URI a jeho dereferenciácia (z diskusie k PS Lepšie dáta)

Hi, apologies for the use of English in a non-English forum, but I had some dialogue with Jan Gondol about this, and he encouraged me to share my views here. Below is a slightly adapted version of an email I sent him about it.

For context, I work for the US government’s General Services Administration, and I help oversee the implementation of an HTTPS-only mandate for publicly accessible US government web services (details at https://https.cio.gov).


I strongly encourage you to move away from http:// for the use of URIs, even though they are not intended to be used as URLs.

While I understand that URIs are not URLs, the use of http:// for XML namespaces and DTD definitions, and the severe friction that has resulted in migrating open data services to use secure connections, has polarized me a bit on the subject.

For some context, see this discussion about proposing an exception to the US government’s HTTPS-only mandate for XML/DTD URIs:

I have read arguments by the linked data community – in particular Tim Berners-Lee – that mixing semantics around transport with URI namespacing is a mistake. I agree with that, but unfortunately this mixing is already present even when using http://. People seemed to choose http:// for URIs as a convenience rather than inventing something new, and I think that’s proving to be a mistake.

I have also seen arguments from the open data community – again most prominently by Tim Berners-Lee – that web browsers should drop mixed content protections to allow open data sources only available over http:// to be pulled into https:// websites. This is essentially saying that open data doesn’t need transport integrity or confidentiality at the protocol level, and seems to be partially motivated by the idea that pressure to change http:// URIs to https:// is too much work.

While you can argue for namespace purity without also arguing against the need for transport integrity, the fact that they’ve been both been argued together has entangled the issues more than they should be.

These entangled arguments, along with the pain I’ve observed around XML/DTD URIs, has led me to feel pretty strongly that if you’re going to use a URI that references a transport protocol – even if it’s not intended for dereferencing through a network connection – that URI should reference the secure version and not the deprecated version.

If URIs are meant to be fully independent, they should choose a scheme identifer other than http:// or https://. If they’re going to choose a scheme identifier that includes http, then it should be https://.

10 Likes

Zaujemci boli, len to nebolo v scope ani jedneho ani druheho. Alebo teda povedane inak, zaujemci prisli neskoro. :slight_smile:

Som za ucelenejsie riesenie zahrnajuce MetaIS2 (kedze uz existuje a je zhruba na tom spravnom mieste), za nejaku tu integraciu/delegovanie INSPIRE namespace na RPI (ak uz aj to je naslapnute) atd. A aj uprava na “forward looking” a “more secure” HTTPS by sa mi pacila (nerad by som opakoval chyby z USA, ktore nacrtol @EricMill). A urcite som aj za referencovatelnost (len, ako uz bolo spravne poznamenane, je na nu potrebna spolupraca dvoch systemov dvoch statnych organizacii, co je tiez vyzva, aj ked nie technicka).

A rad by som aj ASAP vypustil ontologie od @liska a @msurek aspon v odporucacom rezime, nech sa urychli ich pripadne pouzitie resp. nech sa aspon uz predchadza “divergenciam z neznalosti”. (O.i. mozno preto RPI nie je uplne “v sulade”, lebo komunikaciu o tych ontologiach nezachytili, kedze bola “interna” vramci standardizacie a nic alebo len malo “uniklo” von. Tak ako sme cca v 2014 vramci debat o Open Data velmi nevnimali INSPIRE.)

Ak sa teda najprv ujednotime tu, potom mozeme prist s jednym navrhom na Standardizacnu komisiu. Mame tak sancu, ze Luborom spominany polrok potrebny na novelu Vynosu bude realny.

Aby som to nekomplikoval, tak zatial uvediem otvorene body k red_id (nie ontologiam):

  1. referencovatelne URI: ano alebo nie? (v aktualnom Vynose mame “ano”, aj ked to data.gov.sk neimplementuje)
  2. ma byt v ref_id (URI) “http” alebo “https”? (v aktualnom Vynose je “http” pricom vdaka “centralizacii” temy na Vynos a data.gov.sk je sanca na najdenie dobreho riesenia, ak sa uzhodneme na zmenu na “https”, aj ked som mozno ignotrant a na nieco/niekoho som zabudol)
3 Likes