GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc8288

Internet Engineering Task Force (IETF) M. Nottingham Request for Comments: 8288 October 2017 Obsoletes: 5988 Category: Standards Track ISSN: 2070-1721

                            Web Linking

Abstract

 This specification defines a model for the relationships between
 resources on the Web ("links") and the type of those relationships
 ("link relation types").
 It also defines the serialisation of such links in HTTP headers with
 the Link header field.

Status of This Memo

 This is an Internet Standards Track document.
 This document is a product of the Internet Engineering Task Force
 (IETF).  It represents the consensus of the IETF community.  It has
 received public review and has been approved for publication by the
 Internet Engineering Steering Group (IESG).  Further information on
 Internet Standards is available in Section 2 of RFC 7841.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 https://www.rfc-editor.org/info/rfc8288.

Nottingham Standards Track [Page 1] RFC 8288 Web Linking October 2017

Copyright Notice

 Copyright (c) 2017 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (https://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the Simplified BSD License.
 This document may contain material from IETF Documents or IETF
 Contributions published or made publicly available before November
 10, 2008.  The person(s) controlling the copyright in some of this
 material may not have granted the IETF Trust the right to allow
 modifications of such material outside the IETF Standards Process.
 Without obtaining an adequate license from the person(s) controlling
 the copyright in such materials, this document may not be modified
 outside the IETF Standards Process, and derivative works of it may
 not be created outside the IETF Standards Process, except to format
 it for publication as an RFC or to translate it into languages other
 than English.

Nottingham Standards Track [Page 2] RFC 8288 Web Linking October 2017

Table of Contents

 1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
   1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   4
   1.2.  Conformance and Error Handling  . . . . . . . . . . . . .   4
 2.  Links . . . . . . . . . . . . . . . . . . . . . . . . . . . .   6
   2.1.  Link Relation Types . . . . . . . . . . . . . . . . . . .   6
     2.1.1.  Registered Relation Types . . . . . . . . . . . . . .   6
     2.1.2.  Extension Relation Types  . . . . . . . . . . . . . .   8
   2.2.  Target Attributes . . . . . . . . . . . . . . . . . . . .   9
 3.  Link Serialisation in HTTP Headers  . . . . . . . . . . . . .   9
   3.1.  Link Target . . . . . . . . . . . . . . . . . . . . . . .  10
   3.2.  Link Context  . . . . . . . . . . . . . . . . . . . . . .  10
   3.3.  Relation Type . . . . . . . . . . . . . . . . . . . . . .  11
   3.4.  Target Attributes . . . . . . . . . . . . . . . . . . . .  11
     3.4.1.  Serialisation-Defined Attributes  . . . . . . . . . .  11
     3.4.2.  Extension Attributes  . . . . . . . . . . . . . . . .  13
   3.5.  Link Header Field Examples  . . . . . . . . . . . . . . .  13
 4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
   4.1.  Link HTTP Header Field Registration . . . . . . . . . . .  14
   4.2.  Link Relation Type Registry . . . . . . . . . . . . . . .  14
   4.3.  Link Relation Application Data Registry . . . . . . . . .  15
 5.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
 6.  Internationalisation Considerations . . . . . . . . . . . . .  16
 7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
   7.1.  Normative References  . . . . . . . . . . . . . . . . . .  16
   7.2.  Informative References  . . . . . . . . . . . . . . . . .  17
 Appendix A.  Notes on Other Link Serialisations . . . . . . . . .  19
   A.1.  Link Serialisation in HTML  . . . . . . . . . . . . . . .  19
   A.2.  Link Serialisation in Atom  . . . . . . . . . . . . . . .  19
 Appendix B.  Algorithms for Parsing Link Header Fields  . . . . .  20
   B.1.  Parsing a Header Set for Links  . . . . . . . . . . . . .  20
   B.2.  Parsing a Link Field Value  . . . . . . . . . . . . . . .  21
   B.3.  Parsing Parameters  . . . . . . . . . . . . . . . . . . .  22
   B.4.  Parsing a Quoted String . . . . . . . . . . . . . . . . .  23
 Appendix C.  Changes from RFC 5988  . . . . . . . . . . . . . . .  24
 Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  24

Nottingham Standards Track [Page 3] RFC 8288 Web Linking October 2017

1. Introduction

 This specification defines a model for the relationships between
 resources on the Web ("links") and the type of those relationships
 ("link relation types").
 HTML [W3C.REC-html5-20141028] and Atom [RFC4287] both have well-
 defined concepts of linking; Section 2 generalises this into a
 framework that encompasses linking in these formats and (potentially)
 elsewhere.
 Furthermore, Section 3 defines an HTTP header field for conveying
 such links.

1.1. Notational Conventions

 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
 "OPTIONAL" in this document are to be interpreted as described in BCP
 14 [RFC2119] [RFC8174] when, and only when, they appear in all
 capitals, as shown here.
 This document uses the Augmented Backus-Naur Form (ABNF) [RFC5234]
 notation of [RFC7230], including the #rule, and explicitly includes
 the following rules from it: quoted-string, token, SP (space), BWS
 (bad whitespace), OWS (optional whitespace), RWS (required
 whitespace), LOALPHA, DIGIT.
 Additionally, the following rules are included:
 o  URI and URI-Reference from [RFC3986],
 o  type-name and subtype-name from [RFC6838],
 o  media-query-list from [W3C.REC-css3-mediaqueries-20120619], and
 o  Language-Tag from [RFC5646].

