URI ACR extension

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

URI ACR extension

sune.jakobsson
Dear all.

I would like to bring your attention the http://tools.ietf.org/html/draft-uri-acr-extension-04  submission.

Technical summary:

   This URI scheme is intended as an extension to the "tel:"
   scheme but without disclosing the true identity of a reference or a
   user.  The "acr" URI describes an anonymous reference, that can be
   mapped to a resource or a user.  There are multiple situations where
   the true identity of a user or a resources can not be disclosed.  The
   "acr" URI is a globally unique identifier ( "name" ) only; it does
   not describe the steps necessary to reach the user or the device.
   However it can contain a parameter indication what body or
   organisation that could resolve it.  It is intended for privacy
   protection, where a user trusts a translating party, that can route
   or forward the request or message to the true user or resource.

This is an individual contribution, so I need help to bring this to a working group, and hopefully convert it to a permanent RFC in time.

Open Mobile Alliance is using this on multiple network enablers, to allow anonymous access to API's

Any advice would be helpful. :)


BR Sune Jakobsson


Reply | Threaded
Open this post in threaded view
|

Re: URI ACR extension

Gannon Dick
Hi Sune,

I have a suggestion for the default parameter ...  This should not be null, since then you'll have every data miner east of the Moon trying to hack your scheme.  Rather I suggest http://purl.org/pii/terms/#alpha  (HTML) or http://purl.org/pii/terms/alpha (RDF)  or make up your own URL to oblivion.  It won't stop miscreants, but it will slow down robots nicely.

--Gannon


From: "[hidden email]" <[hidden email]>
To: [hidden email]
Cc: [hidden email]
Sent: Friday, March 2, 2012 7:05 AM
Subject: URI ACR extension

Dear all.

I would like to bring your attention the http://tools.ietf.org/html/draft-uri-acr-extension-04  submission.

Technical summary:

  This URI scheme is intended as an extension to the "tel:"
  scheme but without disclosing the true identity of a reference or a
  user.  The "acr" URI describes an anonymous reference, that can be
  mapped to a resource or a user.  There are multiple situations where
  the true identity of a user or a resources can not be disclosed.  The
  "acr" URI is a globally unique identifier ( "name" ) only; it does
  not describe the steps necessary to reach the user or the device.
  However it can contain a parameter indication what body or
  organisation that could resolve it.  It is intended for privacy
  protection, where a user trusts a translating party, that can route
  or forward the request or message to the true user or resource.

This is an individual contribution, so I need help to bring this to a working group, and hopefully convert it to a permanent RFC in time.

Open Mobile Alliance is using this on multiple network enablers, to allow anonymous access to API's

Any advice would be helpful. :)


BR Sune Jakobsson