headers
sune.jakobsson | 2 Mar 2012 14:05
Favicon

URI ACR extension

Dear all.

I would like to bring your attention the http://tools.ietf.org/html/draft-uri-acr-extension-04  submission.

Technical summary:

   This URI scheme is intended as an extension to the "tel:"
   scheme but without disclosing the true identity of a reference or a
   user.  The "acr" URI describes an anonymous reference, that can be
   mapped to a resource or a user.  There are multiple situations where
   the true identity of a user or a resources can not be disclosed.  The
   "acr" URI is a globally unique identifier ( "name" ) only; it does
   not describe the steps necessary to reach the user or the device.
   However it can contain a parameter indication what body or
   organisation that could resolve it.  It is intended for privacy
   protection, where a user trusts a translating party, that can route
   or forward the request or message to the true user or resource.

This is an individual contribution, so I need help to bring this to a working group, and hopefully convert it
to a permanent RFC in time.

Open Mobile Alliance is using this on multiple network enablers, to allow anonymous access to API's

Any advice would be helpful. :)

BR Sune Jakobsson
Permalink | Reply |
headers
Gannon Dick | 2 Mar 2012 23:48
Picon
Favicon

Re: URI ACR extension

Hi Sune,

I have a suggestion for the default parameter ...  This should not be null, since then you'll have every data miner east of the Moon trying to hack your scheme.  Rather I suggest http://purl.org/pii/terms/#alpha  (HTML) or http://purl.org/pii/terms/alpha (RDF)  or make up your own URL to oblivion.  It won't stop miscreants, but it will slow down robots nicely.

--Gannon

From: "sune.jakobsson <at> telenor.com" <sune.jakobsson <at> telenor.com>
To: uri <at> w3.org
Cc: Kevin.Smith <at> vodafone.com
Sent: Friday, March 2, 2012 7:05 AM
Subject: URI ACR extension

Dear all.

I would like to bring your attention the http://tools.ietf.org/html/draft-uri-acr-extension-04  submission.

Technical summary:

  This URI scheme is intended as an extension to the "tel:"
  scheme but without disclosing the true identity of a reference or a
  user.  The "acr" URI describes an anonymous reference, that can be
  mapped to a resource or a user.  There are multiple situations where
  the true identity of a user or a resources can not be disclosed.  The
  "acr" URI is a globally unique identifier ( "name" ) only; it does
  not describe the steps necessary to reach the user or the device.
  However it can contain a parameter indication what body or
  organisation that could resolve it.  It is intended for privacy
  protection, where a user trusts a translating party, that can route
  or forward the request or message to the true user or resource.

This is an individual contribution, so I need help to bring this to a working group, and hopefully convert it to a permanent RFC in time.

Open Mobile Alliance is using this on multiple network enablers, to allow anonymous access to API's

Any advice would be helpful. :)


BR Sune Jakobsson




Permalink | Reply |

Gmane