1.2. Conformance and Error Handling

 The requirements regarding conformance and error handling highlighted
 in [RFC7230], Section 2.5 apply to this document.

Nottingham Standards Track [Page 4] RFC 8288 Web Linking October 2017

2. Links

 In this specification, a link is a typed connection between two
 resources and is comprised of:
 o  a link context,
 o  a link relation type (Section 2.1),
 o  a link target, and
 o  optionally, target attributes (Section 2.2).
 A link can be viewed as a statement of the form "link context has a
 link relation type resource at link target, which has target
 attributes".
 For example, "https://www.example.com/" has a "canonical" resource at
 "https://example.com", which has a "type" of "text/html".
 Link contexts and link targets are both Internationalized Resource
 Identifiers (IRIs) [RFC3987].  However, in the common case, the link
 context will also be a URI [RFC3986], because many protocols (such as
 HTTP) do not support dereferencing IRIs.  Likewise, the link target
 will sometimes be converted to a URI (see [RFC3987], Section 3.1) in
 serialisations that do not support IRIs (such as the Link header
 field defined in Section 3).
 This specification does not place restrictions on the cardinality of
 links; there can be multiple links to and from a particular target
 and multiple links of the same or different types between a given
 context and target.  Likewise, the relative ordering of links in any
 particular serialisation, or between serialisations (e.g., the Link
 header field and in-content links), is not specified or significant
 in this specification; applications that wish to consider ordering
 significant can do so.
 Links are conveyed in link serialisations; they are the "bytes on the
 wire", and can occur in various forms.  For example, Atom [RFC4287]
 and HTML [W3C.REC-html5-20141028] both defined serialisations of
 links into their respective formats, and Section 3 defines how to
 serialise links in HTTP header fields.
 This specification does not define a general syntax for links across
 different serialisations, nor does it mandate a specific context for
 any given link; it is expected that serialisations of links will
 specify both aspects.
 Finally, links are used by link applications.  Generally, an
 application will define the link relation type(s) it uses, along with
 the serialisation(s) that they might occur within.  For example, the

Nottingham Standards Track [Page 5] RFC 8288 Web Linking October 2017

 application "Web browsing" looks for the "stylesheet" link relation
 type in the HTML link serialisation (and optionally in the Link
 header field), whereas the application "AtomPub" uses the "edit" and
 "edit-media" link relations in the Atom serialisation.

2.1. Link Relation Types

 In the simplest case, a link relation type identifies the semantics
 of a link.  For example, a link with the relation type "copyright"
 indicates that the current link context has a copyright resource at
 the link target.
 Link relation types can also be used to indicate that the target
 resource has particular attributes, or exhibits particular
 behaviours; for example, a "service" link implies that the link
 target can be used as part of a defined protocol (in this case, a
 service description).
 Relation types are not to be confused with media types [RFC2046];
 they do not identify the format of the representation that results
 when the link is dereferenced.  Rather, they only describe how the
 current context is related to another resource.
 Relation types SHOULD NOT infer any additional semantics based upon
 the presence or absence of another link relation type, or its own
 cardinality of occurrence.  An exception to this is the combination
 of the "alternate" and "stylesheet" registered relation types, which
 has special meaning in HTML for historical reasons.
 There are two kinds of relation types: registered and extension.

2.1.1. Registered Relation Types

 Well-defined relation types can be registered as tokens for
 convenience and/or to promote reuse by other applications, using the
 procedure in Section 2.1.1.1.
 Registered relation type names MUST conform to the reg-rel-type rule
 (see Section 3.3) and MUST be compared character by character in a
 case-insensitive fashion.  They SHOULD be appropriate to the
 specificity of the relation type; that is, if the semantics are
 highly specific to a particular application, the name should reflect
 that, so that more general names are available for less-specific use.
 Registered relation types MUST NOT constrain the media type of the
 link context and MUST NOT constrain the available representation
 media types of the link target.  However, they can specify the
 behaviours and properties of the target resource (e.g., allowable

Nottingham Standards Track [Page 6] RFC 8288 Web Linking October 2017

 HTTP methods, and request and response media types that are required
 be supported).
 Historically, registered relation types have been identified with a
 URI [RFC3986] by prefixing their names with an application-defined
 base URI (e.g., see Appendix A.2).  This practice is NOT RECOMMENDED,
 because the resulting strings will not be considered equivalent to
 the registered relation types by other applications.  Applications
 that do use such URIs internally MUST NOT use them in link
 serialisations that do not explicitly accommodate them.

