Loading ...
Sorry, an error occurred while loading the content.

URLs in URLs

Expand Messages
  • Erling Wegger Linde
    Hi, I m creating a RESTful web service (actually AtomPub). ../projects/ returns an Atom feed ../projects/{project} returns an Atom entry with a DOAP
    Message 1 of 8 , Aug 2, 2008
    • 0 Attachment
      Hi,

      I'm creating a RESTful web service (actually AtomPub).

      ../projects/ returns an Atom feed
      ../projects/{project} returns an Atom entry with a DOAP description of
      a project in the <content> element

      DOAP is an ontology for describing projects (see
      https://trac.usefulinc.com/doap)

      My original plan was to use the projects name (e.g. doap:name) as the
      key for the project, i.e.

      ../projects/{name}

      But in DOAP a project is uniquely defined from its homepage
      (doap:homepage) which of course is much better than to use the
      doap:name.

      So I'm thinking of using a hash of the doap:homepage such as

      ../projects/{hash of doap:homepage}

      Has anyone done something similar before? I'm thinking that my case is
      not very unique and that this is a general topic for REST. (i.e. how
      to embed URLs in URLs - if one can say that).

      So as I'm searching for a hash algorithm that I could use (a client
      should be able to reverse the hash to get the URL an vice versa), I'm
      thinking that if there was a best practice for doing this in REST,
      that would be a good thing. E.g. clients could exploit this
      information somehow. Does there exist such a "best practice", or
      should there be one?

      And finally; any hash-algorithms that you recommend?

      Thanks,
      - Erling
    • Alan Dean
      Erling, You could simply encode the doap:homepage address, e.g. .../projects/http%3A%2F%2Fexample%2Ecom%2Fprojectname or if you prefer something more opaque,
      Message 2 of 8 , Aug 2, 2008
      • 0 Attachment
        Erling,

        You could simply encode the doap:homepage address, e.g.

        .../projects/http%3A%2F%2Fexample%2Ecom%2Fprojectname

        or if you prefer something more opaque, you can MD5 hash the address, e.g.

        .../projects/90e94d81a090e2e9d1317655c3355ad7

        or Base64 MD5 hash:

        .../projects/kOlNgaCQ4unRMXZVwzVa1w==

        I'll throw a final option in just for the fun of it. Consider that
        http://example.com/projectname can be represented as
        http://tinyurl.com/5mdzjd (I created this myself) you could 'hash' it
        using the tinyurl path (or write your own tiny-clone), e.g.

        .../projects/5mdzjd

        Regards,
        Alan Dean

        On Sat, Aug 2, 2008 at 11:59 AM, Erling Wegger Linde <erlingwl@...> wrote:
        > Hi,
        >
        > I'm creating a RESTful web service (actually AtomPub).
        >
        > ../projects/ returns an Atom feed
        > ../projects/{project} returns an Atom entry with a DOAP description of
        > a project in the <content> element
        >
        > DOAP is an ontology for describing projects (see
        > https://trac.usefulinc.com/doap)
        >
        > My original plan was to use the projects name (e.g. doap:name) as the
        > key for the project, i.e.
        >
        > ../projects/{name}
        >
        > But in DOAP a project is uniquely defined from its homepage
        > (doap:homepage) which of course is much better than to use the
        > doap:name.
        >
        > So I'm thinking of using a hash of the doap:homepage such as
        >
        > ../projects/{hash of doap:homepage}
        >
        > Has anyone done something similar before? I'm thinking that my case is
        > not very unique and that this is a general topic for REST. (i.e. how
        > to embed URLs in URLs - if one can say that).
        >
        > So as I'm searching for a hash algorithm that I could use (a client
        > should be able to reverse the hash to get the URL an vice versa), I'm
        > thinking that if there was a best practice for doing this in REST,
        > that would be a good thing. E.g. clients could exploit this
        > information somehow. Does there exist such a "best practice", or
        > should there be one?
        >
        > And finally; any hash-algorithms that you recommend?
        >
        > Thanks,
        > - Erling
        >
        >
      • Brendan Taylor
        For my AtomPub client (which tries to be a RESTful web service itself; it s kind of a proxy that bridges application/x-www-form-urlencoded and
        Message 3 of 8 , Aug 2, 2008
        • 0 Attachment
          For my AtomPub client (which tries to be a RESTful web service itself;
          it's kind of a proxy that bridges application/x-www-form-urlencoded and
          application/atom+xml), I just put the URL in the query string, eg.

          http://necronomicorp.com/pushpin/collection?url=http%3A%2F%2Fnecronomicorp.com%2Fpushpin%2Fsandbox%3Ft%3Datom

          It's ugly, but functional.

          I used the query string instead of just making the URL part of the path
          section because it seemed a bit confusing when you're handling a URL
          that itself has a query portion, but either way works.
        • Erling Wegger Linde
          ... Aah, I hadn t thought about that - keep it simple =) ... That keeps the urls a bit shorter, which is good, but I m wondering, can a client deduce the
          Message 4 of 8 , Aug 2, 2008
          • 0 Attachment
            On Sat, Aug 2, 2008 at 1:40 PM, Alan Dean <alan.dean@...> wrote:
            > Erling,
            >
            > You could simply encode the doap:homepage address, e.g.
            >
            > .../projects/http%3A%2F%2Fexample%2Ecom%2Fprojectname

            Aah, I hadn't thought about that - keep it simple =)

            >
            > or if you prefer something more opaque, you can MD5 hash the address, e.g.
            >
            > .../projects/90e94d81a090e2e9d1317655c3355ad7
            >
            > or Base64 MD5 hash:
            >
            > .../projects/kOlNgaCQ4unRMXZVwzVa1w==

            That keeps the urls a bit shorter, which is good, but I'm wondering,
            can a client deduce the hashed URL from the MD5 hash? (reverse it?). I
            think that would be a great feature..

            >
            > I'll throw a final option in just for the fun of it. Consider that
            > http://example.com/projectname can be represented as
            > http://tinyurl.com/5mdzjd (I created this myself) you could 'hash' it
            > using the tinyurl path (or write your own tiny-clone), e.g.
            >
            > .../projects/5mdzjd

            That's a short and nice URL, but then I'm making my service dependent
            on tinyurl.com right? Which I think is best to avoid in the long run.
            I could create my own "clone" as you suggest, but I think that might
            bee a bit complex solution.

            I think maybe I'll try encoding the URL, and perhaps support some hash
            format of the URL too. (Hopefully, they won't overlap).

            Thanks,
            - Erling



            >
            > Regards,
            > Alan Dean
            >
            > On Sat, Aug 2, 2008 at 11:59 AM, Erling Wegger Linde <erlingwl@...> wrote:
            >> Hi,
            >>
            >> I'm creating a RESTful web service (actually AtomPub).
            >>
            >> ../projects/ returns an Atom feed
            >> ../projects/{project} returns an Atom entry with a DOAP description of
            >> a project in the <content> element
            >>
            >> DOAP is an ontology for describing projects (see
            >> https://trac.usefulinc.com/doap)
            >>
            >> My original plan was to use the projects name (e.g. doap:name) as the
            >> key for the project, i.e.
            >>
            >> ../projects/{name}
            >>
            >> But in DOAP a project is uniquely defined from its homepage
            >> (doap:homepage) which of course is much better than to use the
            >> doap:name.
            >>
            >> So I'm thinking of using a hash of the doap:homepage such as
            >>
            >> ../projects/{hash of doap:homepage}
            >>
            >> Has anyone done something similar before? I'm thinking that my case is
            >> not very unique and that this is a general topic for REST. (i.e. how
            >> to embed URLs in URLs - if one can say that).
            >>
            >> So as I'm searching for a hash algorithm that I could use (a client
            >> should be able to reverse the hash to get the URL an vice versa), I'm
            >> thinking that if there was a best practice for doing this in REST,
            >> that would be a good thing. E.g. clients could exploit this
            >> information somehow. Does there exist such a "best practice", or
            >> should there be one?
            >>
            >> And finally; any hash-algorithms that you recommend?
            >>
            >> Thanks,
            >> - Erling
            >>
            >>
            >



            --
            Med vennlig hilsen
            Erling Wegger Linde
          • Erling Wegger Linde
            ... Hi, Thanks for the example, I don t think that would work so good for my service as I would like to have URLs like projecs/{project-url}/repositories
            Message 5 of 8 , Aug 2, 2008
            • 0 Attachment
              On Sat, Aug 2, 2008 at 9:11 PM, Brendan Taylor <whateley@...> wrote:
              > For my AtomPub client (which tries to be a RESTful web service itself;
              > it's kind of a proxy that bridges application/x-www-form-urlencoded and
              > application/atom+xml), I just put the URL in the query string, eg.
              >
              > http://necronomicorp.com/pushpin/collection?url=http%3A%2F%2Fnecronomicorp.com%2Fpushpin%2Fsandbox%3Ft%3Datom
              >
              > It's ugly, but functional.

