SlideShare a Scribd company logo

What is a Capability URL (and why do I care

Daniel Appelquist
Daniel Appelquist

The W3C TAG is working on a set of best practices for capability URLs. What's a capability URL? Glad you asked. This presentation (give at "London Web Standards" on 20 Jan 2014) attempts to explain what a capability URL is and why Web developers should take care when using them. (NB: the first few slides are just speaker introduction.)

TechnologyDesign
1 of 25
Download to read offline
What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
Telefónica Digital http://blog.digital.telefonica.com - @tefdigital
Firefox OS http://firefoxos.com
W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
Capability URLs
“Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
Cool URLs Don’t Change
…but…
Not all URLs are cool
Some URLs are hot!
Sorry.
So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
Reasons to Use • No login required • Easy to pass on
Reasons to Be Careful • No login required • Easy to pass on
URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
• Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
• Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
Capability URLs Many care Such powerful Very not break Web Wow.
Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag

Recommended

The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Using trained machine learning predictors in Gurobi
Using trained machine learning predictors in GurobiUsing trained machine learning predictors in Gurobi
Using trained machine learning predictors in GurobiXavier Nodet
 
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...Melanie Swan
 
Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Digital Credentials Enabling Mobility and Verification of Educational Achieve...Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Digital Credentials Enabling Mobility and Verification of Educational Achieve...Brandon Muramatsu
 
AWS PPT.pptx
AWS PPT.pptxAWS PPT.pptx
AWS PPT.pptxGauravSharma164138
 
Virtual Environments and Web 3D – New Worlds with Old Problems?
Virtual Environments and Web 3D – New Worlds with Old Problems?Virtual Environments and Web 3D – New Worlds with Old Problems?
Virtual Environments and Web 3D – New Worlds with Old Problems?Tracy Kennedy
 
Password generator strong password generator
Password generator strong password generatorPassword generator strong password generator
Password generator strong password generatorNFR Live
 
Blockchain Fundamentals - Top Rated for Beginners
Blockchain Fundamentals - Top Rated for Beginners Blockchain Fundamentals - Top Rated for Beginners
Blockchain Fundamentals - Top Rated for Beginners 101 Blockchains
 

Recommended

The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Using trained machine learning predictors in Gurobi
Using trained machine learning predictors in GurobiUsing trained machine learning predictors in Gurobi
Using trained machine learning predictors in GurobiXavier Nodet
 
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...Melanie Swan
 
Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Digital Credentials Enabling Mobility and Verification of Educational Achieve...Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Digital Credentials Enabling Mobility and Verification of Educational Achieve...Brandon Muramatsu
 
AWS PPT.pptx
AWS PPT.pptxAWS PPT.pptx
AWS PPT.pptxGauravSharma164138
 
Virtual Environments and Web 3D – New Worlds with Old Problems?
Virtual Environments and Web 3D – New Worlds with Old Problems?Virtual Environments and Web 3D – New Worlds with Old Problems?
Virtual Environments and Web 3D – New Worlds with Old Problems?Tracy Kennedy
 
Password generator strong password generator
Password generator strong password generatorPassword generator strong password generator
Password generator strong password generatorNFR Live
 
Blockchain Fundamentals - Top Rated for Beginners
Blockchain Fundamentals - Top Rated for Beginners Blockchain Fundamentals - Top Rated for Beginners
Blockchain Fundamentals - Top Rated for Beginners 101 Blockchains
 
how 3d technology works
how 3d technology workshow 3d technology works
how 3d technology worksYashi Rawal
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain conceptsMurughan Palaniachari
 
Vlsm subnetting chart
Vlsm subnetting chartVlsm subnetting chart
Vlsm subnetting chartWenderson Teixeira Paulo
 
Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchainJorge Sebastiao
 
Eyetracking
EyetrackingEyetracking
EyetrackinguxHH
 
Distributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation SlidesDistributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation SlidesSlideTeam
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Metaverse the future.pptx
Metaverse the future.pptxMetaverse the future.pptx
Metaverse the future.pptxNinaiqbal
 
NFT pdf.pdf
NFT pdf.pdfNFT pdf.pdf
NFT pdf.pdfJoeyNarella
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Blockchain in gaming industry
Blockchain in gaming industryBlockchain in gaming industry
Blockchain in gaming industryCeline George
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASBAlberto Rivai
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
The foundations of metaverse
The foundations of metaverseThe foundations of metaverse
The foundations of metaverseGiovanni Laquidara
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformCoin Sciences Ltd
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Edureka!
 