2.1.1.1. Registering Link Relation Types

 The "Link Relations" registry is located at
 <https://www.iana.org/assignments/link-relations/>.  Registration
 requests can be made by following the instructions located there or
 by sending an email to the <link-relations@ietf.org> mailing list.
 Registration requests consist of at least the following information:
 o  *Relation Name*: The name of the relation type
 o  *Description*: A short English description of the type's
    semantics.  It SHOULD be stated in terms of the relationship
    between the link context and link target.
 o  *Reference*: Reference to the document that specifies the link
    relation type, preferably including a URI that can be used to
    retrieve a copy of the document.  An indication of the relevant
    section(s) can also be included but is not required.
 The expert(s) can define additional fields to be collected in the
 registry.
 General requirements for registered relation types are described in
 Section 2.1.1.
 Registrations MUST reference a freely available, stable
 specification.
 Note that relation types can be registered by third parties
 (including the expert(s)), if the expert(s) determines that an
 unregistered relation type is widely deployed and not likely to be
 registered in a timely manner otherwise.  Such registrations still
 are subject to the requirements defined, including the need to
 reference a specification.

Nottingham Standards Track [Page 7] RFC 8288 Web Linking October 2017

2.1.1.2. Registration Request Processing

 Relation types are registered using the Specification Required policy
 (see Section 4.6 of [RFC8126]), which implies review and approval by
 a designated expert.
 The goal of the registry is to reflect common use of links on the
 Internet.  Therefore, the expert(s) should be strongly biased towards
 approving registrations, unless they are abusive, frivolous, not
 likely to be used on the Internet, or actively harmful to the
 Internet and/or the Web (not merely aesthetically displeasing or
 architecturally dubious).  As stated in Section 2.1.1, the expert(s)
 can withhold registration of names that are too general for the
 proposed application.
 The expert(s) will clearly identify any issues that cause a
 registration to be refused.  Advice about the semantics of a proposed
 link relation type can be given, but if it does not block
 registration, this should be explicitly stated.
 When a request is approved, the expert(s) will inform IANA, and the
 registration will be processed.  The IESG is the final arbiter of any
 objection.

2.1.2. Extension Relation Types

 Applications that don't wish to register a relation type can use an
 extension relation type, which is a URI [RFC3986] that uniquely
 identifies the relation type.  Although the URI can point to a
 resource that contains a definition of the semantics of the relation
 type, clients SHOULD NOT automatically access that resource to avoid
 overburdening its server.
 The URI used for an extension relation type SHOULD be under the
 control of the person or party defining it or be delegated to them.
 When extension relation types are compared, they MUST be compared as
 strings (after converting to URIs if serialised in a different
 format) in a case-insensitive fashion, character by character.
 Because of this, all-lowercase URIs SHOULD be used for extension
 relations.
 Note that while extension relation types are required to be URIs, a
 serialisation of links can specify that they are expressed in another
 form, as long as they can be converted to URIs.

Nottingham Standards Track [Page 8] RFC 8288 Web Linking October 2017

2.2. Target Attributes

 Target attributes are a list of key/value pairs that describe the
 link or its target; for example, a media type hint.
 They can be defined both by individual link relation types and by
 link serialisations.
 This specification does not attempt to coordinate the name of target
 attributes, their cardinality, or use.  Those creating and
 maintaining serialisations SHOULD coordinate their target attributes
 to avoid conflicts in semantics or syntax and MAY define their own
 registries of target attributes.
 The names of target attributes SHOULD conform to the token rule, but
 SHOULD NOT include any of the characters "%", "'", or "*", for
 portability across serialisations and MUST be compared in a case-
 insensitive fashion.
 Target attribute definitions SHOULD specify:
 o  The serialisation of their values into Unicode or a subset
    thereof, to maximise their chances of portability across link
    serialisations.
 o  The semantics and error handling of multiple occurrences of the
    target attribute on a given link.
 This specification does define target attributes for use in the Link
 HTTP header field in Section 3.4.

3. Link Serialisation in HTTP Headers

 The Link header field provides a means for serialising one or more
 links into HTTP headers.
 The ABNF for the field value is:
   Link       = #link-value
   link-value = "<" URI-Reference ">" *( OWS ";" OWS link-param )
   link-param = token BWS [ "=" BWS ( token / quoted-string ) ]
 Note that any link-param can be generated with values using either
 the token or the quoted-string syntax; therefore, recipients MUST be
 able to parse both forms.  In other words, the following parameters
 are equivalent:
   x=y
   x="y"

Nottingham Standards Track [Page 9] RFC 8288 Web Linking October 2017

 Previous definitions of the Link header did not equate the token and
 quoted-string forms explicitly; the title parameter was always
 quoted, and the hreflang parameter was always a token.  Senders
 wishing to maximize interoperability will send them in those forms.
 Individual link-params specify their syntax in terms of the value
 after any necessary unquoting (as per [RFC7230], Section 3.2.6).
 This specification establishes the link-params "rel", "anchor", and
 "rev" (which are part of the general link model), as well as
 "hreflang", "media", "title", "title*", and "type" (which are target
 attributes defined by the serialisation).

3.1. Link Target

 Each link-value conveys one target IRI as a URI-Reference (after
 conversion to one, if necessary; see [RFC3987], Section 3.1) inside
 angle brackets ("<>").  If the URI-Reference is relative, parsers
 MUST resolve it as per [RFC3986], Section 5.  Note that any base IRI
 appearing in the message's content is not applied.

