Internet-Draft | Linkset | January 2021 |
Wilde & Van de Sompel | Expires 18 July 2021 | [Page] |
This specification defines two document formats and respective media types for representing sets of links as stand-alone resources. One format is JSON-based, the other aligned with the format for representing links in the HTTP "Link" header field. This specification also introduces a link relation type to support discovery of sets of links.¶
Please discuss this draft on the "Building Blocks for HTTP APIs" mailing list (https://www.ietf.org/mailman/listinfo/httpapi).¶
Online access to all versions and files is available on GitHub (https://github.com/ietf-wg-httpapi/linkset).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 18 July 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
Resources on the Web often use typed Web Links [RFC8288], either embedded in resource representations, for example using the <link> element for HTML documents, or conveyed in the HTTP "Link" header for documents of any media type. In some cases, however, providing links in this manner is impractical or impossible and delivering a set of links as a stand-alone document is preferable.¶
Therefore, this specification defines two document formats and associated media types to represent sets of links. It also defines the "linkset" relation type that supports discovery of any resource that conveys a set of links as a stand-alone document.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This specification uses the terms "link context" and "link target" as defined in [RFC8288]. These terms respectively correspond with "Context IRI" and "Target IRI" as used in [RFC5988]. Although defined as IRIs, in common scenarios they are also URIs.¶
In the examples provided in this document, links in the HTTP "Link" header are shown on separate lines in order to improve readability. Note, however, that as per Section 3.2 of [RFC7230], line breaks are not allowed in values for HTTP headers; only whitespaces and tabs are supported as seperators.¶
The following sections outline scenarios in which providing links by means of a standalone document instead of in an HTTP "Link" header field or as links embedded in the resource representation is advantageous or necessary.¶
For all scenarios, links could be provided by means of a stand-alone document that is formatted according to the JSON-based serialization, the serialization aligned with the HTTP "Link" header format, or both. The former serialization is motivated by the widespread use of JSON and related tools, which suggests that handling sets of links expressed as JSON documents should be attractive to developers. The latter serialization is provided for compatibility with the existing serialization used in the HTTP "Link" header and to allow reuse of tools created to handle it.¶
It is important to keep in mind that when providing links by means of a standalone representation, other links can still be provided using other approaches, i.e. it is possible combine various mechanisms to convey links.¶
In some cases it is useful that links pertaining to a resource are provided by a server other than the one that hosts the resource. For example, this allows:¶
In such cases, links pertaining to a resource can be provided by another, specific resource. That specific resource may be managed by the same or by another custodian as the resource to which the links pertain. For clients intent on consuming links provided in that manner, it would be beneficial if the following conditions were met:¶
These requirements are addressed in this specification through the definition of two media types and a link relation type, respectively.¶
In some cases, it is not straightforward to write links to the HTTP "Link" header field from an application. This can, for example, be the case because not all required link information is available to the application or because the application does not have the capability to directly write HTTP headers. In such cases, providing links by means of a standalone document can be a solution. Making the resource that provides these links discoverable can be achieved by means of a typed link.¶
When conveying links in an HTTP "Link" header field, it is possible for the size of the HTTP response header to become unpredictable. This can be the case when links are determined dynamically dependent on a range of contextual factors. It is possible to statically configure a web server to correctly handle large HTTP response headers by specifying an upper bound for their size. But when the number of links is unpredictable, estimating a reliable upper bound is challenging.¶