              Hi,

              Thanks for the example, I don't think that would work so good for my
              service as I would like to have URLs like

              projecs/{project-url}/repositories

              projecs/{project-url}/issues

              etc.. so it might be a bit difficult to keep track of all the
              parameters in the long run.

              - Erling

              >
              > I used the query string instead of just making the URL part of the path
              > section because it seemed a bit confusing when you're handling a URL
              > that itself has a query portion, but either way works.
              >



              --
              Med vennlig hilsen
              Erling Wegger Linde
            • Justin Sheehy
              Erling, ... No, in general they cannot. Most hash functions are intended to be preimage-resistant, which means that one of their goals is that given hash(X)
              Message 6 of 8 , Aug 2, 2008
              • 0 Attachment
                Erling,

                On Aug 2, 2008, at 3:32 PM, Erling Wegger Linde wrote:

                > That keeps the urls a bit shorter, which is good, but I'm wondering,
                > can a client deduce the hashed URL from the MD5 hash? (reverse it?). I
                > think that would be a great feature..

                No, in general they cannot.

                Most hash functions are intended to be preimage-resistant, which means
                that one of their goals is that given hash(X) alone it is hard to
                discover X.

                You want a URI-safe encoding, not a cryptographic hash function.

                -Justin
              • Erling Wegger Linde
                ... That is what I suspected. I ll start with encoding my URLs with the application/x-www-form-urlencoded MIME format then. Thanks a lot guys, - Erling ... --
                Message 7 of 8 , Aug 3, 2008
                • 0 Attachment
                  On Sat, Aug 2, 2008 at 9:51 PM, Justin Sheehy <justin@...> wrote:
                  > Erling,
                  >
                  > On Aug 2, 2008, at 3:32 PM, Erling Wegger Linde wrote:
                  >
                  >> That keeps the urls a bit shorter, which is good, but I'm wondering,
                  >> can a client deduce the hashed URL from the MD5 hash? (reverse it?). I
                  >> think that would be a great feature..
                  >
                  > No, in general they cannot.
                  >
                  > Most hash functions are intended to be preimage-resistant, which means
                  > that one of their goals is that given hash(X) alone it is hard to discover
                  > X.
                  >
                  > You want a URI-safe encoding, not a cryptographic hash function.

                  That is what I suspected. I'll start with encoding my URLs with the
                  application/x-www-form-urlencoded MIME format then.

                  Thanks a lot guys,
                  - Erling

                  >
                  > -Justin
                  >
                  >
                  >



                  --
                  Med vennlig hilsen
                  Erling Wegger Linde
                • Erling Wegger Linde
                  For the record, I ended up with using Base64 encoded URL, as the application/x-www-form-urlencoded URLs where decoded by Apache, and I couldn t find a simple
                  Message 8 of 8 , Aug 7, 2008
                  • 0 Attachment
                    For the record, I ended up with using Base64 encoded URL, as the
                    application/x-www-form-urlencoded URLs where decoded by Apache, and I
                    couldn't find a simple workaround.

                    - Erling

                    On Sun, Aug 3, 2008 at 12:08 PM, Erling Wegger Linde <erlingwl@...> wrote:
                    > On Sat, Aug 2, 2008 at 9:51 PM, Justin Sheehy <justin@...> wrote:
                    >> Erling,
                    >>
                    >> On Aug 2, 2008, at 3:32 PM, Erling Wegger Linde wrote:
                    >>
                    >>> That keeps the urls a bit shorter, which is good, but I'm wondering,
                    >>> can a client deduce the hashed URL from the MD5 hash? (reverse it?). I
                    >>> think that would be a great feature..
                    >>
                    >> No, in general they cannot.
                    >>
                    >> Most hash functions are intended to be preimage-resistant, which means
                    >> that one of their goals is that given hash(X) alone it is hard to discover
                    >> X.
                    >>
                    >> You want a URI-safe encoding, not a cryptographic hash function.
                    >
                    > That is what I suspected. I'll start with encoding my URLs with the
                    > application/x-www-form-urlencoded MIME format then.
                    >
                    > Thanks a lot guys,
                    > - Erling
                    >
                    >>
                    >> -Justin
                    >>
                    >>
                    >>
                    >
                    >
                    >
                    > --
                    > Med vennlig hilsen
                    > Erling Wegger Linde
                    >



                    --
                    Med vennlig hilsen
                    Erling Wegger Linde
                  Your message has been successfully submitted and would be delivered to recipients shortly.