3.2. Link Context

 By default, the context of a link conveyed in the Link header field
 is the URL of the representation it is associated with, as defined in
 [RFC7231], Section 3.1.4.1, and is serialised as a URI.
 When present, the anchor parameter overrides this with another URI,
 such as a fragment of this resource, or a third resource (i.e., when
 the anchor value is an absolute URI).  If the anchor parameter's
 value is a relative URI, parsers MUST resolve it as per [RFC3986],
 Section 5.  Note that any base URI from the body's content is not
 applied.
 The ABNF for the "anchor" parameter's value is:
   URI-Reference ; Section 4.1 of [RFC3986]
 Link application can choose to ignore links with an anchor parameter.
 For example, the application in use might not allow the link context
 to be assigned to a different resource.  In such cases, the entire
 link is to be ignored; link applications MUST NOT process the link
 without applying the anchor.
 Note that depending on HTTP status code and response headers, the
 link context might be "anonymous" (i.e., no link context is
 available).  For example, this is the case on a 404 response to a GET
 request.

Nottingham Standards Track [Page 10] RFC 8288 Web Linking October 2017

3.3. Relation Type

 The relation type of a link conveyed in the Link header field is
 conveyed in the "rel" parameter's value.  The rel parameter MUST be
 present but MUST NOT appear more than once in a given link-value;
 occurrences after the first MUST be ignored by parsers.
 The rel parameter can, however, contain multiple link relation types.
 When this occurs, it establishes multiple links that share the same
 context, target, and target attributes.
 The "rev" parameter has been used in the past to indicate that the
 semantics of the relationship are in the reverse direction.  That is,
 a link from A to B with REL="X" expresses the same relationship as a
 link from B to A with REV="X". rev is deprecated by this
 specification because it often confuses authors and readers; in most
 cases, using a separate relation type is preferable.
 The ABNF for the rel and rev parameters' values is:
   relation-type *( 1*SP relation-type )
 where:
   relation-type  = reg-rel-type / ext-rel-type
   reg-rel-type   = LOALPHA *( LOALPHA / DIGIT / "." / "-" )
   ext-rel-type   = URI ; Section 3 of [RFC3986]
 Note that extension relation types are REQUIRED to be absolute URIs
 in Link header fields and MUST be quoted when they contain characters
 not allowed in tokens, such as a semicolon (";") or comma (",") (as
 these characters are used as delimiters in the header field itself).

3.4. Target Attributes

 The Link header field defines several target attributes specific to
 this serialisation and also allows extension target attributes.
 Target attributes are serialised in the Link header field as
 parameters (see [RFC7231], Section 3.1.1.1 for the definition of
 their syntax).

3.4.1. Serialisation-Defined Attributes

 The "hreflang", "media", "title", "title*", and "type" link-params
 can be translated to serialisation-defined target attributes for the
 link.

Nottingham Standards Track [Page 11] RFC 8288 Web Linking October 2017

 The "hreflang" attribute, when present, is a hint indicating what the
 language of the result of dereferencing the link should be.  Note
 that this is only a hint; for example, it does not override the
 Content-Language header field of a HTTP response obtained by actually
 following the link.  Multiple hreflang attributes on a single link-
 value indicate that multiple languages are available from the
 indicated resource.
 The ABNF for the hreflang parameter's value is:
   Language-Tag
 The "media" attribute, when present, is used to indicate intended
 destination medium or media for style information (see
 [W3C.REC-html5-20141028], Section 4.2.4).  Its value MUST be quoted
 if it contains a semicolon (";") or comma (",").  There MUST NOT be
 more than one media attribute in a link-value; occurrences after the
 first MUST be ignored by parsers.
 The ABNF for the media parameter's value is:
   media-query-list
 The "title" attribute, when present, is used to label the destination
 of a link such that it can be used as a human-readable identifier
 (e.g., a menu entry) in the language indicated by the Content-
 Language header field (if present).  The title attribute MUST NOT
 appear more than once in a given link; occurrences after the first
 MUST be ignored by parsers.
 The "title*" link-param can be used to encode this attribute in a
 different character set and/or contain language information as per
 [RFC8187].  The title* link-param MUST NOT appear more than once in a
 given link-value; occurrences after the first MUST be ignored by
 parsers.  If the attribute does not contain language information, its
 language is indicated by the Content-Language header field (when
 present).
 If both the title and title* link-params appear in a link,
 applications SHOULD use the title* link-param's value for the title
 attribute.
 The "type" attribute, when present, is a hint indicating what the
 media type of the result of dereferencing the link should be.  Note
 that this is only a hint; for example, it does not override the
 Content-Type header field of a HTTP response obtained by actually

Nottingham Standards Track [Page 12] RFC 8288 Web Linking October 2017

 following the link.  The type attribute MUST NOT appear more than
 once in a given link-value; occurrences after the first MUST be
 ignored by parsers.
 The ABNF for the type parameter's value is:
   type-name "/" subtype-name ; see Section 4.2 of [RFC6838]

3.4.2. Extension Attributes

 Other link-params are link-extensions and are to be considered as
 target attributes.
 Such target attributes MAY be defined to use the encoding in
 [RFC8187] (e.g., "example" and "example*").  When both forms are
 present, they SHOULD be considered to be the same target attribute;
 applications SHOULD use the value of the name ending in "*" (after
 [RFC8187] decoding) but MAY fall back to the other value if there is
 an error in decoding it, or if they do not support decoding.

