Add notes to the safelisted schemes list

[DConmy]

The notes scheme is currently being documented and finalized at 1

The primary goal of the 'notes' URI is to view or edit a resource. Typically, a 'notes' URI would be encountered in MIME Email which contains links to other applications and/or documents residing on Domino server(s). A 'notes' URI can also be used with operating system clipboard operations to share a link with a native application or a browser application. When a 'notes' URI is clicked, a local installation of an application that supports the protocol will be launched and the resource will be located and shown. A local application can either be a native application, HCL Notes, or could be a browser application, Nomad for Web, which is delivered as a progressive web application (PWA).

The intent of the notes scheme is to allow the Nomad for web PWA to handle the notes scheme by being safelisted.

This commit adds the provisional notes scheme, as provisionally registered at 2

The notes protocol is being used by millions of users.

---

/acknowledgements.html ( diff )
/system-state.html ( diff )

[DConmy]

I am listed at a contributor for HCL in the latest version of this doc

[annevk]

The IANA registration says

May be unsuitable for open use on the public internet.

which seems somewhat concerning as this would end up exposing it on the public internet. Can that be addressed first?

[DConmy]

The provisional scheme had been a placeholder that was transferred to myself and HCL on last update.
I have an internet draft out for review and have asked that the scheme be updated with that information. I am waiting to hear back for that change to be made.

I will respond back once that update has been made.

[DConmy]

The provisional scheme for notes has been updated.
The sections refer to this draft which is included as a reference in the table on this IANA page.

The security section in the draft is as follows...

"6. Security Considerations

All operations initiated as a result of locating and viewing a
'notes' URI are done so under the access rights of the user logged
into the client application. All access restrictions including
application access control list [HCLDominoACL], readers fields
[HCLDominoReadersField] and execution control lists [HCLDominoECL]
are in effect when locating the application and/or document referred
to by a 'notes' URI."

@annevk Please let me know if this update is sufficient to address your original concern.

[annevk]

I'm not really sure how to read that or how it makes sense if a notes URL were to be translated to a https URL, as this would allow for. https://datatracker.ietf.org/doc/html/draft-dconmy-notes-uri-scheme also suggests in its Goals section that it's for a local application, which this would not be. Anyway, I guess it's good enough as far as IANA goes. The other things that are needed are implementer support and tests. (Please reinstate https://github.com/whatwg/html/blob/main/PULL_REQUEST_TEMPLATE.md to make it easier to track that.)

[DConmy]

At least two implementers are interested (and none opposed):

• Chrome is interested
• Firefox appears to be interested based on comment from Emilio Cobos Álvarez (:emilio). @annevk are you the Anne referred to in that comment, and can you update the bug if so?

Tests are written and can be reviewed and commented upon at:
web-platform-tests/wpt#33331

Implementation bugs are filed:
Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=1300279
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1761080
Safari: https://bugs.webkit.org/show_bug.cgi?id=238276

[DConmy]

I'm not really sure how to read that or how it makes sense if a notes URL were to be translated to a https URL, as this would allow for. https://datatracker.ietf.org/doc/html/draft-dconmy-notes-uri-scheme also suggests in its Goals section that it's for a local application, which this would not be.

To clarify on that comment, there is a local application, HCL Notes that can and does handle the notes scheme. For completeness, this was included, but does not require a change to the HTML spec, nor to browser.

There is also a web based app, HCL Nomad for web, which is a single page application/PWA that could handle the notes scheme, but cannot at the moment due to the notes scheme note being on the HTML whitelist nor allowed by the major browsers as a result.

[DConmy]

In terms of participation, I am a member of HCL-TECH-SOFTWARE as a public member.
https://github.com/orgs/HCL-TECH-SOFTWARE/people

And HCL-TECH-SOFTWARE has signed on for participation in this doc

[DConmy]

At least two implementers are interested (and none opposed):

Chrome is interested
Firefox is interested waiting on this spec PR to move forward

Tests are written and can be reviewed and commented upon at:
web-platform-tests/wpt#33331

Implementation bugs are filed:
Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=1300279
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1761080
Safari: https://bugs.webkit.org/show_bug.cgi?id=238276

[hcldan]

@annevk This seems to have stalled. What would it take to keep it moving?

[hcldan]

@annevk Any chance of moving this forward?

[annevk]

@domenic or @zcorpan should prolly drive this.

OP needs to have the PR template restored and filled out. It seems like only Chromium has indicated interested as Gecko deferred to me at the time and I did not indicate interest and I also don't work for Mozilla anymore. Hope that helps.

[domenic]

I think at this point Chromium is most interested in #3998 (recently discussed in #9158).