RFC 9264 | Linkset | July 2022 |
Wilde & Van de Sompel | Standards Track | [Page] |
This specification defines two formats and associated media types for representing sets of links as standalone documents. One format is based on JSON, and the other is aligned with the format for representing links in the HTTP "Link" header field. This specification also introduces a link relation type to support the discovery of sets of links.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9264.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Resources on the Web often use typed Web Links [RFC8288], either (1) embedded in resource representations -- for example, using the <link> element for HTML documents or (2) conveyed in the HTTP "Link" header field for documents of any media type. In some cases, however, providing links in this manner is impractical or impossible, and delivering a set of links as a standalone document is preferable.¶
Therefore, this specification defines two formats for representing sets of Web Links and their attributes as standalone documents. One serializes links in the same format as the format used in the HTTP "Link" header field, and the other serializes links in JSON. It also defines associated media types to represent sets of links, and the "linkset" relation type to support the discovery of any resource that conveys a set of links as a standalone document.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This specification uses the terms "link context" and "link target" in the same manner that "Web Linking" [RFC8288] uses them.¶
In the examples provided in this document, links in the HTTP "Link" header field are shown on separate lines in order to improve readability. Note, however, that as per Section 5.5 of "HTTP Semantics" [RFC9110], line breaks are deprecated in values for HTTP fields; only whitespaces and tabs are supported as separators.¶
The following sections describe use cases in which providing links by means of a standalone document instead of in an HTTP "Link" header field or as links embedded in the resource representation is advantageous or necessary.¶
For all scenarios, links could be provided by means of a standalone document that is formatted according to the JSON-based serialization, the serialization aligned with the HTTP "Link" field format, or both. The former serialization is motivated by the widespread use of JSON and related tools, which suggests that handling sets of links expressed as JSON documents should be attractive to developers. The latter serialization is provided for compatibility with the existing serialization used in the HTTP "Link" field and to allow the reuse of tools created to handle it.¶
It is important to keep in mind that when providing links by means of a standalone representation, other links can still be provided using other approaches, i.e., it is possible to combine various mechanisms to convey links.¶
In some cases, it is useful that links pertaining to a resource are provided by a server other than the one that hosts the resource. For example, this allows:¶
In such cases, links pertaining to a resource can be provided by another, specific resource. That specific resource may be managed, by the same custodian or by another custodian, as the resource to which the links pertain. For clients intent on consuming links provided in that manner, it would be beneficial if the following conditions were met:¶
These requirements are addressed in this specification through the definition of two media types and a link relation type, respectively.¶
In some cases, it is not straightforward to write links to the HTTP "Link" header field from an application. This can, for example, be the case because not all required link information is available to the application or because the application does not have the capability to directly write HTTP fields. In such cases, providing links by means of a standalone document can be a solution. Making the resource that provides these links discoverable can be achieved by means of a typed link.¶
When conveying links in an HTTP "Link" header field, it is possible for the size of the HTTP response fields to become unpredictable. This can be the case when links are determined dynamically in a manner dependent on a range of contextual factors. It is possible to statically configure a web server to correctly handle large HTTP response fields by specifying an upper bound for their size. But when the number of links is unpredictable, estimating a reliable upper bound is challenging.¶
Section 15 of "HTTP Semantics" [RFC9110] defines error codes related to excess communication by the user agent ("413 Content Too Large" and "414 URI Too Long"), but no specific error codes are defined to indicate that response field content exceeds the upper bound that can be handled by the server and thus has been truncated. As a result, applications take countermeasures aimed at controlling the size of the HTTP "Link" header field -- for example, by limiting the links they provide to those with select relation types, thereby limiting the value of the HTTP "Link" header field to clients. Providing links by means of a standalone document overcomes challenges related to the unpredictable (to the web server implementation) nature of the size of HTTP "Link" header fields.¶
