[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Normal Forms
Hi list, I'm currently working on
proper I18N in OpenXRI, which includes handling XRI/IRI/URI-normal form
properly. This has brought up some issues that have been bugging me but I
didn't get enough of a grip to even begin to ask questions. I will attempt now. 1. The XRI
syntax spec speaks of XRI, IRI and URI normal forms. However, it does not
provide recommendations on the usage of these forms and context in which each
of these forms should appear: a. Should
implementations be applying algorithms to detect a particular normal form? Or
should it be explicitly told. b. Should
a HXRI (resolution spec) only accept URI normal form? c. What
about contexts that have the capacity to accept anyURI and have no problem
representing non-ASCII? 2. Converting
an IRI reference (which could be rogue) to XRI normal form may present a
security problem because it is done across the entire string before parsing. E.g. Google has
"xri://@google" and creates a HXRI http://xri.net/@google/search. A
malicious user could register @google%2Fsearch and the XRI parser could not
tell between %2F being a 3-character sequence within an I-name or is it a
percent encoding due to XRI-to-IRI transformation. I may be wrong in any of
these, so I'd like to defer to those of you who have thought long and hard
about XRI-IRI-URI conversions.=20 I would be more than willing
to discuss this further as I'm not convinced that the points above are clearly
articulated, and I suspect that I'm missing some point that may be obvious to
others. Thanks. =wil (http://xri.net/=wil) |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]