Network Working Group T. Hansen Request for Comments: 4395 AT&T Laboratories Obsoletes: 2717, 2718 T. Hardie BCP: 115 Qualcomm, Inc. Category: Best Current Practice L. Masinter Adobe Systems February 2006 Guidelines and Registration Procedures for New URI Schemes Status of This Memo This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document provides guidelines and recommendations for the definition of Uniform Resource Identifier (URI) schemes. It also updates the process and IANA registry for URI schemes. It obsoletes both RFC 2717 and RFC 2718. Hansen, et al. Best Current Practice [Page 1] RFC 4395 New URI Schemes February 2006 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Guidelines for Permanent URI Scheme Definitions . . . . . . . 4 2.1. Demonstratable, New, Long-Lived Utility . . . . . . . . . 4 2.2. Syntactic Compatibility . . . . . . . . . . . . . . . . . 5 2.3. Well-Defined . . . . . . . . . . . . . . . . . . . . . . . 5 2.4. Definition of Operations . . . . . . . . . . . . . . . . . 6 2.5. Context of Use . . . . . . . . . . . . . . . . . . . . . . 6 2.6. Internationalization and Character Encoding . . . . . . . 7 2.7. Clear Security Considerations . . . . . . . . . . . . . . 7 2.8. Scheme Name Considerations . . . . . . . . . . . . . . . . 7 3. Guidelines for Provisional URI Scheme Registration . . . . . . 8 4. Guidelines for Historical URI Scheme Registration . . . . . . 8 5. URI Scheme Registration Procedure . . . . . . . . . . . . . . 9 5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Registration Procedures . . . . . . . . . . . . . . . . . 9 5.3. Change Control . . . . . . . . . . . . . . . . . . . . . . 10 5.4. URI Scheme Registration Template . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 9.2. Informative References . . . . . . . . . . . . . . . . . . 13 Hansen, et al. Best Current Practice [Page 2] RFC 4395 New URI Schemes February 2006 1. Introduction The Uniform Resource Identifier (URI) protocol element and generic syntax is defined by RFC 3986 [5]. Each URI begins with a scheme name, as defined by Section 3.1 of RFC 3986, that refers to a specification for identifiers within that scheme. The URI syntax provides a federated and extensible naming system, where each scheme's specification may further restrict the syntax and semantics of identifiers using that scheme. This document provides guidelines for the definition of new URI schemes, for consideration by those who are defining, registering, or evaluating those definitions, as well as a process and mechanism for registering URI schemes within the IANA URI scheme registry. The registry has two parts: 'provisional' and 'permanent', with different requirements. Guidelines and requirements for both parts are given. This document obsoletes both RFCs 2717 [7] and 2718 [8]. RFCs 2717 and 2718 drew a distinction between 'locators' (identifiers used for accessing resources available on the Internet) and 'names' (identifiers used for naming possibly abstract resources, independent of any mechanism for accessing them). The intent was to use the designation "URL" (Uniform Resource Locator) for those identifiers that were locators and "URN" (Uniform Resource Name) for those identifiers that were names. In practice, the line between 'locator' and 'name' has been difficult to draw: locators can be used as names, and names can be used as locators. As a result, recent documents have used the term "URI" for all resource identifiers, avoiding the term "URL" and reserving the term "URN" explicitly for those URIs using the "urn" scheme name (RFC 2141 [2]). URN "namespaces" (RFC 3406 [9]) are specific to the "urn" scheme and not covered explicitly by this document. RFC 2717 defined a set of registration trees in which URI schemes could be registered, one of which was called the IETF Tree, to be managed by IANA. RFC 2717 proposed that additional registration trees might be approved by the IESG. However, no such registration trees have been approved. This document eliminates RFC 2717's distinction between different 'trees' for URI schemes; instead there is a single namespace for registered values. Within that namespace, there are values that are approved as meeting a set of criteria for URI schemes. Other scheme names may also be registered provisionally, without necessarily meeting those criteria. The intent of the registry is to: Hansen, et al. Best Current Practice [Page 3] RFC 4395 New URI Schemes February 2006 o provide a central point of discovery for established URI scheme names, and easy location of their defining documents; o discourage use of the same URI scheme name for different purposes; o help those proposing new URI scheme names to discern established trends and conventions, and avoid names that might be confused with existing ones; o encourage registration by setting a low barrier for provisional registrations. RFC 3987 [6] introduced a new protocol element, the Internationalized Resource Identifier (IRI), and defined a mapping between URIs and IRIs. There is no separate registry or registration process for IRIs. Those who wish to describe resource identifiers that are useful as IRIs should define the corresponding URI syntax, and note that the IRI usage follows the rules and transformations defined in RFC 3987. Within this document, the key words MUST, MAY, SHOULD, REQUIRED, RECOMMENDED, and so forth are used within the general meanings established in RFC 2119 [1], within the context that they are requirements on future registration documents. 