This section specifies two document formats to convey a set of links. Both are based on the abstract model specified in Section 2 of "Web Linking" [RFC8288], which defines a link as consisting of a "link context", a "link relation type", a "link target", and optional "target attributes":¶
Links provided in the HTTP "Link" header field are intended to be used in the context of an HTTP interaction, and contextual information that is available during an interaction is used to correctly interpret them. Links provided in link sets, however, can be reused outside of an HTTP interaction, when no such contextual information is available. As a result, implementers of link sets should strive to make them self-contained by adhering to the following recommendations.¶
For links provided in the HTTP "Link" header field that have no anchor or that use relative references, the URI of the resource that delivers the links provides the contextual information that is needed for their correct interpretation. In order to support use cases where link set documents are reused outside the context of an HTTP interaction, it is RECOMMENDED to make them self-contained by adhering to the following guidelines:¶
If these recommendations are not followed, the interpretation of links in link set documents will depend on which URI is used as the context.¶
For a "title" attribute provided on a link in the HTTP "Link" header field, the language in which the title is expressed is provided by the "Content-Language" header field of the HTTP interaction with the resource that delivers the links. This does not apply to "title" attributes provided for links in link set documents because that would constrain all links in a link set to having a single title language and would not support determining title languages when a link set is used outside of an HTTP interaction. In order to support use cases where link set documents are reused outside the context of an HTTP interaction, it is RECOMMENDED to make them self-contained by using the "title*" attribute instead of the "title" attribute because "title*" allows expressing the title language as part of its value by means of a language tag. Note that, in this regard, language tags are matched case insensitively (see Section 2.1.1 of [RFC5646]). If this recommendation is not followed, accurately determining the language of titles provided on links in link set documents will not be possible.¶
Note also that Section 3.3 of [RFC8288] deprecates the "rev" construct that was provided by [RFC5988] as a means to express links with a directionality that is the inverse of direct links that use the "rel" construct. In both serializations for link sets defined here, inverse links may be represented as direct links using the "rel" construct and by switching the roles of the resources involved in the link.¶
This document format is nearly identical to the field value of the HTTP "Link" header field as defined in Section 3 of [RFC8288], more specifically by its ABNF [RFC5234] production rule for "Link" and its subsequent rules. It differs from the format for field values of the HTTP "Link" header field only in that not only spaces and horizontal tabs are allowed as separators but also newline characters as a means to improve readability for humans. The use of non-ASCII characters in the field value of the HTTP "Link" header field is not allowed and as such is also not allowed in "application/linkset" link sets.¶
The assigned media type for this format is "application/linkset".¶
When converting an "application/linkset" document to a field value for the HTTP "Link" header field, newline characters MUST be removed or MUST be replaced by whitespace (SP) in order to comply with Section 5.5 of [RFC9110].¶
Implementers of "application/linkset" link sets should strive to make them self-contained by following the recommendations provided in Section 4 regarding their use outside the context of an HTTP interaction.¶
It should be noted that the "application/linkset" format specified here is different from the "application/link-format" format specified in [RFC6690] in that the former fully matches the field value of the HTTP "Link" header field as defined in Section 3 of [RFC8288], whereas the latter introduces constraints on that definition to meet requirements for Constrained RESTful Environments (CoRE).¶
This document format uses JSON [RFC8259] as the syntax to represent a set of links. The set of links follows the abstract model defined by Section 2 of [RFC8288].¶
The assigned media type for this format is "application/linkset+json".¶
In the interests of interoperability, "application/linkset+json" link sets MUST be encoded using UTF-8 as per Section 8.1 of [RFC8259].¶
Implementers of "application/linkset+json" link sets should strive to make them self-contained by following the recommendations provided in Section 4 regarding their use outside the context of an HTTP interaction.¶
The "application/linkset+json" serialization allows for OPTIONAL support of a JSON-LD serialization. This can be achieved by adding an appropriate context to the "application/linkset+json" serialization using the approach described in Section 6.1 of [W3C.REC-json-ld]. Communities of practice can decide which context best meets their application needs. Appendix A shows an example of a possible context that, when added to a JSON serialization, allows it to be interpreted as Resource Description Framework (RDF) data [W3C.REC-rdf11-concepts].¶
In the JSON representation of a set of links:¶
In the JSON representation, one or more links that have the same link context are represented by a JSON object -- the link context object. A link context object adheres to the following rules:¶
For each distinct relation type that the link context has with link targets, a link context object MUST contain an additional member. The value of this member is an array in which a distinct JSON object -- the "link target object" (see Section 4.2.3) -- MUST be used for each link target for which the relationship with the link context (value of the encompassing "anchor" member) applies. The name of this member expresses the relation type of the link as follows:¶
In the JSON representation, a link target is represented by a JSON object -- the link target object. A link target object adheres to the following rules:¶
The following example of a JSON-serialized set of links represents one link with its core components: link context, link relation type, and link target.¶
The following example of a JSON-serialized set of links represents two links that share a link context and relation type but have different link targets.¶
The following example shows a set of links that represents two links, each with a different link context, link target, and relation type. One relation type is registered, and the other is an extension relation type.¶
A link may be further qualified by target attributes as defined by Section 2 of [RFC8288]. Three types of attributes exist:¶
The handling of these different types of attributes is described in the sections below.¶
Section 3.4.1 of [RFC8288] defines the following target attributes that may be used to annotate links: "hreflang", "media", "title", "title*", and "type"; these target attributes follow different occurrence and value patterns. In the JSON representation, these attributes MUST be conveyed as additional members of the link target object as follows:¶
The following example illustrates how the "hreflang" (repeatable) target attribute and the "type" (not repeatable) target attribute are represented in a link target object.¶
In addition to the target attributes described in Section 4.2.4.1, Section 3.4 of [RFC8288] also supports attributes that follow the content model of [RFC8187]. In [RFC8288], these target attributes are recognizable by the use of a trailing asterisk in the attribute name, such as "title*". The content model of [RFC8187] uses a string-based microsyntax that represents the character encoding, an optional language tag, and the escaped attribute value encoded according to the specified character encoding.¶
The JSON serialization for these target attributes MUST be as follows:¶
The following example illustrates how the "title*" target attribute as defined by Section 3.4.1 of [RFC8288] is represented in a link target object.¶
The above example assumes that the German title contains an umlaut character (in the original syntax, it would be encoded as title*=UTF-8'de'n%c3%a4chstes%20Kapitel), which gets encoded in its unescaped form in the JSON representation. Implementations MUST properly decode/encode internationalized target attributes that follow the model of [RFC8187] when transcoding between the "application/linkset" format and the "application/linkset+json" format.¶
Extension target attributes (e.g., as listed in Section 4.2.4.1) are attributes that are not defined by Section 3.4.1 of [RFC8288] but are nevertheless used to qualify links. They can be defined by communities in any way deemed necessary, and it is up to them to make sure their usage is understood by target applications. However, lacking standardization, there is no interoperable understanding of these extension attributes. One important consequence is that their cardinality is unknown to generic applications. Therefore, in the JSON serialization, all extension target attributes are treated as repeatable.¶
The JSON serialization for these target attributes MUST be as follows:¶
The following example shows a link target object with three extension target attributes. The value for each extension target attribute is an array. The first two are regular extension target attributes, with the first one ("foo") having only one value and the second one ("bar") having two. The last extension target attribute ("baz*") follows the naming rule of [RFC8187] and therefore is encoded according to the serialization described in Section 4.2.4.2.¶
The Web Linking model [RFC8288] provides for the use of extension target attributes as discussed in Section 4.2.4.3. The use of other forms of extensions is NOT RECOMMENDED. Limiting the JSON format in this way allows unambiguous round trips between links provided in the HTTP "Link" header field, sets of links serialized according to the "application/linkset" format, and sets of links serialized according to the "application/linkset+json" format.¶
Cases may exist in which the use of extensions other than those discussed in Section 4.2.4.3 may be useful -- for example, when a link set publisher needs to include descriptive or technical metadata for internal consumption. If such extensions are used, they MUST NOT change the semantics of the JSON members defined in this specification. Agents that consume JSON linkset documents can safely ignore such extensions.¶
As a means to convey specific constraints or conventions (as per [RFC6906]) that apply to a link set document, the "profile" parameter MAY be used in conjunction with the media types "application/linkset" and "application/linkset+json" as detailed in Sections 4.1 and 4.2, respectively. For example, the parameter could be used to indicate that a link set uses a specific, limited set of link relation types.¶
The value of the "profile" parameter MUST be a non-empty list of space-separated URIs, each of which identifies specific constraints or conventions that apply to the link set document. When providing multiple profile URIs, care should be taken that the corresponding profiles are not conflicting. Profile URIs MAY be registered in the IANA's "Profile URIs" registry in the manner specified by [RFC7284].¶
The presence of a "profile" parameter in conjunction with the "application/linkset" and "application/linkset+json" media types does not change the semantics of a link set. As such, clients with and without knowledge of profile URIs can use the same representation.¶
Section 7.4.2 shows an example of using the "profile" parameter in conjunction with the "application/linkset+json" media type.¶
The target of a link with the "linkset" relation type provides a set of links, including links in which the resource that is the link context participates.¶
A link with the "linkset" relation type MAY be provided in the header field and/or the body of a resource's representation. It may also be discovered by other means, such as through client-side information.¶
A resource MAY provide more than one link with a "linkset" relation type. Multiple such links can refer to the same set of links expressed using different media types, or to different sets of links, potentially provided by different third-party services.¶
The set of links provided by the resource that is the target of a "linkset" link may contain links in which the resource that is the context of the "linkset" link does not participate. User agents MUST process each link in the link set independently, including processing of the link context and link target, and MAY ignore links from the link set in which the context of the "linkset" link does not participate.¶
A user agent that follows a "linkset" link and obtains links for which anchors and targets are expressed as relative references (as per Section 4.1 of [RFC3986]) MUST determine what the context is for these links; it SHOULD ignore links for which it is unable to unambiguously make that determination.¶
As a means to convey specific constraints or conventions (as per [RFC6906]) that apply to a link set document, the "profile" attribute MAY be used in conjunction with the "linkset" link relation type. For example, the attribute could be used to indicate that a link set uses a specific, limited set of link relation types. The value of the "profile" attribute MUST be a non-empty list of space-separated URIs, each of which identifies specific constraints or conventions that apply to the link set document. Profile URIs MAY be registered in the IANA's "Profile URIs" registry in the manner specified by [RFC7284]. Section 7.4.1 shows an example of using the "profile" attribute on a link with the "linkset" relation type, making both the link set and the profile(s) to which it complies discoverable.¶
Sections 7.1 and 7.2 show examples whereby a set of links is provided as "application/linkset" and "application/linkset+json" documents, respectively. Section 7.3 illustrates the use of the "linkset" link relation type to support the discovery of sets of links, and Section 7.4 shows how to convey profile information pertaining to a link set.¶
Figure 7 shows a client issuing an HTTP GET request against resource <https://example.org/links/resource1>.¶
Figure 8 shows the response to the GET request of Figure 7. The response contains a "Content-Type" header field specifying that the media type of the response is "application/linkset". A set of links, revealing authorship and versioning related to resource <https://example.org/resource1>, is provided in the response body. The HTTP "Link" header field indicates the availability of an alternate representation of the set of links using media type "application/linkset+json".¶
Figure 9 shows the client issuing an HTTP GET request against <https://example.org/links/resource1>. In the request, the client uses an "Accept" header field to indicate that it prefers a response in the "application/linkset+json" format.¶
Figure 10 shows the response to the HTTP GET request of Figure 9. The set of links is serialized according to the media type "application/linkset+json".¶
Figure 11 shows a client issuing an HTTP HEAD request against resource <https://example.org/resource1>.¶
Figure 12 shows the response to the HEAD request of Figure 11. The response contains an HTTP "Link" header field with a link that has the "linkset" relation type. It indicates that a set of links is provided by resource <https://example.org/links/resource1>, which provides a representation with media type "application/linkset+json".¶
The examples in this section illustrate the use of the "profile" attribute for a link with the "linkset" link relation type and the "profile" attribute for a link set media type. The examples are inspired by the implementation of link sets by GS1 (the standards body behind many of the world's barcodes).¶
Figure 13 shows a client issuing an HTTP HEAD request against trade item 09506000134352 at <https://id.gs1.org/01/9506000134352>.¶
Figure 14 shows the server's response to the request of Figure 13, including a "linkset" link with a "profile" attribute that has the profile URI <https://www.gs1.org/voc/?show=linktypes> as its value. Dereferencing that URI yields a profile document that lists all the link relation types that a client can expect when requesting the link set made discoverable by the "linkset" link. The link relation types are presented in abbreviated form, e.g., <gs1:activityIdeas>, whereas the actual link relation type URIs are available as hyperlinks on the abbreviations, e.g., <https://www.gs1.org/voc/activityIdeas>. For posterity, that profile document was saved in the Internet Archive at <https://web.archive.org/web/20210927160406/https://www.gs1.org/voc/?show=linktypes> on 27 September 2021.¶
Figure 15 shows a client issuing an HTTP HEAD request against the link set <https://id.gs1.org/01/9506000134352?linkType=all> that was discovered through the HTTP interactions shown in Section 7.4.1.¶
Figure 16 shows the server's response to the request of Figure 15. Note the "profile" parameter for the "application/linkset+json" media type, which has as its value the same profile URI <https://www.gs1.org/voc/?show=linktypes> as was used in Figure 14.¶
Note that the response shown in Figure 16 from the link set resource is equivalent to the response shown in Figure 17, which leverages the "profile" link relation type defined in [RFC6906].¶
A link with a "profile" link relation type as shown in Figure 17 can also be conveyed in the link set document itself. This is illustrated by Figure 18. Following the recommendation that all links in a link set document should have an explicit anchor, such a link has the URI of the link set itself as the anchor and the profile URI as the target. Multiple profile URIs are handled by using multiple "href" members.¶
The link relation type below has been registered by IANA in the "Link Relation Types" registry as per Section 4.2 of [RFC8288]:¶
The Internet media type "application/linkset" for a linkset encoded as described in Section 4.1 has been registered by IANA in the "Media Types" registry as per [RFC6838].¶
The Internet media type "application/linkset+json" for a linkset encoded as described in Section 4.2 has been registered by IANA in the "Media Types" registry as per [RFC6838].¶
The security considerations of Section 7 of [RFC3986] apply, as well as those of Web Linking [RFC8288] as long as the latter are not specifically discussing the risks of exposing information in HTTP header fields.¶
In general, links may cause information leakage when they expose information (such as URIs) that can be sensitive or private. Links may expose "hidden URIs" that are not supposed to be openly shared and that may not be sufficiently protected. Ideally, none of the URIs exposed in links should be supposed to be "hidden"; instead, if these URIs are supposed to be limited to certain users, then technical measures should be put in place so that accidentally exposing them does not cause any harm.¶
For the specific mechanisms defined in this specification, two security considerations should be taken into account:¶
A set of links rendered according to the JSON serialization defined in Section 4.2 can be interpreted as RDF triples by adding a JSON-LD context [W3C.REC-json-ld] that maps the JSON keys to corresponding Linked Data terms. And, as per Section 6.1 of [W3C.REC-json-ld], when delivering a link set that is rendered according to the "application/linkset+json" media type to a user agent, a server can convey the availability of such a JSON-LD context by using a link with the relation type "http://www.w3.org/ns/json-ld#context" in the HTTP "Link" header field.¶
Figure 19 shows the response to an HTTP GET against the URI of a link set resource and illustrates this approach to support the discovery of a JSON-LD context. This example is inspired by the GS1 implementation and shows a link set that uses relation types from the GS1 vocabulary at <https://www.gs1.org/voc/> that are expressed as HTTP URIs.¶
In order to obtain the JSON-LD context conveyed by the server, the user agent issues an HTTP GET against the link target of the link with the "http://www.w3.org/ns/json-ld#context" relation type. The response to this GET is shown in Figure 20. This particular JSON-LD context maps "application/linkset+json" representations of link sets to Dublin Core terms [DCMI-TERMS]. Note that the "linkset" entry in the JSON-LD context is introduced to support links with the "linkset" relation type in link sets.¶
Applying the JSON-LD context of Figure 20 to the link set of Figure 19 allows transforming the "application/linkset+json" link set to an RDF link set. Figure 21 shows the latter represented by means of the "text/turtle" RDF serialization.¶
Thanks for comments and suggestions provided by Phil Archer, Dominique Guinard, Mark Nottingham, Julian Reschke, Rob Sanderson, Stian Soiland-Reyes, Sarven Capadisli, and Addison Phillips.¶