HTTP [RFC7231] defines error codes related to excess communication by the user agent ("413 Request Entity Too Large" and "414 Request-URI Too Long"), but no specific error codes are defined to indicate that response header content exceeds the upper bound that can be handled by the server, and thus it has been truncated. As a result, applications take counter measures aimed at controlling the size of the HTTP "Link" header field, for example by limiting the links they provide to those with select relation types, thereby limiting the value of the HTTP "Link" header field to clients. Providing links by means of a standalone document overcomes challenges related to the unpredictable nature of the size of HTTP "Link" header fields.¶
This section specifies two document formats to convey a set of links. Both are based on the abstract model specified in Section 2 of Web Linking [RFC8288] that defines a link as consisting of a "link context", a "link relation type", a "link target", and optional "target attributes":¶
Note that [RFC8288] deprecates the "rev" construct that was provided by [RFC5988] as a means to express links with a directionality that is the inverse of direct links that use the "rel" construct. In both serializations for link sets defined here, inverse links SHOULD be represented as direct links using the "rel" construct and by switching the position of the resources involved in the link.¶
This document format is identical to the payload of the HTTP "Link" header field as defined in Section 3 of [RFC8288], more specifically by its ABNF production rule for "Link" and subsequent ones.¶
The assigned media type for this format is "application/linkset".¶
In order to support use cases where "application/linkset" documents are re-used outside the context of an HTTP interaction, it is RECOMMENDED to make them self-contained by adhering to the following guidelines:¶
If these recommendations are not followed, interpretation of links in "application/linkset" documents will depend on which URI is used as context.¶
This document format uses JSON [RFC8259] as the syntax to represent a set of links. The set of links follows the abstract model defined by Web Linking [RFC8288].¶
The assigned media type for this format is "application/linkset+json".¶
In order to support use cases where "application/linkset+json" documents are re-used outside the context of an HTTP interaction, it is RECOMMENDED to make them self-contained by adhering to the following guidelines:¶
If these recommendations are not followed, interpretation of "application/linkset+json" will depend on which URI is used as context URI.¶
The "application/linkset+json" serialization is designed such that it can directly be used as the content of a JSON-LD serialization by adding an appropriate context. Appendix B shows an example of a possible context that, when added to a JSON serialization, allows it to be interpreted as RDF.¶
In the JSON representation of a set of links:¶
In the JSON representation one or more links that have the same link context are represented by a JSON object, the link context object. A link context object adheres to the following rules:¶
In the JSON representation a link target is represented by a JSON object, the link target object. A link target object adheres to the following rules:¶
The following example of a JSON-serialized set of links represents one link with its core components: link context, link relation type, and link target.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "next": [ {"href": "http://example.com/foo"} ] } ] }¶
The following example of a JSON-serialized set of links represents two links that share link context and relation type but have different link targets.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "item": [ {"href": "http://example.com/foo1"}, {"href": "http://example.com/foo2"} ] } ] }¶
The following example shows a set of links that represents two links, each with a different link context, link target, and relation type. One relation type is registered, the other is an extension relation type.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "next": [ {"href": "http://example.com/foo1"} ] }, { "anchor": "http://example.net/boo", "http://example.com/relations/baz" : [ {"href": "http://example.com/foo2"} ] } ] }¶
A link may be further qualified by target attributes. Three types of attributes exist:¶
The handling of these different types of attributes is described in the sections below.¶
RFC 8288 defines the following target attributes that may be used to annotate links: "hreflang", "media", "title", "title*", and "type"; these target attributes follow different occurrence and value patterns. In the JSON representation, these attributes MUST be conveyed as additional members of the link target object as follows:¶
The following example illustrates how the repeatable "hreflang" and the not repeatable "type" target attributes are represented in a link target object.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "next": [ {"href": "http://example.com/foo", "type": "text/html", "hreflang": [ "en" , "de" ] } ] } ] }¶
