|Network Working Group||M. Nottingham|
|Internet-Draft||July 3, 2008|
|Updates: 4287 (if approved)|
|Intended status: Standards Track|
|Expires: January 4, 2009|
HTTP Header Linking
By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress”.
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 4, 2009.
This document clarifies the status of the Link HTTP header and attempts to consolidate link relations in a single registry.
A means of indicating the relationships between documents on the Web has been available for some time in HTML [W3C.REC-html401-19991224], and was considered as a HTTP header in [RFC2068], but removed from [RFC2616], due to a lack of implementation experience.
There have since surfaced many cases where a means of including this information in HTTP headers has proved useful. However, because it was removed, the status of the Link header is unclear, leading some to consider minting new application-specific HTTP headers instead of reusing it.
This document seeks to address these shortcomings.
Additionally, formats other than HTML -- namely, Atom [RFC4287] -- have also defined generic linking mechanisms that are similar to those in HTML, but not identical. This document aims to reconcile these differences when such links are expressed as headers.
[[ NOTE: This is a straw-man draft that is intended to give a ROUGH idea of what it would take to align and consolidate the HTML and Atom link relations into a single registry with reasonable extensibility rules. In particular; a) it changes the registry for Atom link relations, and the process for registration; b) it assigns more generic semantics to several existing link relations, both Atom and HTML; c) it changes the syntax of the Link header (in the case where extensions are present). Feedback is welcome on the email@example.com mailing list, although this is NOT a work item of the HTTPBIS WG. ]]
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, [RFC2119], as scoped to those conformance targets.
This document uses the Augmented Backus-Naur Form (ABNF) notation of [RFC2616], and explicitly includes the following rules from it: quoted-string, token, SP (space). Additionally, the following rules are included from [RFC3986]: URI-Reference, and from [RFC4288]: type-name.
The Link entity-header field provides a means for describing a relationship between two resources, generally between that of the entity associated with the header and some other resource. An entity MAY include multiple Link values.
The Link header field is semantically equivalent to the <LINK> element in HTML, as well as the atom:link element in Atom [RFC4287].
Link = "Link" ":" #("<" URI-Reference ">" *( ";" link-param ) ) link-param = ( ( "rel" "=" relationship ) | ( "type" "=" type-name ) | ( "title" "=" quoted-string ) | ( link-extension ) ) link-extension = token [ "=" ( token | quoted-string ) ] relationship = URI-Reference | <"> URI-Reference *( SP URI-Reference) <"> )
Relationship values that include a semicolon (";") or comma (",") MUST be quoted.
The title parameter MAY be used to label the destination of a link such that it can be used as identification within a human-readable menu.
Link: <http://www.cern.ch/TheBook/chapter2>; rel="previous"; title="previous chapter"
This indicates that chapter2 is previous to this resource in a logical navigation path.
Relationship values are URIs that identify the type of link. If the relationship is a relative URI, its base URI MUST be considered to be "http://www.iana.org/assignments/relation/", and the value MUST be present in the link relation registry.
This specification requires that the Message Header Registry entry for "Link" in HTTP [RFC3864] be updated to refer to this document, and located at "http://www.iana.org/assignments/relation/".
Header field: Link Applicable protocol: http Status: standard Author/change controller: IETF (firstname.lastname@example.org) Internet Engineering Task Force Specification document(s): [ this document ]
This specification is intended to update Atom to become the reference for the Link Relation registry, and clarifies its nature and use.
A Link relation is a way of indicating the semantics of a link. Link relations are not format-specific, and MUST NOT specify a particular format or media type that they are to be used with.
The security considerations of following a particular link are not determined by the link's relation type; they are determined by the specific context of the use and the media type of the response.
Likewise, a link relation SHOULD NOT specify what the context of its use is, although the media type of the dereferenced link may constrain how it is applied.
Link relations that differ only in case (e.g., "Foo" and "foo") MUST NOT be registered.