2. Guidelines for Permanent URI Scheme Definitions This section gives considerations for new URI schemes. Meeting these guidelines is REQUIRED for permanent URI scheme registration. Meeting these guidelines is also RECOMMENDED for provisional registration, as described in Section 3. 2.1. Demonstratable, New, Long-Lived Utility The use and deployment of new URI schemes in the Internet infrastructure is costly; some parts of URI processing may be scheme-dependent, and deployed software already processes URIs of well-known schemes. Introducing a new URI scheme may require additional software, not only for client software and user agents but also in additional parts of the network infrastructure (gateways, proxies, caches) [11]. URI schemes constitute a single, global namespace; it is desirable to avoid contention over use of short, mnemonic scheme names. For these reasons, the unbounded registration of new schemes is harmful. New URI schemes SHOULD have clear utility to the broad Internet community, beyond that available with already registered URI schemes. Hansen, et al. Best Current Practice [Page 4] RFC 4395 New URI Schemes February 2006 2.2. Syntactic Compatibility RFC 3986 [5] defines the generic syntax for all URI schemes, along with the syntax of common URI components that are used by many URI schemes to define hierarchical identifiers. All URI scheme specifications MUST define their own syntax such that all strings matching their scheme-specific syntax will also match the grammar described in Section 4.3 of RFC 3986. New URI schemes SHOULD reuse the common URI components of RFC 3986 for the definition of hierarchical naming schemes. However, if there is a strong reason for a URI scheme not to use the hierarchical syntax, then the new scheme definition SHOULD follow the syntax of previously registered schemes. URI schemes that are not intended for use with relative URIs SHOULD avoid use of the forward slash "/" character, which is used for hierarchical delimiters, and the complete path segments "." and ".." (dot-segments). Avoid improper use of "//". The use of double slashes in the first part of a URI is not an artistic indicator that what follows is a URI: Double slashes are used ONLY when the syntax of the URI's contains a hierarchical structure as described in RFC 3986. In URIs from such schemes, the use of double slashes indicates that what follows is the top hierarchical element for a naming authority. (See Section 3.2 of RFC 3986 for more details.) URI schemes that do not contain a conformant hierarchical structure in their SHOULD NOT use double slashes following the ":" string. New URI schemes SHOULD clearly define the role of RFC 3986 [5] reserved characters in URIs of the scheme being defined. The syntax of the new scheme should be clear about which of the "reserved" set of characters (as defined in RFC 3986) are used as delimiters within the URIs of the new scheme, and when those characters must be escaped, versus when they may be used without escaping. 2.3. Well-Defined While URIs may or may not be useful as locators in practice, a URI scheme definition itself MUST be clear as to how it is expected to function. Schemes that are not intended to be used as locators SHOULD describe how the resource identified can be determined or accessed by software that obtains a URI of that scheme. Hansen, et al. Best Current Practice [Page 5] RFC 4395 New URI Schemes February 2006 For schemes that function as locators, it is important that the mechanism of resource location be clearly defined. This might mean different things depending on the nature of the URI scheme. In many cases, new URI schemes are defined as ways to translate between other namespaces or protocols and the general framework of URIs. For example, the "ftp" URI scheme translates into the FTP protocol, while the "mid" URI scheme translates into a Message-ID identifier of an email message. For such schemes, the description of the mapping must be complete, and in sufficient detail so that the mapping in both directions is clear: how to map from a URI into an identifier or set of protocol actions or name in the target namespace, and how legal values in the base namespace, or legal protocol interactions, might be represented in a valid URI. In particular, the mapping should describe the mechanisms for encoding binary or character strings within valid character sequences in a URI (See Section 2.6 for guidelines). If not all legal values or protocol interactions of the base standard can be represented using the URI scheme, the definition should be clear about which subset are allowed, and why. 2.4. Definition of Operations As part of the definition