Closed VladimirAlexiev closed 4 months ago
Haigutus
commented
5 months ago Hi, this topic has been under discussion before and current approach is to stay with http, with the same reasoning as before.
Unless you have new input, that has not been considered yet, I would close the ticket
https://www.w3.org/blog/2016/05/https-and-the-semantic-weblinked-data/
Duplicates issue mentioned here: https://github.com/Haigutus/Energy-Reference-Data/issues/21
VladimirAlexiev
commented
4 months ago @Haigutus :
@sandhawke wrote
Trust that the infrastructure will quietly switch
How well founded is that trust? My considerations are purely practical:
In theory, http vs https should not matter. In practice, it does matter.
For example, schema.org switched their URLs to https despite objections (including mine) having to do with URL stability.
What has changed since 2016: the tolerance for http has diminished greatly!
Sveino
commented
4 months ago We have in decided to move to https. If this is approved by ENTSO-E CIM WG we will update the site. Currently is both https and http support as reference, but the intern reference on the site is http.
VladimirAlexiev
commented
4 months ago Stats from the popular prefix.cc service. It currently has 3085 prefixes, of which 204 are at w3.org. Breakdown by protocol:
curl -s https://prefix.cc/popular/all.txt | grep -F w3.org | perl -pe 's{.*(https?):.*}{$1}'|sort | uniq -c
191 http
13 httpsHowever, modern w3 specs tend to use https:
curl -s https://prefix.cc/popular/all.txt | grep -F w3.org | grep https:
as https://www.w3.org/ns/activitystreams#
td https://www.w3.org/2019/wot/td#
ianarel https://www.w3.org/ns/iana/link-relations/relation#
latitude https://www.w3.org/2006/vcard/ns#
activity https://www.w3.org/TR/activitystreams-vocabulary/
ldt https://www.w3.org/ns/ldt#
ldn https://www.w3.org/TR/ldn/#
linkrel https://www.w3.org/ns/iana/link-relations/relation#
hctl https://www.w3.org/2019/wot/hypermedia#
jsonschema https://www.w3.org/2019/wot/json-schema#
wotsec https://www.w3.org/2019/wot/security#
i18n https://www.w3.org/ns/i18n#
vr https://www.w3.org/2018/credentials/v1/In particular, modern initiatives like Web of Things and Verifiable Credentials use https:
Sveino
commented
4 months ago We are currently using: xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:eumd="http://entsoe.eu/ns/Metadata-European#" xmlns:eu="http://iec.ch/TC57/CIM100-European#" xmlns:nc="http://entsoe.eu/ns/nc#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:md="http://iec.ch/TC57/61970-552/ModelDescription/1#" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:cim="http://iec.ch/TC57/CIM100#" xmlns:dcterms="http://purl.org/dc/terms/#"
We are planning to change:
http://energy.referencedata.eu to http://energy.referencedata.eu
xmlns:eu="http://iec.ch/TC57/CIM100-European#" to xmlns:eu=https://cim.ucaiug.io/ns/eu#
xmlns:nc="http://entsoe.eu/ns/nc#" to xmlns:nc=https://cim4.eu/ns/nc#
xmlns:cim="http://iec.ch/TC57/CIM100#" to xmlns:cim=https://cim.ucaiug.io/ns#Should we change any of the w3c reference to https?
Haigutus
commented
4 months ago I am quite confused, I was of impression that we will use http, following w3c recommendation and what EU publication office is doing. If we move to HTTPS clear impact asessment and requirements needs to be written down.
Few potential issues:
I am currently travelling, I would appreciate if we have a discussion on this before we do the change.
Currently in my opinion it is a tooling issue, and I don't understand why we need to modify our current approach because some tooling is not able to handle it, the tooling should be changed, or the tooling settings.
VladimirAlexiev
commented
4 months ago Should we change any of the w3c reference to https?
No. You must use any external namespace exactly as it is published.
CIM namespaces
You should consider the backward compatibility of CIM namespaces. It won't be good to force thousands of CIM users to migrate their data to new URLs. But:
what EU publication office is doing... who and how needs to manage the certificates used
This is a very good consideration, @Haigutus! If you depend on OPOCE for publication of Energy Reference Data, you have to follow their suit. I don't know how to find all EU namespaces, but here are some:
SELECT * { ?x a owl:Ontology } returns 22, most of them authority (i.e. lookup lists), and they use httpBut here is something curious:
You can see this with curl:
curl -ILvv http://eurovoc.europa.eu/167730
curl: (7) Failed to connect to eurovoc.europa.eu port 80 after 4434 ms: Couldn't connect to server
curl -ILvv https://eurovoc.europa.eu/167730
HTTP/1.1 302 Found
< Location: http://publications.europa.eu/resource/authority/eurovoc/167730
Issue another request to this URL: 'http://publications.europa.eu/resource/authority/eurovoc/167730'
* Host publications.europa.eu:80 was resolved.The most important requirement is that semantic URLs should resolve and return various formats with content negotiation. Which EuroVoc URLs currently don't do (I have reported it to OPOCE at https://op.europa.eu/en/web/about-us/contact-us and https://joinup.ec.europa.eu/email-contact/rdf_entity/http_e_f_fpublications_ceuropa_ceu_fresource_fdataset_feurovoc_fcontactPoint/field_ci_email/about).
Most semantic resources are read-only, so I don't really see what is the security issue. I myself have resisted http->https migration of schema.org for reasons of URL stability (but schema.org went and did it), see:
So @Haigutus , I think I changed my mind: it's "too early" for the CIM community to try and switch to https.
Nevertheless, below I'll comment on some of the other points.
use http, following w3c recommendation
Do you mean that writeup by Sandro Hawke? It's not a w3c recommendation
Do we need to implement these kinds of changes before the community has settled on the approach
This is not a question for the semantic web community but for the wider web community. Nobody has set a deadline to abandon http and switch to https. But most sites have done it nevertheless, and client tools issue warnings when you use the "insecure" protocol.
why we need to modify our current approach because some tooling is not able to handle it
Any server or client that supports https also supports http. But times are moving forward, and tools have started complaining when you use the "insecure" protocol.
I noticed that semantic URLs use
http, eghttp://energy.referencedata.eu.... But nowadays all modern clients and servers preferhttps. Eg Chrome gives nasty warnings when you access ahttpsite.If not too late, please switch semantic URLs to
https