cloud computing architecture.pptx
cloud computing architecture.pptxcloud computing architecture.pptx
cloud computing architecture.pptxSourodeepChakraborty3
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
To Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmTo Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmShahzad
 
DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 

More Related Content

What's hot

how 3d technology works
how 3d technology workshow 3d technology works
how 3d technology worksYashi Rawal
 
Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchainJorge Sebastiao
 
Eyetracking
EyetrackingEyetracking
EyetrackinguxHH
 
Distributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation SlidesDistributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation SlidesSlideTeam
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Metaverse the future.pptx
Metaverse the future.pptxMetaverse the future.pptx
Metaverse the future.pptxNinaiqbal
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Blockchain in gaming industry
Blockchain in gaming industryBlockchain in gaming industry
Blockchain in gaming industryCeline George
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASBAlberto Rivai
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformCoin Sciences Ltd
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Edureka!
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
To Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmTo Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmShahzad
 

What's hot (20)

how 3d technology works
how 3d technology workshow 3d technology works
how 3d technology works
 
Blockchain concepts
Blockchain conceptsBlockchain concepts
Blockchain concepts
 
Vlsm subnetting chart
Vlsm subnetting chartVlsm subnetting chart
Vlsm subnetting chart
 
Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
 
Eyetracking
EyetrackingEyetracking
Eyetracking
 
Distributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation SlidesDistributed Ledger PowerPoint Presentation Slides
Distributed Ledger PowerPoint Presentation Slides
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
 
Metaverse the future.pptx
Metaverse the future.pptxMetaverse the future.pptx
Metaverse the future.pptx
 
NFT pdf.pdf
NFT pdf.pdfNFT pdf.pdf
NFT pdf.pdf
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.
 
Blockchain in gaming industry
Blockchain in gaming industryBlockchain in gaming industry
Blockchain in gaming industry
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
The foundations of metaverse
The foundations of metaverseThe foundations of metaverse
The foundations of metaverse
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges
 
MultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platformMultiChain – Private multicurrency blockchain platform
MultiChain – Private multicurrency blockchain platform
 
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
Blockchain Wallet | Blockchain Tutorial for Beginners | Blockchain Training ...
 
cloud computing architecture.pptx
cloud computing architecture.pptxcloud computing architecture.pptx
cloud computing architecture.pptx
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
To Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmTo Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization Algorithm
 

Similar to What is a Capability URL (and why do I care

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Karen Mardahl
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Karen Mardahl
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepMike Anderson
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Anya Stettler
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web techLiaquat Rahoo
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)Robert Sanderson
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museumsmherbison
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011Robert Perret
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journeyOpenAthens
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTelliando dias
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the wayWSO2
 

Similar to What is a Capability URL (and why do I care (20)

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developers
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Design
 
Api Design
Api DesignApi Design
Api Design
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleep
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web tech
 
world wide web
world wide webworld wide web
world wide web
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museums
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-Roadmap
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011
 
Unit 3 - URLs and URIs
Unit 3 - URLs and URIsUnit 3 - URLs and URIs
Unit 3 - URLs and URIs
 
Web decay and Internet Archive
Web decay and Internet ArchiveWeb decay and Internet Archive
Web decay and Internet Archive
 
Restful webservices
Restful webservicesRestful webservices
Restful webservices
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journey
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from REST
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the way
 

More from Daniel Appelquist

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web Daniel Appelquist
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...Daniel Appelquist
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014Daniel Appelquist
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?Daniel Appelquist
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsDaniel Appelquist
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Daniel Appelquist
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextDaniel Appelquist
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesDaniel Appelquist
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampDaniel Appelquist
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Daniel Appelquist
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Daniel Appelquist
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebDaniel Appelquist
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistDaniel Appelquist
 

More from Daniel Appelquist (13)

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applications
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-Next
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the Web
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan Appelquist
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

What is a Capability URL (and why do I care

  • 1. What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
  • 4. W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
  • 5. Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
  • 7. “Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
  • 8. Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
  • 11. Not all URLs are cool
  • 14. So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
  • 15. Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
  • 16. Reasons to Use • No login required • Easy to pass on
  • 17. Reasons to Be Careful • No login required • Easy to pass on
  • 18. URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
  • 19. Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
  • 20. Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
  • 21. • Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
  • 22. • Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
  • 23. Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
  • 24. Capability URLs Many care Such powerful Very not break Web Wow.
  • 25. Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag