SlideShare a Scribd company logo

What is a Capability URL (and why do I care?)

Daniel Appelquist
Daniel Appelquist

The W3C TAG is working on a set of best practices for capability URLs. What's a capability URL? Glad you asked. This presentation (give at "London Web Standards" on 20 Jan 2014) attempts to explain what a capability URL is and why Web developers should take care when using them. (NB: the first few slides are just speaker introduction.)

TechnologyDesign
1 of 25
Download to read offline
What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
Telefónica Digital http://blog.digital.telefonica.com - @tefdigital
Firefox OS http://firefoxos.com
W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
Capability URLs
“Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
Cool URLs Don’t Change
…but…
Not all URLs are cool
Some URLs are hot!
Sorry.
So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
Reasons to Use • No login required • Easy to pass on
Reasons to Be Careful • No login required • Easy to pass on
URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
• Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
• Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
Capability URLs Many care Such powerful Very not break Web Wow.
Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag

Recommended

Charles Caldwell - Improve Your Life with AI.pdf
Charles Caldwell - Improve Your Life with AI.pdfCharles Caldwell - Improve Your Life with AI.pdf
Charles Caldwell - Improve Your Life with AI.pdfSOLTUIONSpeople, THINKubators, THINKathons
 
Leveraging Generative AI to Accelerate Graph Innovation for National Security...
Leveraging Generative AI to Accelerate Graph Innovation for National Security...Leveraging Generative AI to Accelerate Graph Innovation for National Security...
Leveraging Generative AI to Accelerate Graph Innovation for National Security...Neo4j
 
24 Design Tips from Real Designers
24 Design Tips from Real Designers24 Design Tips from Real Designers
24 Design Tips from Real DesignersEdahn Small
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
 
AI and content strategy - Elle Geraghty Content Strategy.pdf
AI and content strategy - Elle Geraghty Content Strategy.pdfAI and content strategy - Elle Geraghty Content Strategy.pdf
AI and content strategy - Elle Geraghty Content Strategy.pdfElle Geraghty
 
Future of Data and AI in Retail - NRF 2023
Future of Data and AI in Retail - NRF 2023Future of Data and AI in Retail - NRF 2023
Future of Data and AI in Retail - NRF 2023Rob Saker
 
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...SOLTUIONSpeople, THINKubators, THINKathons
 
From capabilities to services modelling for business-it alignment v.2
From capabilities to services modelling for business-it alignment v.2From capabilities to services modelling for business-it alignment v.2
From capabilities to services modelling for business-it alignment v.2Trond Hjorteland
 

Recommended

Charles Caldwell - Improve Your Life with AI.pdf
Charles Caldwell - Improve Your Life with AI.pdfCharles Caldwell - Improve Your Life with AI.pdf
Charles Caldwell - Improve Your Life with AI.pdfSOLTUIONSpeople, THINKubators, THINKathons
 
Leveraging Generative AI to Accelerate Graph Innovation for National Security...
Leveraging Generative AI to Accelerate Graph Innovation for National Security...Leveraging Generative AI to Accelerate Graph Innovation for National Security...
Leveraging Generative AI to Accelerate Graph Innovation for National Security...Neo4j
 
24 Design Tips from Real Designers
24 Design Tips from Real Designers24 Design Tips from Real Designers
24 Design Tips from Real DesignersEdahn Small
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
 
AI and content strategy - Elle Geraghty Content Strategy.pdf
AI and content strategy - Elle Geraghty Content Strategy.pdfAI and content strategy - Elle Geraghty Content Strategy.pdf
AI and content strategy - Elle Geraghty Content Strategy.pdfElle Geraghty
 
Future of Data and AI in Retail - NRF 2023
Future of Data and AI in Retail - NRF 2023Future of Data and AI in Retail - NRF 2023
Future of Data and AI in Retail - NRF 2023Rob Saker
 
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...
arbar https://www.slideshare.net/Solutionman/charles-caldwell-improve-your-li...SOLTUIONSpeople, THINKubators, THINKathons
 
From capabilities to services modelling for business-it alignment v.2
From capabilities to services modelling for business-it alignment v.2From capabilities to services modelling for business-it alignment v.2
From capabilities to services modelling for business-it alignment v.2Trond Hjorteland
 
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...apidays
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee | Google Cloud
 
Driving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptxDriving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptxssuseree0a28
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AICori Faklaris
 
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITYGENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITYAndre Muscat
 
Microsoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for InvestorsMicrosoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for InvestorsMicrosoft
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringInfluxData
 
The Hierarchy of Engagement
The Hierarchy of EngagementThe Hierarchy of Engagement
The Hierarchy of EngagementGreylock Partners
 
The Creative Ai storm
The Creative Ai stormThe Creative Ai storm
The Creative Ai stormLeandro Righini
 
The Science of Memorable Presentations
The Science of Memorable PresentationsThe Science of Memorable Presentations
The Science of Memorable PresentationsEthos3
 
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)Shift Conference
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasDataWorks Summit
 
The Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and AnalyticsThe Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and AnalyticsNeo4j
 
How to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineHow to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineAlon Weiss
 
The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...Neo4j
 
WTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionWTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionTim O'Reilly
 
Generative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdfGenerative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdfLiming Zhu
 
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at NetflixMichael Hart
 
Peek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and RoadmapPeek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and RoadmapNeo4j
 
DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 

More Related Content

What's hot

APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...apidays
 
Driving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptxDriving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptxssuseree0a28
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AICori Faklaris
 
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITYGENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITYAndre Muscat
 
Microsoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for InvestorsMicrosoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for InvestorsMicrosoft
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringInfluxData
 
The Science of Memorable Presentations
The Science of Memorable PresentationsThe Science of Memorable Presentations
The Science of Memorable PresentationsEthos3
 
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)Shift Conference
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasDataWorks Summit
 
The Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and AnalyticsThe Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and AnalyticsNeo4j
 
How to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineHow to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineAlon Weiss
 
The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...Neo4j
 
WTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionWTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionTim O'Reilly
 
Generative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdfGenerative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdfLiming Zhu
 
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at NetflixMichael Hart
 
Peek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and RoadmapPeek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and RoadmapNeo4j
 

What's hot (20)

APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
APIsecure 2023 - API orchestration: to build resilient applications, Cherish ...
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
Driving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptxDriving API Economy with Apigee.pptx
Driving API Economy with Apigee.pptx
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AI
 
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITYGENERATIVE AI, THE FUTURE OF PRODUCTIVITY
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
 
Microsoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for InvestorsMicrosoft to Acquire LinkedIn: Overview for Investors
Microsoft to Acquire LinkedIn: Overview for Investors
 
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint MonitoringGain Deep Visibility into APIs and Integrations with Anypoint Monitoring
Gain Deep Visibility into APIs and Integrations with Anypoint Monitoring
 
The Hierarchy of Engagement
The Hierarchy of EngagementThe Hierarchy of Engagement
The Hierarchy of Engagement
 
The Creative Ai storm
The Creative Ai stormThe Creative Ai storm
The Creative Ai storm
 
The Science of Memorable Presentations
The Science of Memorable PresentationsThe Science of Memorable Presentations
The Science of Memorable Presentations
 
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
Shift AI 2020: Building AI-first Products - Ehsan Yousefzadeh (AIG Investments)
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and Atlas
 
The Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and AnalyticsThe Path To Success With Graph Database and Analytics
The Path To Success With Graph Database and Analytics
 
How to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineHow to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipeline
 
The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...The three layers of a knowledge graph and what it means for authoring, storag...
The three layers of a knowledge graph and what it means for authoring, storag...
 
WTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionWTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx version
 
Generative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdfGenerative-AI-in-enterprise-20230615.pdf
Generative-AI-in-enterprise-20230615.pdf
 
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at Netflix
 
Peek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and RoadmapPeek into Neo4j Product Strategy and Roadmap
Peek into Neo4j Product Strategy and Roadmap
 

Similar to What is a Capability URL (and why do I care?)