3.5. Link Header Field Examples

 For example:
 Link: <http://example.com/TheBook/chapter2>; rel="previous";
       title="previous chapter"
 indicates that "chapter2" is previous to this resource in a logical
 navigation path.
 Similarly,
 Link: </>; rel="http://example.net/foo"
 indicates that the root resource ("/") is related to this resource
 with the extension relation type "http://example.net/foo".
 This link:
 Link: </terms>; rel="copyright"; anchor="#foo"
 indicates that the linked copyright terms only apply to the portion
 of the document indicated by the (media type-specific) fragment
 identifier "foo".
 The example below shows an instance of the Link header field encoding
 multiple links and also the use of the encoding from RFC 8187 to
 encode both non-ASCII characters and language information.

Nottingham Standards Track [Page 13] RFC 8288 Web Linking October 2017

 Link: </TheBook/chapter2>;
       rel="previous"; title*=UTF-8'de'letztes%20Kapitel,
       </TheBook/chapter4>;
       rel="next"; title*=UTF-8'de'n%c3%a4chstes%20Kapitel
 Here, both links have titles encoded in UTF-8, both use the German
 language ("de"), and the second link contains the Unicode code point
 U+00E4 ("LATIN SMALL LETTER A WITH DIAERESIS").
 Note that link-values can convey multiple links between the same link
 target and link context; for example:
 Link: <http://example.org/>;
       rel="start http://example.net/relation/other"
 Here, the link to "http://example.org/" has the registered relation
 type "start" and the extension relation type
 "http://example.net/relation/other".
 Finally, this header field:
 Link: <https://example.org/>; rel="start",
       <https://example.org/index>; rel="index"
 is equivalent to these:
 Link: <https://example.org/>; rel="start"
 Link: <https://example.org/index>; rel="index"

4. IANA Considerations

4.1. Link HTTP Header Field Registration

 This specification updates the "Message Headers" registry entry for
 "Link" in HTTP [RFC3864] to refer to this document.
 Header Field Name: Link
 Protocol: http
 Status: standard
 Reference: RFC 8288

4.2. Link Relation Type Registry

 This specification updates the registration procedures for the "Link
 Relation Types" registry; see Section 2.1.1.1.  Also, all references
 to RFC 5988 in that registry have been replaced with references to
 this document.

Nottingham Standards Track [Page 14] RFC 8288 Web Linking October 2017

 IANA will direct any incoming requests regarding the registry to this
 document and, if defined, the processes established by the expert(s);
 typically, this will mean referring them to the registry Web page.
 Note that the expert(s) is allowed (as per Section 2.1.1.1) to define
 additional fields to be collected in the registry.

4.3. Link Relation Application Data Registry

 Per this specification, IANA has removed the "Link Relation
 Application Data" registry, as it has not been used, and future use
 is not anticipated.

5. Security Considerations

 The content of the Link header field is not secure, private, or
 integrity-guaranteed.  Use of Transport Layer Security (TLS) with
 HTTP [RFC2818] is currently the only end-to-end way to provide these
 properties.
 Link applications ought to consider the attack vectors opened by
 automatically following, trusting, or otherwise using links gathered
 from HTTP header fields.
 For example, Link header fields that use the "anchor" parameter to
 associate a link's context with another resource cannot be trusted
 since they are effectively assertions by a third party that could be
 incorrect or malicious.  Applications can mitigate this risk by
 specifying that such links should be discarded unless some
 relationship between the resources is established (e.g., they share
 the same authority).
 Dereferencing links has a number of risks, depending on the
 application in use.  For example, the Referer header [RFC7231] can
 expose information about the application's state (including private
 information) in its value.  Likewise, cookies [RFC6265] are another
 mechanism that, if used, can become an attack vector.  Applications
 can mitigate these risks by carefully specifying how such mechanisms
 should operate.
 The Link header field makes extensive use of IRIs and URIs.  See
 [RFC3987], Section 8 for security considerations relating to IRIs.
 See [RFC3986], Section 7 for security considerations relating to
 URIs.  See [RFC7230], Section 9 for security considerations relating
 to HTTP header fields.

Nottingham Standards Track [Page 15] RFC 8288 Web Linking October 2017

6. Internationalisation Considerations

 Link targets may need to be converted to URIs in order to express
 them in serialisations that do not support IRIs.  This includes the
 Link HTTP header field.
 Similarly, the anchor parameter of the Link header field does not
 support IRIs; therefore, IRIs must be converted to URIs before
 inclusion there.
 Relation types are defined as URIs, not IRIs, to aid in their
 comparison.  It is not expected that they will be displayed to end
 users.
 Note that registered Relation Names are required to be lowercase
 ASCII letters.