New relations MAY be registered, subject to IESG Approval, as outlined in [RFC2434]. Requests should be made by email to IANA, which will then forward the request to the IESG, requesting approval. The request should use the following template:
The Link Relation registry replaces the Atom Link Relation registry, using the same address with the following contents:
The content the Link headers is not secure, private or integrity-guaranteed, and due caution should be excercised when using it.
Applications that take advantage of these mechanisms should consider the attack vectors opened by automatically following, trusting, or otherwise using links gathered from HTTP headers.
|[RFC2119]||Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, March 1997.|
|[RFC2434]||Narten, T. and H. Alvestrand, “Guidelines for Writing an IANA Considerations Section in RFCs”, BCP 26, RFC 2434, October 1998.|
|[RFC2616]||Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1”, RFC 2616, June 1999.|
|[RFC3864]||Klyne, G., Nottingham, M., and J. Mogul, “Registration Procedures for Message Header Fields”, BCP 90, RFC 3864, September 2004.|
|[RFC3986]||Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax”, STD 66, RFC 3986, January 2005.|
|[RFC4288]||Freed, N. and J. Klensin, “Media Type Specifications and Registration Procedures”, RFC 4288, December 2005.|
|[RFC2068]||Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1”, RFC 2068, January 1997.|
|[RFC4287]||Nottingham, M., Ed. and R. Sayre, Ed., “The Atom Syndication Format”, RFC 4287, December 2005.|
|[RFC4685]||Snell, J., “Atom Threading Extensions”, RFC 4685, September 2006.|
|[RFC4946]||Snell, J., “Atom License Extension”, RFC 4946, July 2007.|
|[RFC5005]||Nottingham, M., “Feed Paging and Archiving”, RFC 5005, September 2007.|
|[RFC5023]||Gregorio, J. and B. de hOra, “The Atom Publishing Protocol”, RFC 5023, October 2007.|
|[W3C.REC-html401-19991224]||Hors, A., Raggett, D., and I. Jacobs, “HTML 4.01 Specification”, World Wide Web Consortium Recommendation REC-html401-19991224, December 1999, <http://www.w3.org/TR/1999/REC-html401-19991224>.|
HTML motivated the original syntax of the Link header, and many of the design decisions in this document are driven by a desire to stay compatible with these uses.
All of the link relations defined by HTML4 have been included in the link relation registry, so they can be used without modification. However, extension link relations work differently in HTML4 and the Link header; the former uses a document-wide "profile" URI to scope the relations, while the latter allows the use of full URIs on individual relations.
Therefore, when using the profile mechanism in HTML4, it is necessary to map the profiled link relations to URIs when expressed in Link headers. For example, in HTML:
<html> <head profile="http://example.com/profile1/"> <link rel="foo" href="/foo"> </head> [...]
could be represented as a header like this;
Link: </foo>; rel="http://example.com/profile1/foo"
Profile authors should note this when creating profile URIs; it may be desirable to use URIs that end in a delimiter (e.g., "/" or "#"), to make extracting the specific relation in use easier.
HTML defines link relation values as case-insensitive, while the Link header's syntax does not. Therefore, it is important to case-normalise relation values in HTML before comparing or converting them to Link headers.
HTML also defines several attributes on links that are not explicitly defined by the Link header. Although most of these are believed to be defunct, they can be used as link-extensions.
Atom conveys links in the atom:link element. When serialising an atom:link into a Link header, it is necessary to convert IRIs (if used) to URIs.
Additionally, since the base URI for link relations in Link headers is fixed, extension links (i.e,. those not in the registry) MUST be represented as absolute URIs.
Note also that while the Link header allows multiple relations to be associated with a single link, atom:link does not. In this case, a single Link header may map to several atom:link elements.
As with HTML, atom:link defines some attributes that are not explicitly mirrored in the Link header syntax, but they may also be used as link-extensions.
This specification lifts the definition of the Link header from RFC2068; credit for it belongs entirely to the authors of and contributors to that document. The link relation registrations themselves are sourced from several documents; see the applicable references.
The author would like to thank the many people who commented upon, encouraged and gave feedback to this draft, especially including Frank Ellermann and Julian Reschke.
Copyright © The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an “AS IS” basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at email@example.com.