SlideShare a Scribd company logo

What is a Capability URL (and why do I care?)

Daniel Appelquist
Daniel Appelquist

The W3C TAG is working on a set of best practices for capability URLs. What's a capability URL? Glad you asked. This presentation (give at "London Web Standards" on 20 Jan 2014) attempts to explain what a capability URL is and why Web developers should take care when using them. (NB: the first few slides are just speaker introduction.)

TechnologyDesign
1 of 25
Download to read offline
What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
Telefónica Digital http://blog.digital.telefonica.com - @tefdigital
Firefox OS http://firefoxos.com
W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
Capability URLs
“Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
Cool URLs Don’t Change
…but…
Not all URLs are cool
Some URLs are hot!
Sorry.
So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
Reasons to Use • No login required • Easy to pass on
Reasons to Be Careful • No login required • Easy to pass on
URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
• Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
• Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
Capability URLs Many care Such powerful Very not break Web Wow.
Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag

Recommended

Jitney, Kafka at Airbnb
Jitney, Kafka at AirbnbJitney, Kafka at Airbnb
Jitney, Kafka at Airbnbalexismidon
 
Slides: Knowledge Graphs vs. Property Graphs
Slides: Knowledge Graphs vs. Property GraphsSlides: Knowledge Graphs vs. Property Graphs
Slides: Knowledge Graphs vs. Property GraphsDATAVERSITY
 
Strata sf - Amundsen presentation
Strata sf - Amundsen presentationStrata sf - Amundsen presentation
Strata sf - Amundsen presentationTao Feng
 
Airflow at lyft for Airflow summit 2020 conference
Airflow at lyft for Airflow summit 2020 conferenceAirflow at lyft for Airflow summit 2020 conference
Airflow at lyft for Airflow summit 2020 conferenceTao Feng
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for JavaSébastien GIORIA
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...DataWorks Summit
 
Designing APIs and Microservices Using Domain-Driven Design
Designing APIs and Microservices Using Domain-Driven DesignDesigning APIs and Microservices Using Domain-Driven Design
Designing APIs and Microservices Using Domain-Driven DesignLaunchAny
 

Recommended

Jitney, Kafka at Airbnb
Jitney, Kafka at AirbnbJitney, Kafka at Airbnb
Jitney, Kafka at Airbnbalexismidon
 
Slides: Knowledge Graphs vs. Property Graphs
Slides: Knowledge Graphs vs. Property GraphsSlides: Knowledge Graphs vs. Property Graphs
Slides: Knowledge Graphs vs. Property GraphsDATAVERSITY
 
Strata sf - Amundsen presentation
Strata sf - Amundsen presentationStrata sf - Amundsen presentation
Strata sf - Amundsen presentationTao Feng
 
Airflow at lyft for Airflow summit 2020 conference
Airflow at lyft for Airflow summit 2020 conferenceAirflow at lyft for Airflow summit 2020 conference
Airflow at lyft for Airflow summit 2020 conferenceTao Feng
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for JavaSébastien GIORIA
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...Streamline Data Governance with Egeria: The Industry's First Open Metadata St...
Streamline Data Governance with Egeria: The Industry's First Open Metadata St...DataWorks Summit
 
Designing APIs and Microservices Using Domain-Driven Design
Designing APIs and Microservices Using Domain-Driven DesignDesigning APIs and Microservices Using Domain-Driven Design
Designing APIs and Microservices Using Domain-Driven DesignLaunchAny
 
Neo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4jNeo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4jNeo4j
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityElasticsearch
 
Using Databricks as an Analysis Platform
Using Databricks as an Analysis PlatformUsing Databricks as an Analysis Platform
Using Databricks as an Analysis PlatformDatabricks
 
Using MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOpsUsing MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOpsWeaveworks
 
Reconstructing the SRE
Reconstructing the SREReconstructing the SRE
Reconstructing the SREBob Wise
 
Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup Omid Vahdaty
 
The Knowledge Graph Explosion
The Knowledge Graph ExplosionThe Knowledge Graph Explosion
The Knowledge Graph ExplosionNeo4j
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
Testing data streaming applications
Testing data streaming applicationsTesting data streaming applications
Testing data streaming applicationsLars Albertsson
 
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...Databricks
 
Government GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and MLGovernment GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and MLNeo4j
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Michelle Ufford
 
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, FabernovelApidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovelapidays
 
Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020Julien Le Dem
 
Introduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AIIntroduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AISemantic Web Company
 
Great Expectations Presentation
Great Expectations PresentationGreat Expectations Presentation
Great Expectations PresentationAdam Doyle
 
Whoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ NetflixWhoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ NetflixDataWorks Summit
 
OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)Sebastian Poxhofer
 
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdfNeo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdfNeo4j
 
Apply MLOps at Scale by H&M
Apply MLOps at Scale by H&MApply MLOps at Scale by H&M
Apply MLOps at Scale by H&MDatabricks
 
DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 

More Related Content

What's hot

Neo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4jNeo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4jNeo4j
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityElasticsearch
 
Using Databricks as an Analysis Platform
Using Databricks as an Analysis PlatformUsing Databricks as an Analysis Platform
Using Databricks as an Analysis PlatformDatabricks
 
Using MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOpsUsing MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOpsWeaveworks
 
Reconstructing the SRE
Reconstructing the SREReconstructing the SRE
Reconstructing the SREBob Wise
 
Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup Omid Vahdaty
 
The Knowledge Graph Explosion
The Knowledge Graph ExplosionThe Knowledge Graph Explosion
The Knowledge Graph ExplosionNeo4j
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
Testing data streaming applications
Testing data streaming applicationsTesting data streaming applications
Testing data streaming applicationsLars Albertsson
 
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...Databricks
 
Government GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and MLGovernment GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and MLNeo4j
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Michelle Ufford
 
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, FabernovelApidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovelapidays
 
Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020Julien Le Dem
 
Introduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AIIntroduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AISemantic Web Company
 
Great Expectations Presentation
Great Expectations PresentationGreat Expectations Presentation
Great Expectations PresentationAdam Doyle
 
Whoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ NetflixWhoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ NetflixDataWorks Summit
 
OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)Sebastian Poxhofer
 
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdfNeo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdfNeo4j
 
Apply MLOps at Scale by H&M
Apply MLOps at Scale by H&MApply MLOps at Scale by H&M
Apply MLOps at Scale by H&MDatabricks
 

What's hot (20)

Neo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4jNeo4j Graph Use Cases, Bruno Ungermann, Neo4j
Neo4j Graph Use Cases, Bruno Ungermann, Neo4j
 
Combining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observabilityCombining logs, metrics, and traces for unified observability
Combining logs, metrics, and traces for unified observability
 
Using Databricks as an Analysis Platform
Using Databricks as an Analysis PlatformUsing Databricks as an Analysis Platform
Using Databricks as an Analysis Platform
 
Using MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOpsUsing MLOps to Bring ML to Production/The Promise of MLOps
Using MLOps to Bring ML to Production/The Promise of MLOps
 
Reconstructing the SRE
Reconstructing the SREReconstructing the SRE
Reconstructing the SRE
 
Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup
 
The Knowledge Graph Explosion
The Knowledge Graph ExplosionThe Knowledge Graph Explosion
The Knowledge Graph Explosion
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
 
Testing data streaming applications
Testing data streaming applicationsTesting data streaming applications
Testing data streaming applications
 
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
Solving Data Discovery Challenges at Lyft with Amundsen, an Open-source Metad...
 
Government GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and MLGovernment GraphSummit: Leveraging Graphs for AI and ML
Government GraphSummit: Leveraging Graphs for AI and ML
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017
 
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, FabernovelApidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
Apidays Paris 2023 - AIvolution or AIPocalypse, Cyril Vart, Fabernovel
 
Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020Data lineage and observability with Marquez - subsurface 2020
Data lineage and observability with Marquez - subsurface 2020
 
Introduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AIIntroduction to Knowledge Graphs and Semantic AI
Introduction to Knowledge Graphs and Semantic AI
 
Great Expectations Presentation
Great Expectations PresentationGreat Expectations Presentation
Great Expectations Presentation
 
Whoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ NetflixWhoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
Whoops, The Numbers Are Wrong! Scaling Data Quality @ Netflix
 
OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)OpenTelemetry: From front- to backend (2022)
OpenTelemetry: From front- to backend (2022)
 
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdfNeo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
Neo4j Generative AI workshop at GraphSummit London 14 Nov 2023.pdf
 
Apply MLOps at Scale by H&M
Apply MLOps at Scale by H&MApply MLOps at Scale by H&M
Apply MLOps at Scale by H&M
 

Similar to What is a Capability URL (and why do I care?)

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Karen Mardahl
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Karen Mardahl
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepMike Anderson
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Anya Stettler
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web techLiaquat Rahoo
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)Robert Sanderson
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museumsmherbison
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011Robert Perret
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journeyOpenAthens
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTelliando dias
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the wayWSO2
 

Similar to What is a Capability URL (and why do I care?) (20)

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developers
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Design
 
Api Design
Api DesignApi Design
Api Design
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleep
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web tech
 
world wide web
world wide webworld wide web
world wide web
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museums
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-Roadmap
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011
 
Unit 3 - URLs and URIs
Unit 3 - URLs and URIsUnit 3 - URLs and URIs
Unit 3 - URLs and URIs
 
Web decay and Internet Archive
Web decay and Internet ArchiveWeb decay and Internet Archive
Web decay and Internet Archive
 
Restful webservices
Restful webservicesRestful webservices
Restful webservices
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journey
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from REST
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the way
 

More from Daniel Appelquist

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web Daniel Appelquist
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...Daniel Appelquist
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014Daniel Appelquist
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?Daniel Appelquist
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsDaniel Appelquist
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Daniel Appelquist
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextDaniel Appelquist
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesDaniel Appelquist
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampDaniel Appelquist
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Daniel Appelquist
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Daniel Appelquist
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebDaniel Appelquist
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistDaniel Appelquist
 

More from Daniel Appelquist (13)

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applications
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-Next
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the Web
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan Appelquist
 

Recently uploaded

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

What is a Capability URL (and why do I care?)

  • 1. What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
  • 4. W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
  • 5. Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
  • 7. “Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
  • 8. Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
  • 11. Not all URLs are cool
  • 14. So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
  • 15. Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
  • 16. Reasons to Use • No login required • Easy to pass on
  • 17. Reasons to Be Careful • No login required • Easy to pass on
  • 18. URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
  • 19. Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
  • 20. Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
  • 21. • Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
  • 22. • Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
  • 23. Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
  • 24. Capability URLs Many care Such powerful Very not break Web Wow.
  • 25. Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag