[Freedombox-discuss] some thoughts on URI namespaces

Melvin Carvalho melvincarvalho at gmail.com
Mon Dec 29 08:05:46 UTC 2014 

On 29 December 2014 at 08:18, Markus Sabadello <markus at projectdanube.org>
wrote:

>  On 12/28/2014 11:51 PM, Melvin Carvalho wrote:
>
>
>
> On 28 December 2014 at 22:45, Markus Sabadello <markus at projectdanube.org>
> wrote:
>
>> On today's call we talked about whether Plinth or jwchat should be the
>> start page.
>> And we currently have Owncloud at the path /owncloud.
>>
>> I think this question of "URI namespace layout" will become more
>> important as we add more applications to the box.
>>
>> One pattern I have been experimenting with is creating subdomains for
>> each new application which has a web interface.
>> I think this is more reliable than using folders, since some
>> applications may assume they are installed at the root /.
>>
>> So if my PageKite name is markus.pagekite.me, I could have:
>> - owncloud.markus.pagekite.me
>> - plinth.markus.pagekite.me
>> - jwchat.markus.pagekite.me
>> - radicale.markus.pagekite.me
>> - diaspora.markus.pagekite.me
>> - mailpile.markus.pagekite.me
>> - etc.
>>
>
>  I was doing something similar with one of my domains.
>
>  It's important in the domain that contains your profile page that the
> document and the person entity are delineated. This will facilitate ability
> to link to our other properties, and also more easily add future proofed
> things such as a public key for PKI.
>
>  Note: indieweb, owncloud, diaspora do *not* use this pattern.  They are
> all neat systems but I suspect will run into scalability issues for this
> reason.  I also hope there may be some work in fbx and/or debian to support
> WebID.
>
>  The traditional way to do this separation is with the # character.
> Unfortunately in HTP this char is overloaded to mean many things (anchor,
> linked data subject, media control, hiding device from server) so it can be
> very confusing.  I use #me in my profile, but #i is sometimes used, user
> can choose.
>
> I remember in Cool URIs, the other way of doing it was 303 URIs, but that
> is not the preferred way anymore?
>

I dont think it was ever "preferred", indeed timbl pushed back against this
idea.

303s are difficult to configure, at least they are probably beyond my
skill, and I dont see how to include something like a public key in the
document.

That said, now, It is an accepted pattern, but timbl still warns against it
(at least he did when we met at TPAC 2012) -- I'd say use at your own risk!


> In general I think support for RWW/LDP/WebID/etc would be great.
>
> At some point I might want my root domain name (e.g. markus.pagekite.me)
> to support a range of different services, e.g.:
> - When opened in the browser, an IndieWeb-compatible site such as Known (
> withknown.com)
>

sure, I do this too, using my homepage as identity for indie web apps, then
#me for linked at apps -- best of both worlds


> - Accessible with LDP protocol backed by gold or rww-play, etc.
>

i use gold and is excellent, HTTP PATCH support coming in Jan, and
websockets on the roadmap


> - Smart webfinger service that points to my remoteStorage, OpenID Connect,
> Mozilla Persona
>

sure, each have their uses, not sure if persona will survive tho


>   Also note that serving up mixed content over different domains, and htp
> vs https is something browsers have enormous problems with.  Even something
> as simple as using the web crypto API will be problematic cross origin.
> Same applies to a lesser extent for AJAX meshups.
>
> But if you install completely separate applications on subdomains such as
> mailpile, owncloud, diaspora, etc. then why would there be mixed content
> across domains?
>

just if you want to use the mashup/meshup pattern. For example, I'd like to
with my fbx.


> Wouldn't it actually be a big security feature rather than a bug if those
> separate applications can't XSS
> <http://en.wikipedia.org/wiki/Cross-site_scripting> each other?
>

Perhaps. But you may trust the content from your own site.  This is kind of
use case dependent.


>   So, while I like subdomains, at least today it poses implementation
> challenges.  Possibly best to avoid, unless you're providing fbx entry
> point for family members and/or friends.
>
>
>>
>> These should also work with an "internal" (dnsmasq-provided) domain when
>> I access the box from within my home network, e.g.:
>> - owncloud.freedombox
>> - plinth.freedombox
>> - jwchat.freedombox
>> - radicale.freedombox
>> - diaspora.freedombox
>> - mailpile.freedombox
>> - etc.
>>
>> In Plinth, I may want to have an option to set a "default" one, i.e.
>> which one should show up at markus.pagekite.me
>>
>> When using subdomains rather than folders, we also need different Tor
>> .onion addresses for each application, which is probably preferable
>> anyway.
>>
>> Thoughts?
>>
>> Markus
>>
>>
>>
>> _______________________________________________
>> Freedombox-discuss mailing list
>> Freedombox-discuss at lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141229/355f2f81/attachment-0001.html>

More information about the Freedombox-discuss mailing list