7. References

7.1. Normative References

 [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
            Requirement Levels", BCP 14, RFC 2119,
            DOI 10.17487/RFC2119, March 1997,
            <https://www.rfc-editor.org/info/rfc2119>.
 [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
            Procedures for Message Header Fields", BCP 90, RFC 3864,
            DOI 10.17487/RFC3864, September 2004,
            <https://www.rfc-editor.org/info/rfc3864>.
 [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
            Resource Identifier (URI): Generic Syntax", STD 66,
            RFC 3986, DOI 10.17487/RFC3986, January 2005,
            <https://www.rfc-editor.org/info/rfc3986>.
 [RFC3987]  Duerst, M. and M. Suignard, "Internationalized Resource
            Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987,
            January 2005, <https://www.rfc-editor.org/info/rfc3987>.
 [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
            Specifications: ABNF", STD 68, RFC 5234,
            DOI 10.17487/RFC5234, January 2008,
            <https://www.rfc-editor.org/info/rfc5234>.
 [RFC5646]  Phillips, A., Ed. and M. Davis, Ed., "Tags for Identifying
            Languages", BCP 47, RFC 5646, DOI 10.17487/RFC5646,
            September 2009, <https://www.rfc-editor.org/info/rfc5646>.

Nottingham Standards Track [Page 16] RFC 8288 Web Linking October 2017

 [RFC6838]  Freed, N., Klensin, J., and T. Hansen, "Media Type
            Specifications and Registration Procedures", BCP 13,
            RFC 6838, DOI 10.17487/RFC6838, January 2013,
            <https://www.rfc-editor.org/info/rfc6838>.
 [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
            Protocol (HTTP/1.1): Message Syntax and Routing",
            RFC 7230, DOI 10.17487/RFC7230, June 2014,
            <https://www.rfc-editor.org/info/rfc7230>.
 [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
            Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
            DOI 10.17487/RFC7231, June 2014,
            <https://www.rfc-editor.org/info/rfc7231>.
 [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
            Writing an IANA Considerations Section in RFCs", BCP 26,
            RFC 8126, DOI 10.17487/RFC8126, June 2017,
            <https://www.rfc-editor.org/info/rfc8126>.
 [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
            2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
            May 2017, <https://www.rfc-editor.org/info/rfc8174>.
 [RFC8187]  Reschke, J., "Indicating Character Encoding and Language
            for HTTP Header Field Parameters", RFC 8187,
            DOI 10.17487/RFC8187, September 2017,
            <https://www.rfc-editor.org/info/rfc8187>.
 [W3C.REC-css3-mediaqueries-20120619]
            Rivoal, F., "Media Queries", W3C Recommendation
            REC-css3-mediaqueries-20120619, June 2012,
            <http://www.w3.org/TR/2012/
            REC-css3-mediaqueries-20120619>.

7.2. Informative References

 [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
            Extensions (MIME) Part Two: Media Types", RFC 2046,
            DOI 10.17487/RFC2046, November 1996,
            <https://www.rfc-editor.org/info/rfc2046>.
 [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818,
            DOI 10.17487/RFC2818, May 2000,
            <https://www.rfc-editor.org/info/rfc2818>.

Nottingham Standards Track [Page 17] RFC 8288 Web Linking October 2017

 [RFC4287]  Nottingham, M., Ed. and R. Sayre, Ed., "The Atom
            Syndication Format", RFC 4287, DOI 10.17487/RFC4287,
            December 2005, <https://www.rfc-editor.org/info/rfc4287>.
 [RFC6265]  Barth, A., "HTTP State Management Mechanism", RFC 6265,
            DOI 10.17487/RFC6265, April 2011,
            <https://www.rfc-editor.org/info/rfc6265>.
 [W3C.REC-html5-20141028]
            Hickson, I., Berjon, R., Faulkner, S., Leithead, T.,
            Navara, E., O'Connor, T., and S. Pfeiffer, "HTML5", W3C
            Recommendation REC-html5-20141028, October 2014,
            <http://www.w3.org/TR/2014/REC-html5-20141028>.

Nottingham Standards Track [Page 18] RFC 8288 Web Linking October 2017

Appendix A. Notes on Other Link Serialisations

 Header fields (Section 3) are only one serialisation of links; other
 specifications have defined alternative serialisations.

A.1. Link Serialisation in HTML

 HTML motivated the original syntax of the Link header field, and many
 of the design decisions in this document are driven by a desire to
 stay compatible with it.
 In HTML, the link element can be mapped to links as specified here by
 using the "href" attribute for the target URI, and "rel" to convey
 the relation type, as in the Link header field.  The context of the
 link is the URI associated with the entire HTML document.  HTML also
 defines several attributes on links that can be seen as target
 attributes, including "media", "hreflang", "type", and "sizes".
 Section 4.8 of HTML5 [W3C.REC-html5-20141028] defines modern HTML
 links.  That document links to the Microformats Wiki as a registry;
 over time, the IANA registry ought to mirror its contents and,
 ideally, eventually replace it (although that depends on the HTML
 community).
 Surveys of existing HTML content have shown that unregistered link
 relation types that are not URIs are (perhaps inevitably) common.
 Consuming HTML implementations ought not consider such unregistered
 short links to be errors, but rather relation types with a local
 scope (i.e., their meaning is specific and perhaps private to that
 document).
 Finally, the HTML specification gives a special meaning when the
 "alternate" relation types coincide with other relation types in the
 same link.  Such links ought to be serialised in the Link header
 field using a single list of relation-types (e.g., rel="alternate
 stylesheet") to preserve this relationship.

