Resolving http and https namespaces

[csarven]

curl -H"Accept: text/turtle" https://www.w3.org/ns/oa returns http URIs. Is that intended or previously discussed/logged somewhere? Is anyone (eg @iherman @shepazu ) keeping an eye on this?

My expectation is that the https ns should return https, and redirecting http to https would be great, but... see also: https://www.w3.org/blog/2016/01/w3-org-supporting-https-and-hsts/

Lastly, it might be worthwhile to state somewhere which ns people should use.

Related issue: #66

[iherman]

@csarven, this issue is still in flux, as well as the situation around the HSTS introduction. At present, the official URI for the namespace documents are the HTTP. This is particularly true for older namespace documents that belong to existing recommendations, but also for new ones.

Also: this is not an issue for this working group, but a general policy issue on namespaces.

[azaroth42]

As it's not something we can solve nor any action we can take, can we just close the issue?

[iherman]

+1

Ivan

On 28 Mar 2016, at 17:56, Rob Sanderson notifications@github.com wrote:

As it's not something we can solve nor any action we can take, can we just close the issue?

—

[csarven]

I'm fine to close this issue, but can we ballpark agree that the https response with http IRIs is not "right"? The point of this issue was to settle on a canonical scheme that can go into the documentation and code. For instance, I'm essentially okay to use either in my tooling but prefer not to switch down the line. I guess we'll go with "At present, the official URI for the namespace documents are the HTTP."

Closing issue. Please leave comment if any new information.

[akuckartz]

but can we ballpark agree that the https response with http IRIs is not "right"?

👍

[iherman]

but can we ballpark agree that the https response with http IRIs is not "right"?

This not (ie, the WG's) call in my view, it is a matter of general W3C policy as for what the official URI is for namespaces and json-ld context documents or, for that matter, official Recommendations. It is clear that we cannot change this for older namespaces like the one if RDF, for example; the answer is not that clear cut imho.

[halindrome]

I actually believe the policy should be that namespace URIs are unchanged and unchanging over time. The fact that a URI is redirected or otherwise altered during dereferencing is not a problem per se. "namespaces", or "vocabulary spaces" as we sometimes call them, are defined by their lexical representation for analysis purposes. Or at least they are in all the software I have examined personally.

[iherman]

On 29 Mar 2016, at 13:54, Shane McCarron notifications@github.com wrote:

I actually believe the policy should be that namespace URIs are unchanged and unchanging over time.

That is absolutely true. That is why I said that the RDF namespace will remain HTTP until the end of times.

We could introduce the policy that newer vocabularies, like OA, would be HTTPS, though. But I am not sure I like the duality: some are HTTP and others are HTTPS.

As I said, the same applies to the official identifiers of Recommendations.

The fact that a URI is redirected or otherwise altered during dereferencing is not a problem per se. "namespaces", or "vocabulary spaces" as we sometimes call them, are defined by their lexical representation for analysis purposes. Or at least they are in all the software I have examined personally.

[rtroncy]

FYI, there was similar discussion when choosing the canonical URL for schema.org terms, and the http version has been preferred over the https one for legacy reason.

[halindrome]

@iherman I actually think having both would just introduce authoring errors. Not our call, of course, but in other groups where this is discussed I would push for ensuring that it is always http:

[stain]

JSON-LD contexts should be accessed by https, so that they can be used within Javascript on secure pages. (They should also have the CORS header).

The historical namespace is http://www.w3.org/ns/oa# which we don't want to change -- this happens to also be described at https://www.w3.org/ns/oa -- while this redirection is quite confusing (more so than redirection to a URI that doesn't look like the NS - like http://purl.org/dc/terms/) -- perhaps we can try to highlight http://www.w3.org/ns/oa# more and add a paragraph to section http://w3c.github.io/web-annotation/vocab/wd/#namespaces declaring the namespace in bold and saying http vs https.

[azaroth42]

Let's split out JSON-LD files (contexts, frames) to a separate issue? I think there's a different set of concerns for those (along with CORS and mixed content for browsers), and I agree that accessibility via https is useful in some situations, and we have control over those URIs separately from the namespace.

[stain]

Suggested Namespace section from pull request #198:

http://stain.github.io/web-annotation/vocab/wd/#namespaces

Quote:

This document defines terms in the Web Annotation namespace:

http://www.w3.org/ns/oa#

While the vocabulary may be retrieved from the https:// variant of the namespace, for compatibility with the precursor Open Annotation Data Model, the namespace uses http:// in its URI.

This vocabulary is also available (TODO: issue #66) as an RDFS [rdf-schema] and OWL [owl2-overview] ontology:

• oa.ttl (Turtle format)
• oa.jsonld (JSON-LD format)
• oa.rdf (RDF/XML format)

[csarven]

@stain That's great! That is what I was hoping this issue to move towards / resolve with.

[stain]

@csarven sorry I didn't make it for the https://www.w3.org/TR/annotation-vocab/ deadline. I added something similar to the update for the http://www.w3.org/ns/oa.html Namespace Document in #188:
http://stain.github.io/web-annotation/vocab/wd/oa.html#introduction