Revisiting relative IRI resolution API

[lo48576]

Re: Incompleteness of reference resolution algorithm in RFC 3986 from Roy T. Fielding on 2022-08-25 (uri@w3.org from August 2022)

Summary (IIUC):

• IRI contexts are hierarchical or not hierarchical, depending on the schema.
  • IRIs like foo:bar is not hierarchical.
• Relative references (other than same-document fragments) are meaningless against non-hierarchical IRIs.
• Relative IRI resolutions will result in valid IRIs if it is meaningful, but will result in invalid IRIs if meaningless.
  • In other words, result of relative IRI resolutions are not intended to be always valid as IRIs.
• Result of meaningless reference resolutions would not be worth defining as IRIs.

Thus, the possible choices are:

• Return an error for non-hierarchical IRIs.
  • However, the spec does not strictly describe what is considered "hierarchical name space" and what is not. It seems like it should be defined by schema.
• Return a plain string as a resolution result.
  • I think this could be insecure, since for some special inputs it can result in IRI-like string with unexpected authority component.
• Return an IRI modified to be valid-ish, and provide predicates to check it is the expected result.
  • Current implementation.

[lo48576]

I think the current API is not so bad, but I can add a note to say "don't resolve against an IRI that does not use hierarchical name space. It is your responsibility to check that (using ensure_rfc3986_normalizable())!".

Another thing to consider is, what is the reasonable fallback for "meaningless" resolution?

Currently provided modes are "prepend /. anyway" mode and "prepend /. if absolute, or do nothing if relative".
I think they will be enough, but is there any other algorithms that are used widely in real world?