In addition to the target attributes described in Section 4.2.4.1, [RFC8288] also supports attributes that follow the content model of [RFC8187]. In [RFC8288], these target attributes are recognizable by the use of a trailing asterisk in the attribute name, such as "title*". The content model of [RFC8187] uses a string-based microsyntax that represents the character encoding, an optional language tag, and the escaped attribute value encoded according to the specified character encoding.¶
The JSON serialization for these target attributes MUST be as follows:¶
The following example illustrates how the "title*" target attribute defined by [RFC8288] is represented in a link target object.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "next": [ {"href": "http://example.com/foo", "type": "text/html", "hreflang": [ "en" , "de" ], "title": "Next chapter", "title*": [ { "value": "nachstes Kapitel" , "language" : "de" } ] } ] } ] }¶
The above example assumes that the German title contains an umlaut character (in the native syntax it would be encoded as title*=UTF-8'de'n%c3%a4chstes%20Kapitel), which gets encoded in its unescaped form in the JSON representation. This is not shown in the above example due to the limitations of RFC publication. Implementations MUST properly decode/encode internationalized target attributes that follow the model of [RFC8187] when transcoding between the "application/linkset" and the "application/linkset+json" formats.¶
Extension target attributes are attributes that are not defined by RFC 8288 (as listed in Section 4.2.4.1), but are nevertheless used to qualify links. They can be defined by communities in any way deemed necessary, and it is up to them to make sure their usage is understood by target applications. However, lacking standardization, there is no interoperable understanding of these extension attributes. One important consequence is that their cardinality is unknown to generic applications. Therefore, in the JSON serialization, all extension target attributes are treated as repeatable.¶
The JSON serialization for these target attributes MUST be as follows:¶
The example shows a link target object with three extension target attributes. The value for each extension target attribute is an array. The two first are regular extension target attributes, with the first one ("foo") having only one value and the second one ("bar") having two. The last extension target attribute ("baz*") follows the naming rule of [RFC8187] and therefore is encoded according to the serialization described in Section 4.2.4.2.¶
{ "linkset": [ { "anchor": "http://example.net/bar", "next": [ { "href": "http://example.com/foo", "type": "text/html", "foo": [ "foovalue" ], "bar": [ "barone", "bartwo" ], "baz*": [ { "value": "bazvalue" , "language" : "en" } ] } ] } ] }¶
The target of a link with the "linkset" relation type provides a set of links, including links in which the resource that is the link context participates.¶
A link with the "linkset" relation type MAY be provided in the header and/or the body of a resource's representation. It may also be discovered by other means, such as through client-side information.¶
A resource MAY provide more than one link with a "linkset" relation type. Multiple such links can refer to the same set of links expressed using different media types, or to different sets of links, potentially provided by different third-party services.¶
A user agent that follows a "linkset" link MUST be aware that the set of links provided by the resource that is the target of the link can contain links in which the resource that is the context of the link does not participate; it MAY decide to ignore those links.¶
A user agent that follows a "linkset" link and obtains links for which anchors and targets are not expressed as absolute URIs MUST properly determine what the context is for these links; it SHOULD ignore links for which it is unable to unambiguously make that determination.¶
Section 6.1 and Section 6.2 show examples whereby the set of links are provided as "application/linkset" and "application/linkset+json" documents, respectively. Section 6.3 illustrates the use of the "linkset" link relation type to support discovery of sets of links.¶
Figure 1 shows a client issuing an HTTP GET request against resource <http://example.org/resource1>.¶
Figure 2 shows the response to the GET request of Figure 1. The response contains a Content-Type header specifying that the media type of the response is "application/linkset". A set of links, including links that pertain to the responding resource, is provided in the response body.¶
Figure 3 shows the client issuing an HTTP GET request against <http://example.com/links/article/7507>. In the request, the client uses an "Accept" header to indicate it prefers a response in the "application/linkset+json" format.¶
Figure 4 shows the response to the HTTP GET request of Figure 3. The set of links is serialized according to the media type "application/linkset+json".¶
Figure 5 shows a client issuing an HTTP HEAD request against resource <http://example.org/article/view/7507>.¶
Figure 6 shows the response to the HEAD request of Figure 5. The response contains a "Link" header with a link that has the "linkset" relation type. It indicates that a set of links is provided by resource <http://example.com/links/article/7507>, which provides a representation with media type "application/linkset+json".¶
Section 6.2 shows a client obtaining a set of links by issuing an HTTP GET on the target of the link with the "linkset" relation type, <http://example.com/links/article/7507>.¶
Note to RFC Editor: Please remove this section before publication.¶
This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in RFC 6982 [RFC6982]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.¶
According to RFC 6982, "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".¶
GS1 is a provider of barcodes (GS1 GTINs and EAN/UPC) for retail products and manages an ecology of services and standards to leverage them at a global scale. GS1 has indicated that it will implement this "linkset" specification as a means to allow requesting and representing links pertaining to products from various retailers. Currently, the GS1 Digital Link specification makes an informative reference to version 03 of the "linkset" I-D. GS1 expresses confidence that this will become a normative reference in the next iteration of that specification, likely to be ratified as a GS1 standard around February 2021.¶
Open Journal Systems (OJS) is an open-source software for the management of peer-reviewed academic journals, and is created by the Public Knowledge Project (PKP), released under the GNU General Public License. Open Journal Systems (OJS) is a journal management and publishing system that has been developed by PKP through its federally funded efforts to expand and improve access to research.¶
The OJS platform has implemented "linkset" support as an alternative way to provide links when there are more than a configured limit (they consider using about 10 as a good default, for testing purpose it is currently set to 8).¶
The link relation type below has been registered by IANA per Section 6.2.1 of Web Linking [RFC8288]:¶
The Internet media type [RFC6838] for a natively encoded linkset is application/linkset.¶
Additional information:¶
The Internet media type [RFC6838] for a JSON-encoded linkset is application/linkset+json.¶
Additional information:¶
The security considerations of Web Linking [RFC8288] apply, as long as they are not specifically discussing the risks of exposing information in HTTP header fields.¶
In general, links may cause information leakage when they expose information (such as URIs) that can be sensitive or private. Links may expose "hidden URIs" that are not supposed to be openly shared, and may not be sufficiently protected. Ideally, none of the URIs exposed in links should be supposed to be "hidden"; instead, if these URIs are supposed to be limited to certain users, then technical measures should be put in place so that accidentally exposing them does not cause any harm.¶
For the specific mechanisms defined in this specification, two security considerations should be taken into account:¶
Thanks for comments and suggestions provided by Phil Archer, Dominique Guinard, Mark Nottingham, Stian Soiland-Reyes, and Sarven Capadisli.¶
A set of links rendered according to the JSON serialization defined in Section 4.2 can be interpreted as RDF triples by adding a JSON-LD context [W3C.REC-json-ld-20140116] that maps the JSON keys to corresponding Linked Data terms. And, as per [W3C.REC-json-ld-20140116] section 6.8, when delivering a link set that is rendered according to the "application/linkset+json" media type to a user agent, a server can convey the availability of such a JSON-LD context by using a link with the relation type "http://www.w3.org/ns/json-ld#context" in the HTTP "Link" header.¶
Using the latter approach to support discovery of a JSON-LD Context, the response to the GET request of Figure 3 against the URI of a set of links would be as shown in Figure 7.¶
In order to obtain the JSON-LD Context conveyed by the server, the user agent issues an HTTP GET against the link target of the link with the "http://www.w3.org/ns/json-ld#context" relation type. The response to this GET is shown in Figure 8. This particular JSON-LD context maps "application/linkset+json" representations of link sets to Dublin Core Terms. It also renders each link relation as an absolute URI, inspired by the same approach used for Atom [RFC4287] described in [RFC8288] appendix A.2.¶
Applying the JSON-LD context of Figure 8 to the link set of Figure 7 allows transforming the "application/linkset+json" link set to an RDF link set. Figure 9 shows the latter represented by means of the "text/turtle" RDF serialization.¶
Note that the JSON-LD context of Figure 8 does not handle
(meta)link relations of type "linkset"
as they are
in conflict with the top-level JSON key. A workaround is to rename the top-level key
to "_linkset"
in the
"application/linkset+json" before transforming a link set to JSON-LD.¶