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersbrchapman
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Designcolinbdclark
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Karen Mardahl
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Karen Mardahl
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepMike Anderson
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Anya Stettler
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web techLiaquat Rahoo
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)Robert Sanderson
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museumsmherbison
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011Robert Perret
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journeyOpenAthens
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTelliando dias
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the wayWSO2
 

Similar to What is a Capability URL (and why do I care?) (20)

DotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developersDotNetNuke Urls - Best practice for administrators, editors and developers
DotNetNuke Urls - Best practice for administrators, editors and developers
 
Web Accessibility and Design
Web Accessibility and DesignWeb Accessibility and Design
Web Accessibility and Design
 
Api Design
Api DesignApi Design
Api Design
 
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
Getting Down and Dirty with Accessibility and Usability workshop at TCUK12
 
Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012Build Accessibly - Community Day 2012
Build Accessibly - Community Day 2012
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleep
 
IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)IWMW 2002: Web standards briefing (session C2)
IWMW 2002: Web standards briefing (session C2)
 
Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)Documenting APIs: Sample Code and More (with many pictures of cats)
Documenting APIs: Sample Code and More (with many pictures of cats)
 
Introduction web tech
Introduction web techIntroduction web tech
Introduction web tech
 
world wide web
world wide webworld wide web
world wide web
 
Managing Annotations (OR2016)
Managing Annotations (OR2016)Managing Annotations (OR2016)
Managing Annotations (OR2016)
 
Online Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and MuseumsOnline Collections Crawlability for Libraries, Archives, and Museums
Online Collections Crawlability for Libraries, Archives, and Museums
 
DevOps-Roadmap
DevOps-RoadmapDevOps-Roadmap
DevOps-Roadmap
 
Open access savvy skills 2011
Open access savvy skills 2011Open access savvy skills 2011
Open access savvy skills 2011
 
Unit 3 - URLs and URIs
Unit 3 - URLs and URIsUnit 3 - URLs and URIs
Unit 3 - URLs and URIs
 
Web decay and Internet Archive
Web decay and Internet ArchiveWeb decay and Internet Archive
Web decay and Internet Archive
 
Restful webservices
Restful webservicesRestful webservices
Restful webservices
 
Quick wins for an easier user journey
Quick wins for an easier user journeyQuick wins for an easier user journey
Quick wins for an easier user journey
 
HATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from RESTHATEOAS: The Confusing Bit from REST
HATEOAS: The Confusing Bit from REST
 
APIs : Mapping the way
APIs : Mapping the wayAPIs : Mapping the way
APIs : Mapping the way
 

More from Daniel Appelquist

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web Daniel Appelquist
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...Daniel Appelquist
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014Daniel Appelquist
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?Daniel Appelquist
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsDaniel Appelquist
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Daniel Appelquist
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextDaniel Appelquist
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesDaniel Appelquist
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampDaniel Appelquist
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Daniel Appelquist
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Daniel Appelquist
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebDaniel Appelquist
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistDaniel Appelquist
 

More from Daniel Appelquist (13)

Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web
 
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
You're Doing it Wrong – How App Developers Can Leverage the Web (June 2015 fo...
 
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014"The Web - You're Doing it Wrong" for Forum Oxford May 2014
"The Web - You're Doing it Wrong" for Forum Oxford May 2014
 
What's new in web standards?
What's new in web standards?What's new in web standards?
What's new in web standards?
 
Application Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applicationsApplication Development Guidelines: Developing fit-for-purpose applications
Application Development Guidelines: Developing fit-for-purpose applications
 
Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...Smartphone Challenge: Guidelines for development of network friendly applicat...
Smartphone Challenge: Guidelines for development of network friendly applicat...
 
