Web Linking draft proposes a general "Link" header, which is explicitly designed to support the use case of linking to external resources in an HTTP header. It is about to become an RFC.
The latest draft is available here:
I propose that we adopt Link instead of X-Account-Manangement in the next draft of the Account Management specification.
We would need to register with the IANA registry of Link types; I propose that we use "acct-mgmt" as our relation key.
Note that the Link specification requires that parsers resolve relative URLs; this point is not clearly defined in the current AMCD spec and adoption of the Link spec would make it a requirement. (And note that per 5.1 of the Link spec, the base of the content is not applied)
Example:
Old syntax:
X-Account-Management: http://site.com/meta/accounts.xml
New syntax:
Link: <http://site.com/meta/accounts.xml>; rel="acct-mgmt"
IANA registry syntax:
Relation Name: acct-mgmt
Description: Refers to an account management control document.
Reference: [TBD]
Use of the "anchor" attribute:The Link draft includes language that allows an "anchor" attribute on the Link header. This would imply that the Link header in a response is asserting the account management details for some other URL. My current belief is that this can't be handled securely and that we should disallow the use of the "anchor" attribute on acct-mgmt links.
Thoughts?
-Mike
--
Michael Hanson, Mozilla Labs (@michaelrhanson)
Dan Mills
May 5, 2010, 6:10:19 PM5/5/10
to mozilla-labs-o...@googlegroups.com
I think it would be great to leverage work already underway in the IETF. Link allows us to express everything we need to, so I see no reason not to use it.
I also agree that "anchors" (assertions about a different URL) should be disallowed for this application.
Filed a bug about this: https://bugzilla.mozilla.org/show_bug.cgi?id=564044
Dan
I also agree that "anchors" (assertions about a different URL) should be disallowed for this application.
Filed a bug about this: https://bugzilla.mozilla.org/show_bug.cgi?id=564044
Dan
Nathan
May 5, 2010, 6:29:03 PM5/5/10
to mozilla-labs-o...@googlegroups.com
+1 the link header.
there's isn't really a need to register acct-mgmt with iana as an atom
link relation [1]. just use a unique uri instead.
for instance for web access control we currently use
rel="http://www.w3.org/ns/auth/acl#" (which also dereferences to the ACL
ontology).
[1] http://www.iana.org/assignments/link-relations/link-relations.xhtml
Best,
nathan
Dan Mills wrote:
> I think it would be great to leverage work already underway in the IETF.
> Link allows us to express everything we need to, so I see no reason not to
> use it.
>
> I also agree that "anchors" (assertions about a different URL) should be
> disallowed for this application.
>
> Filed a bug about this: https://bugzilla.mozilla.org/show_bug.cgi?id=564044
>
> Dan
>
> On Wed, May 5, 2010 at 11:09 AM, Mike Hanson <mha...@mozilla.com> wrote:
>
>> (forwarding proposal from Mark Nottingham)
>>
>> The Web Linking draft proposes a general "Link" header, which is explicitly
>> designed to support the use case of linking to external resources in an HTTP
>> header. It is about to become an RFC.
>>
>> The latest draft is available here:
>> https://datatracker.ietf.org/doc/draft-nottingham-http-link-header/
>>
>> I propose that we adopt Link instead of X-Account-Manangement in the next
>> draft of the Account Management specification.
>>
>> We would need to register with the IANA registry of Link types; I propose
>> that we use "acct-mgmt" as our relation key.
>>
>> Note that the Link specification requires that parsers resolve relative
>> URLs; this point is not clearly defined in the current AMCD spec and
>> adoption of the Link spec would make it a requirement. (And note that per
>> 5.1 of the Link spec, the base of the content is not applied)
>>
>> *Example:*
>> *
>> *
>> *Old syntax:*
>> X-Account-Management: http://site.com/meta/accounts.xml
>> *
>> *
>> *New syntax:*
>> *IANA registry syntax:*
>> *
>> *
>> *Relation Name: acct-mgmt*
>> *Description: Refers to an account management control document.*
>> *Reference: [TBD]*
>> *
there's isn't really a need to register acct-mgmt with iana as an atom
link relation [1]. just use a unique uri instead.
for instance for web access control we currently use
rel="http://www.w3.org/ns/auth/acl#" (which also dereferences to the ACL
ontology).
[1] http://www.iana.org/assignments/link-relations/link-relations.xhtml
Best,
nathan
Dan Mills wrote:
> I think it would be great to leverage work already underway in the IETF.
> Link allows us to express everything we need to, so I see no reason not to
> use it.
>
> I also agree that "anchors" (assertions about a different URL) should be
> disallowed for this application.
>
> Filed a bug about this: https://bugzilla.mozilla.org/show_bug.cgi?id=564044
>
> Dan
>
> On Wed, May 5, 2010 at 11:09 AM, Mike Hanson <mha...@mozilla.com> wrote:
>
>> (forwarding proposal from Mark Nottingham)
>>
>> The Web Linking draft proposes a general "Link" header, which is explicitly
>> designed to support the use case of linking to external resources in an HTTP
>> header. It is about to become an RFC.
>>
>> The latest draft is available here:
>> https://datatracker.ietf.org/doc/draft-nottingham-http-link-header/
>>
>> I propose that we adopt Link instead of X-Account-Manangement in the next
>> draft of the Account Management specification.
>>
>> We would need to register with the IANA registry of Link types; I propose
>> that we use "acct-mgmt" as our relation key.
>>
>> Note that the Link specification requires that parsers resolve relative
>> URLs; this point is not clearly defined in the current AMCD spec and
>> adoption of the Link spec would make it a requirement. (And note that per
>> 5.1 of the Link spec, the base of the content is not applied)
>>
>> *
>> *
>> *Old syntax:*
>> X-Account-Management: http://site.com/meta/accounts.xml
>> *
>> *
>> *New syntax:*
>> *IANA registry syntax:*
>> *
>> *
>> *Relation Name: acct-mgmt*
>> *Description: Refers to an account management control document.*
>> *Reference: [TBD]*
>> *
>>
>> Use of the "anchor" attribute:
>>
>> *
>> Use of the "anchor" attribute:
>>
Reply all
Reply to author
Forward
0 new messages