A.2. Link Serialisation in Atom

 Atom [RFC4287] is a link serialisation that conveys links in the
 atom:link element, with the "href" attribute indicating the link
 target and the "rel" attribute containing the relation type.  The
 context of the link is either a feed locator or an entry ID,
 depending on where it appears; generally, feed-level links are
 obvious candidates for transmission as a Link header field.
 When serialising an atom:link into a Link header field, it is
 necessary to convert link targets (if used) to URIs.

Nottingham Standards Track [Page 19] RFC 8288 Web Linking October 2017

 Atom defines extension relation types in terms of IRIs.  This
 specification redefines them as URIs, to simplify and reduce errors
 in their comparison.
 Atom allows registered link relation types to be serialised as
 absolute URIs using a prefix, "http://www.iana.org/assignments/
 relation/".  This prefix is specific to the Atom serialisation.
 Furthermore, link relation types are always compared in a case-
 sensitive fashion; therefore, registered link relation types SHOULD
 be converted to their registered form (usually, lowercase) when
 serialised in an Atom document.
 Note also that while the Link header field allows multiple relations
 to be serialised in a single link, atom:link does not.  In this case,
 a single link-value may map to several atom:link elements.
 As with HTML, atom:link defines some attributes that are not
 explicitly mirrored in the Link header field syntax, but they can
 also be used as link-extensions to maintain fidelity.

Appendix B. Algorithms for Parsing Link Header Fields

 This appendix outlines a set of non-normative algorithms: for parsing
 the Link header(s) out of a header set, for parsing a Link header
 field value, and algorithms for parsing generic parts of the field
 value.
 These algorithms are more permissive than the ABNF defining the
 syntax might suggest; the error handling embodied in them is a
 reasonable approach, but not one that is required.  As such they are
 advisory only, and in cases where there is disagreement, the correct
 behaviour is defined by the body of this specification.

B.1. Parsing a Header Set for Links

 This algorithm can be used to parse the Link header fields that a
 HTTP header set contains.  Given a header_set of (string field_name,
 string field_value) pairs, assuming ASCII encoding, it returns a list
 of link objects.
 1.  Let field_values be a list containing the members of header_set
     whose field_name is a case-insensitive match for "link".
 2.  Let links be an empty list.

Nottingham Standards Track [Page 20] RFC 8288 Web Linking October 2017

 3.  For each field_value in field_values:
     1.  Let value_links be the result of Parsing a Link Field Value
         (Appendix B.2) from field_value.
     2.  Append each member of value_links to links.
 4.  Return links.

B.2. Parsing a Link Field Value

 This algorithm parses zero or more comma-separated link-values from a
 Link header field.  Given a string field_value, assuming ASCII
 encoding, it returns a list of link objects.
 1.  Let links be an empty list.
 2.  While field_value has content:
     1.   Consume any leading OWS.
     2.   If the first character is not "<", return links.
     3.   Discard the first character ("<").
     4.   Consume up to but not including the first ">" character or
          end of field_value and let the result be target_string.
     5.   If the next character is not ">", return links.
     6.   Discard the leading ">" character.
     7.   Let link_parameters be the result of Parsing Parameters
          (Appendix B.3) from field_value (consuming zero or more
          characters of it).
     8.   Let target_uri be the result of relatively resolving (as per
          [RFC3986], Section 5.2) target_string.  Note that any base
          URI carried in the payload body is NOT used.
     9.   Let relations_string be the second item of the first tuple
          of link_parameters whose first item matches the string "rel"
          or the empty string ("") if it is not present.
     10.  Split relations_string on RWS (removing it in the process)
          into a list of string relation_types.
     11.  Let context_string be the second item of the first tuple of
          link_parameters whose first item matches the string
          "anchor".  If it is not present, context_string is the URL
          of the representation carrying the Link header [RFC7231],
          Section 3.1.4.1, serialised as a URI.  Where the URL is
          anonymous, context_string is null.
     12.  Let context_uri be the result of relatively resolving (as
          per [RFC3986], Section 5.2) context_string, unless
          context_string is null, in which case context is null.  Note
          that any base URI carried in the payload body is NOT used.
     13.  Let target_attributes be an empty list.