Rise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-NextRise of Mobile and Web Runtimes - for Standards-Next
Rise of Mobile and Web Runtimes - for Standards-Next
 
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web RuntimesSXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
SXSW 2010 Future15 : Rise of Mobile, APIs and Web Runtimes
 
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer CampEmerging Widgets Ecosystem - for Vodacom Widget Developer Camp
Emerging Widgets Ecosystem - for Vodacom Widget Developer Camp
 
Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)Nokia Web-Runtime Presentation (Phong Vu)
Nokia Web-Runtime Presentation (Phong Vu)
 
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
Yahoo Blueprint for Mobile Widget Aamp Austin (Markus Spiering)
 
Mobile Ajax and the Future of the Web
Mobile Ajax and the Future of the WebMobile Ajax and the Future of the Web
Mobile Ajax and the Future of the Web
 
Over The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan AppelquistOver The Air Keynote - Dan Appelquist
Over The Air Keynote - Dan Appelquist
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

What is a Capability URL (and why do I care?)

  • 1. What is a Capability URL (and why do I care?) Dan Appelquist (@torgo)
 Open Web Advocate, Telefónica Digital
  • 4. W3C Technical Architecture Group “The TAG” http://w3.org/tag - @w3ctag
  • 5. Jeni Tennison ! Technical Director of the ODI http://theodi.org @jenit
  • 7. “Cool URIs Don’t Change” - Tim Berners-Lee http://www.w3.org/Provider/Style/URI.html
  • 8. Footnote: What’s the difference between a URI and a URL? • In theory: URLs are a subset of URIs • In practice: they are used interchangeably • In reality: anyone who uses the term URI probably spends too much time around Web Standards wonks
  • 11. Not all URLs are cool
  • 14. So what’s a hot URL? • Something that provides a set of unique capabilities • Access control - a key • Ephemeral resources
  • 15. Examples, please? • Password resets: “Your password has expired. Click here to reset it.” • Video chats: “The video conference is on 
 https://opentokrtc.com/xyz...” • Polls: “Send this link to anyone you wish to invite: 
 http://doodle.com/xyz....” • Github GISTs • Google Calendar private URLs • iCloud sharing
  • 16. Reasons to Use • No login required • Easy to pass on
  • 17. Reasons to Be Careful • No login required • Easy to pass on
  • 18. URLs Aren’t Designed to be Secret • It appears in the address bar (usually) • It appears in log files - e.g. proxy logs • If it’s passed on once it can be passed on again
  • 19. Also, Web Architecture Says “No” • Using multiple URLs for the same resource runs contrary to documented good practice: • • However, the rationale for this is based on sharing: • • Good practice: Avoiding URI aliases : A URI owner should not associate arbitrarily different URIs with the same resource.
 (Source: Architecture of the World Wide Web, Volume One: http:// www.w3.org/TR/webarch/) It’s better for everyone linking to, or talking about, the same resource to use the same URL Capability URLs are oriented around limited sharing. In these circumstances, having multiple aliases is not an issue.
  • 20. Recommendations for Use • Only use: • to avoid the need for users to log in to perform an action • to make it easy for those with whom you share URLs to share them with others • to avoid authentication overheads in APIs.
  • 21. • Capability URLs should be https URLs - lowers possibility of exposure • Pages that inform users of capability URLs should also be https • Capability URLs should expire
  • 22. • Pages accessed through a capability URL should not include links to third-party websites, or to third-party scripts • If they do, they should include rel="noreferrer" • Capability URLs should be revokable - e.g. by the user who created them • Capability URLs must be unique and should be unguessable
  • 23. Be aware of when you are using this pattern. Employ best practices. Remember: URLs are the fundamental architectural building block of the web. Use with care.
  • 24. Capability URLs Many care Such powerful Very not break Web Wow.
  • 25. Thanks! Keep up with our ongoing work in this space:
 http://w3ctag.github.io/capability-urls/ Formal feedback round coming soon, but feel free to weigh in on GitHub (github.com/w3ctag) or on our mailing list www-tag@w3.org (also holds true for anything else the TAG is working on). Dan Appelquist @torgo
 W3C TAG @w3ctag