of how a URI identifies a resource, a URI scheme definition SHOULD define the applicable set of operations that may be performed on a resource using the URI as its identifier. A model for this is HTTP; an HTTP resource can be operated on by GET, POST, PUT, and a number of other operations available through the HTTP protocol. The URI scheme definition should describe all well-defined operations on the URI identifier, and what they are supposed to do. Some URI schemes don't fit into the "information access" paradigm of URIs. For example, "telnet" provides location information for initiating a bi-directional data stream to a remote host; the only operation defined is to initiate the connection. In any case, the operations appropriate for a URI scheme should be documented. Note: It is perfectly valid to say that "no operation apart from GET is defined for this URI". It is also valid to say that "there's only one operation defined for this URI, and it's not very GET-like". The important point is that what is defined on this scheme is described. 2.5. Context of Use In general, URIs are used within a broad range of protocols and applications. Most commonly, URIs are used as references to resources within directories or hypertext documents, as hyperlinks to Hansen, et al. Best Current Practice [Page 6] RFC 4395 New URI Schemes February 2006 other resources. In some cases, a URI scheme is intended for use within a different, specific set of protocols or applications. If so, the scheme definition SHOULD describe the intended use and include references to documentation that define the applications and/or protocols cited. 2.6. Internationalization and Character Encoding When describing URI schemes in which (some of) the elements of the URI are actually representations of human-readable text, care should be taken not to introduce unnecessary variety in the ways in which characters are encoded into octets and then into URI characters; see RFC 3987 [6] and Section 2.5 of RFC 3986 [5] for guidelines. If URIs of a scheme contain any text fields, the scheme definition MUST describe the ways in which characters are encoded, and any compatibility issues with IRIs of the scheme. 2.7. Clear Security Considerations Definitions of URI schemes MUST be accompanied by a clear analysis of the security implications for systems that use the URI scheme; this follows the practice of Security Consideration sections within IANA registrations [3]. In particular, Section 7 of RFC 3986 [5] describes general security considerations for URI schemes. The definition of an individual URI scheme should note which of these apply to the specified scheme. 2.8. Scheme Name Considerations Section 3.1 of RFC 3986 defines the syntax of a URI scheme name. New scheme registrations MUST comply. Note that although scheme names are case insensitive, scheme names MUST be registered using lowercase letters. URI scheme names should be short, but also sufficiently descriptive and distinguished to avoid problems. Avoid names or other symbols that might cause problems with rights to use the name in IETF specifications and Internet protocols. For example, be careful with trademark and service mark names. (See Section 7.4 of RFC 3978 [4].) Avoid using names that are either very general purpose or associated in the community with some other application or protocol. Avoid scheme names that are overly general or grandiose in scope (e.g., that allude to their "universal" or "standard" nature when the described namespace is not.) Hansen, et al. Best Current Practice [Page 7] RFC 4395 New URI Schemes February 2006 Organizations that desire a private name space for URI scheme names are encouraged to use a prefix based on their domain name, expressed in reverse order. For example, a URI scheme name of com-example-info might be registered by the vendor that owns the example.com domain name. 3. Guidelines for Provisional URI Scheme Registration While the guidelines in Section 2 are REQUIRED for permanent registration, they are RECOMMENDED for provisional registration. For a provisional registration, the following are REQUIRED: o The scheme name meets the syntactic requirements of Section 2.8. o There is not already an entry with the same URI scheme name. (In the unfortunate case that there are multiple, different uses of the same scheme name, the IESG may approve a request to modify an existing entry to note the separate use.) o Contact information identifying the person supplying the registration is included. Previously unregistered URI schemes discovered in use may be registered by third parties on behalf of those who created the URI scheme; in this case, both the registering party and the scheme creator SHOULD be identified. o If no permanent, citable specification for the URI scheme definition is included, credible reasons for not providing it should be given. o A valid Security Considerations section, as required by Section 6 of [3]. o If the scheme definition does not meet the guidelines laid out in Section 2, the differences and reasons SHOULD be noted. 