Nottingham Standards Track [Page 21] RFC 8288 Web Linking October 2017

     14.  For each tuple (param_name, param_value) of link_parameters:
          1.  If param_name matches "rel" or "anchor", skip this
              tuple.
          2.  If param_name matches "media", "title", "title*", or
              "type" and target_attributes already contains a tuple
              whose first element matches the value of param_name,
              skip this tuple.
          3.  Append (param_name, param_value) to target_attributes.
     15.  Let star_param_names be the set of param_names in the
          (param_name, param_value) tuples of link_parameters where
          the last character of param_name is an asterisk ("*").
     16.  For each star_param_name in star_param_names:
          1.  Let base_param_name be star_param_name with the last
              character removed.
          2.  If the implementation does not choose to support an
              internationalised form of a parameter named
              base_param_name for any reason (including, but not
              limited to, it being prohibited by the parameter's
              specification), remove all tuples from link_parameters
              whose first member is star_param_name, and skip to the
              next star_param_name.
          3.  Remove all tuples from link_parameters whose first
              member is base_param_name.
          4.  Change the first member of all tuples in link_parameters
              whose first member is star_param_name to
              base_param_name.
     17.  For each relation_type in relation_types:
          1.  Case-normalise relation_type to lowercase.
          2.  Append a link object to links with the target
              target_uri, relation type of relation_type, context of
              context_uri, and target attributes target_attributes.
 3.  Return links.

B.3. Parsing Parameters

 This algorithm parses the parameters from a header field value.
 Given input, an ASCII string, it returns a list of (string
 parameter_name, string parameter_value) tuples that it contains.
 input is modified to remove the parsed parameters.
 1.  Let parameters be an empty list.
 2.  While input has content:
     1.   Consume any leading OWS.
     2.   If the first character is not ";", return parameters.
     3.   Discard the leading ";" character.
     4.   Consume any leading OWS.

Nottingham Standards Track [Page 22] RFC 8288 Web Linking October 2017

     5.   Consume up to but not including the first BWS, "=", ";", or
          "," character, or up to the end of input, and let the result
          be parameter_name.
     6.   Consume any leading BWS.
     7.   If the next character is "=":
          1.  Discard the leading "=" character.
          2.  Consume any leading BWS.
          3.  If the next character is DQUOTE, let parameter_value be
              the result of Parsing a Quoted String (Appendix B.4)
              from input (consuming zero or more characters of it).
          4.  Else, consume the contents up to but not including the
              first ";" or "," character, or up to the end of input,
              and let the results be parameter_value.
          5.  If the last character of parameter_name is an asterisk
              ("*"), decode parameter_value according to [RFC8187].
              Continue processing input if an unrecoverable error is
              encountered.
     8.   Else:
          1.  Let parameter_value be an empty string.
     9.   Case-normalise parameter_name to lowercase.
     10.  Append (parameter_name, parameter_value) to parameters.
     11.  Consume any leading OWS.
     12.  If the next character is "," or the end of input, stop
          processing input and return parameters.

B.4. Parsing a Quoted String

 This algorithm parses a quoted string, as per [RFC7230],
 Section 3.2.6.  Given input, an ASCII string, it returns an unquoted
 string. input is modified to remove the parsed string.
 1.  Let output be an empty string.
 2.  If the first character of input is not DQUOTE, return output.
 3.  Discard the first character.
 4.  While input has content:
     1.  If the first character is a backslash ("\"):
         1.  Discard the first character.
         2.  If there is no more input, return output.
         3.  Else, consume the first character and append it to
             output.
     2.  Else, if the first character is DQUOTE, discard it and return
         output.
     3.  Else, consume the first character and append it to output.
 5.  Return output.

Nottingham Standards Track [Page 23] RFC 8288 Web Linking October 2017

Appendix C. Changes from RFC 5988

 This specification has the following differences from its
 predecessor, RFC 5988:
 o  The initial relation type registrations were removed, since
    they've already been registered by RFC 5988.
 o  The introduction has been shortened.
 o  The "Link Relation Application Data" registry has been removed.
 o  Incorporated errata.
 o  Updated references.
 o  Link cardinality was clarified.
 o  Terminology was changed from "target IRI" and "context IRI" to
    "link target" and "link context", respectively.
 o  Made assigning a URI to registered relation types serialisation
    specific.
 o  Removed misleading statement that the Link header field is
    semantically equivalent to HTML and Atom links.
 o  More carefully defined and used "link serialisations" and "link
    applications."
 o  Clarified the cardinality of target attributes (generically and
    for "type").
 o  Corrected the default link context for the Link header field, to
    be dependent upon the identity of the representation (as per
    RFC 7231).
 o  Defined a suggested parsing algorithm for the Link header.
 o  The value space of target attributes and their definition has been
    specified.
 o  The ABNF has been updated to be compatible with [RFC7230].  In
    particular, whitespace is now explicit.
 o  Some parameters on the HTTP header field can now appear as a
    token.
 o  Parameters on the HTTP header can now be valueless.
 o  Handling of quoted strings is now defined by [RFC7230].
 o  The "type" header field parameter now needs to be quoted (as
    "token" does not allow "/").

Author's Address

 Mark Nottingham
 Email: mnot@mnot.net
 URI:   https://www.mnot.net/

Nottingham Standards Track [Page 24]

/data/webs/external/dokuwiki/data/pages/rfc/rfc8288.txt · Last modified: 2017/10/24 23:24 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki