support for "sunset scope" via prefix or template

[dret]

currently the scope for a sunset is not quite clear. it might just be the resource responding with Sunset, or it might be that the service containing the resource announces its sunset as a complete service (possibly involving a large number of resources). it would be possible to specify a "sunset scope" with mechanisms such as a prefix or a URI template. on the other hand, this adds complexity and also raises security concerns, such as a resource announcing a sunset with a very large scope (much larger than the resources it actually serves), and supporting applications raising all kinds of alarms as a result.

[dret]

just an idea: to mitigate security problems with resources announcing an overly broad scope, it would be possible to define the scope as a pattern only, which would always be appended to the URI of the resource announcing the sunset.

[dret]

the last additions for -06 do not add a prefix or template mechanism, but they talk about the general concept of a possible wider scope of a Sunset header field than a single resource.

[dret]

getting close to closing this in favor of getting the RFC published without additional complications. anybody objecting make concrete suggestions now, or forever stay silent!

[dret]

closing this as part of the final RFC push.