4. Guidelines for Historical URI Scheme Registration In some circumstances, it is appropriate to note a URI scheme that was once in use or registered but for whatever reason is no longer in common use or the use is not recommended. In this case, it is possible for an individual to request that the URI scheme be registered (newly, or as an update to an existing registration) as 'historical'. Any scheme that is no longer in common use MAY be designated as historical; the registration should contain some indication to where the scheme was previously defined or documented. Hansen, et al. Best Current Practice [Page 8] RFC 4395 New URI Schemes February 2006 5. URI Scheme Registration Procedure 5.1. General The URI registration process is described in the terminology of [3]. The registration process is an optional mailing list review, followed by "Expert Review". The registration request should note the desired status. The Designated Expert will evaluate the request against the criteria of the requested status. In the case of a permanent registration request, the Designated Expert may: o Accept the URI scheme name for permanent registration. o Suggest provisional registration instead. o Request IETF review and IESG approval; in the meanwhile, suggest provisional registration. URI scheme definitions contained within other IETF documents (Informational, Experimental, or Standards-Track RFCs) must also undergo Expert Review; in the case of Standards-Track documents, permanent registration status approval is required. 5.2. Registration Procedures Someone wishing to register a URI scheme SHOULD: 1. Check the IANA URI scheme registry to see whether or not there is already an entry for the desired name. If there is already an entry under the name, choose a different URI scheme name. 2. Prepare a URI scheme registration template, as specified in Section 5.4. The URI scheme registration template may be contained in an Internet Draft, alone or as part of some other protocol specification. The template may also be submitted in some other form (as part of another document or as a stand-alone document), but the contents will be treated as an "IETF Contribution" under the guidelines of RFC 3978 [4]. 3. Send a copy of the template or a pointer to the containing document (with specific reference to the section with the template) to the mailing list uri-review@ietf.org, requesting review. In addition, request review on other mailing lists as appropriate. For example, general discussion of URI syntactical issues could be discussed on uri@w3.org; schemes for a network protocol could be discussed on a mailing list for that protocol. Allow a reasonable time for discussion and comments. Four weeks is reasonable for a permanent registration requests. 4. Respond to review comments and make revisions to the proposed registration as needed to bring it into line with the guidelines given in this document. Hansen, et al. Best Current Practice [Page 9] RFC 4395 New URI Schemes February 2006 5. Submit the (possibly updated) registration template (or pointer to document containing it) to IANA at iana@iana.org, specifying whether 'permanent' or 'provisional' registration is requested. Upon receipt of a URI scheme registration request, 1. IANA checks the submission for completeness; if sections are missing or citations are not correct, IANA rejects the registration request. 2. IANA checks the current registry for a entry with the same name; if such a registry exists, IANA rejects the registration request. 3. IANA requests Expert Review of the registration request against the corresponding guidelines. 4. The Designated Expert may request additional review or discussion, as necessary. 5. If Expert Review recommends registration 'provisional' or 'permanent' registration, IANA adds the registration to the appropriate registry. 6. Unless Expert Review has explicitly rejected the registration request within two weeks, IANA should automatically add the registration in the 'provisional' registry. Either based on an explicit request or independently initiated, the Designated Expert or IESG may request the upgrade of a 'provisional' registration to a 'permanent' one. In such cases, IANA should move the corresponding entry from the provisional registry. 5.3. Change Control Registrations may be updated in each registry by the same mechanism as required for an initial registration. In cases where the original definition of the scheme is contained in an IESG-approved document, update of the specification also requires IESG approval. Provisional registrations may be updated by the original registrant or anyone designated by the original registrant. In addition, the IESG may reassign responsibility for a provisional registration scheme, or may request specific changes to a scheme registration. This will enable changes to be made to schemes where the original registrant is out of contact, or unwilling or unable to make changes. Transition from 'provisional' to 'permanent' status may be requested and approved in the same manner as a new 'permanent' registration. Transition from 'permanent' to 'historical' status requires IESG approval. Transition from 'provisional' to 'historical' may be requested by anyone authorized to update the provisional registration. Hansen, et al. Best Current Practice [Page 10] RFC 4395 New URI Schemes February 2006 5.4. URI Scheme Registration Template This template describes the fields that must be supplied in a URI scheme registration request: URI scheme name. See Section 2.8 for guidelines. Status. This reflects the status requested, and should be one of 'permanent', 'provisional', or 'historical'. URI scheme syntax. See Section 2.2 for guidelines. URI scheme semantics. See Section 2.3 and Section 2.4 for guidelines. Encoding considerations. See Section 2.3 and Section 2.6 for guidelines. Applications/protocols that use this URI scheme name. Applications and/or protocols that use this URI scheme name; see Section 2.5. Interoperability considerations. If you are aware of any details regarding your scheme that might impact interoperability, please identify them here. For example: proprietary or uncommon encoding method; inability to support multibyte character sets; incompatibility with types or versions of any underlying protocol. Security considerations. See Section 2.7 for guidelines. Contact. Person (including contact information) to contact for further information. Author/Change controller. Person (including contact information) authorized to change this, if a provisional registration. References. Include full citations for all referenced documents. Registration templates for provisional registration may be included in an Internet Draft; when the documents expire or are approved for publication as an RFC, the registration will be updated. 6. IANA Considerations This document replaces the current "URL Scheme" registry with a new Uniform Resource Identifier scheme registry, and establishes a new registration template and a new process for registration. The process is based on [3] "Expert Review" with an initial (optional) mailing list review. Hansen, et al. Best Current Practice [Page 11] RFC 4395 New URI Schemes February 2006 The template has an additional field for the status of the URI name scheme, and the procedures for entering new name schemes have been augmented. Section 5 establishes the process for new URI scheme registration. To transition to the new registry, all URL name schemes in the existing table should be entered as URI schemes, with 'permanent' status. 7. Security Considerations All registered values are expected to contain accurate security consideration sections; 'permanent' registered scheme names are expected to contain complete definitions. Information concerning possible security vulnerabilities of a protocol may change over time. Consequently, claims as to the security properties of a registered URI scheme may change as well. As new vulnerabilities are discovered, information about such vulnerabilities may need to be attached to existing documentation, so that users are not misled as to the true security properties of a registered URI scheme. 8. Acknowledgements Many thanks to Paul Hoffmann, Ira McDonald, Roy Fielding, Stu Weibel, Tony Hammond, Charles Lindsey, Mark Baker, and other members of the uri@w3.org mailing list for their comments on earlier versions. Parts of this document are based on [7], [8] and [10]. Some of the ideas about use of URIs were taken from the "Architecture of the World Wide Web" [11]. Hansen, et al. Best Current Practice [Page 12] RFC 4395 New URI Schemes February 2006 9. References 9.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Moats, R., "URN Syntax", RFC 2141, May 1997. [3] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. [4] Bradner, S., "IETF Rights in Contributions", BCP 78, RFC 3978, March 2005. [5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [6] Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, January 2005. 9.2. Informative References [7] Petke, R. and I. King, "Registration Procedures for URL Scheme Names", BCP 35, RFC 2717, November 1999. [8] Masinter, L., Alvestrand, H., Zigmond, D., and R. Petke, "Guidelines for new URL Schemes", RFC 2718, November 1999. [9] Daigle, L., van Gulik, D., Iannella, R., and P. Faltstrom, "Uniform Resource Names (URN) Namespace Definition Mechanisms", BCP 66, RFC 3406, October 2002. [10] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, September 2004. [11] W3C Technical Architecture Group, "Architecture of the World Wide Web, Volume One", December 2004, . Hansen, et al. Best Current Practice [Page 13] RFC 4395 New URI Schemes February 2006 Authors' Addresses Tony Hansen AT&T Laboratories 200 Laurel Ave. Middletown, NJ 07748 USA EMail: tony+urireg@maillennium.att.com Ted Hardie Qualcomm, Inc. 675 Campbell Technology Parkway Campbell, CA USA EMail: hardie@qualcomm.com Larry Masinter Adobe Systems 345 Park Ave San Jose, CA 95110 US Phone: +1 408 536 3024 EMail: LMM@acm.org URI: http://larry.masinter.net Hansen, et al. Best Current Practice [Page 14] RFC 4395 New URI Schemes February 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Hansen, et al. Best Current Practice [Page 15]