uf-discuss at cilux.org
Tue Jul 1 13:49:33 PDT 2008
Ciaran McNulty wrote:
> On Sun, Jun 29, 2008 at 3:07 PM, Duncan Cragg <uf-discuss at cilux.org> wrote:
>> Those of us who favour opaque URLs (actually for practical reasons such as
>> clean separation of concerns, maintainability, etc.) are unhappy with being
>> forced into a semantic URL schema when using rel-tag.
> Can you go into a bit more detail, or point to a resource explaining
> the benefits of opaque URLs? It's something I've not come across
> before and I'd be intrigued to see the reasons behind it.
I'll do both. Here's a resource explaining it - I addressed the subject
in this blog post:
That is a very transparent URL (see: I'm not obsessive about it!).
The trouble with my URL is that it mixes three concerns:
1. making a connection to my server and kicking off HTTP
2. identifying a resource (with a completely opaque string) within HTTP
3. kicking off some Python code with an argument string
It's 1. and 3. I'm talking about. URLs are already opaque to HTTP.
As soon as you allow in syntax or schema in URLs - as soon as you start
using anything other than long random numbers - you've got a problem of
namespace allocation and schema standardisation. I refer to "Zooko's
Triangle" on my blog's right rail which discusses the trade-off between
global uniqueness, security and memorability.
On 1.: Unless you're running fancy P2P algorithms, it's hard to argue
against putting a big hint in the URL to say where to go to find the
resource. But don't forget that you needn't go to that server - you
could ask an intermediary proxy - which is kind of a simplistic P2P
However, there is a case for arguing that DNS has been a failure: it
isn't any more easy to type a URL when you know you have to be so
precise to avoid scam sites. And it isn't any easier to use it to
identify a site when you have to avoid the likes of
www.yahoo.com.baddies.com or www.google.randomtld . You may as well only
use IP addresses; as hard to type and as useless to read. Most programs
come with a copy-paste function to save some typing...
Add to this lack of security (and other security holes) the absurd
scramble for domain name real estate and such bad behaviour as domain
squatting, etc., and it's looking like a system that only system admins
and crooks benefit from.
Most people (including myself) would type 'acme' into Google instead of
'acme.com' into the URL bar, to give an extra level of intelligence,
familiarity, trust and user interface consistency.
But really it's 3. that bothers me most. Using URLs to pass
human-readable strings to an application 'above' HTTP.
A transparent URL string is always a query string (whether it has a '?'
or not) - in other words, it could potentially be ambiguous and return,
not definitely one, but zero or many possible results. We probably get
zero results when we 'hack' a URL or when the site gets reorganised. We
gloss over the many-results case by returning a single page that we call
'query results'. But by allowing in zero or many resources so easily,
we've loosened the Web by removing the definite 1-1 mapping of URL to
Hackable URLs should not be part of a self-respecting website's user
interface. We would give a better user experience if we took the URL bar
away and replaced it with a 'jump to first clipboard web link' button,
for those copy-paste situations. Such a button would intelligently parse
the text on the clipboard for URLs and jump to the first location
discovered. A good information architecture and user interaction design
makes hackable URLs irrelevant.
Another problem is when people start using their knowledge of the URL
structure to generate new URLs - it may be acceptable or encouraged
(even prescribed in an HTML GET form), but each time it happens, we're
creating a unique mini-contract - another non-standard schema. The Web
thrives on URL proliferation, not on schema proliferation!
The need for URLs to be reliable - to always return what they are
expected to return each time they're used - means that whatever URL
schema or namespace you come up with is something you're stuck with -
people or even programs may depend on it. But there's no standards body
or namespace body looking after the bigger picture for you. Your
mistakes may haunt you for a long time.
Also, query URLs are inherently /not/ reliable - the resource they
return is /expected/ to change, which again makes their (re)-use less
Clearly, the W3C's unfortunate 'httpRange-14' issue would never have
occurred with opaque URLs. In other words, opaque, semantics-free HTTP
URIs are /always/ dereferencable to 'information resources' and /never/
refer to cars! Strings that are part of a car domain model belong inside
/content/ not in links to content - they belong above HTTP. I'm not
fully conversant in the Semantic Web domain, but I suspect that there
are issues in there that are caused by mixing up globally unique
identifier strings used to build information structures with strings
that are semantically-meaningful over those structures, and that can
dereference to sets.
So my main objection to transparent URLs is the way they mix up the
mechanism for linking up the Web with a mechanism for querying it. The
Web works fine using HTTP and opaque URLs. We have POST and Content-Type
and OpenSearch schemas to query the Web.
You can return opaque links to time-ordered collections listing the
latest documents to be tagged 'semweb':
<a class="tag" href="http://tagbeat.com/3720a-993117b">semweb</a>
Keep your URLs opaque (like GUIDs in databases) and put your application
data and queries in the content (like SQL queries and result sets in
databases). Give your query content resources a first-class schema - see
OpenSearch - and even their own URLs. POST these queries to opaque
collection URLs. Make your result sets transient (returned in the POST
response, thus no-cache by default). Result sets should only be
'grounded' (thus linkable and cacheable) if explicitly asked for in the
query, when you should redirect to a new resource in the POST response.
Of course, you can still surround the UUID/GUID part of your opaque URLs
with human-readable string decorations, as long as they're never used to
dereference the resource but just for mnemonic purpose, or for search
I've gone on at length (again!), but hope you have had the patience to
get my point of view. =0)
PS I work at the Financial Times over the river from you - but I was a
URL opacitist /before/ having to wrangle with the FT CMS...!
More information about the microformats-discuss