Well-known URI

From Wikipedia, the free encyclopedia
  (Redirected from )
HTTP
Request methods
  • OPTIONS
  • GET
  • HEAD
  • POST
  • PUT
  • DELETE
  • TRACE
  • CONNECT
  • PATCH
Header fields
Response status codes
Security access control methods
Security vulnerabilities
  • v
  • t

A well-known URI is a Uniform Resource Identifier for a URL path prefixes that start with /.well-known/. They are implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistent well-known locations across servers.

Description[]

Well-known URIs are Uniform Resource Identifiers defined by the IETF in RFC 8615.[1] They are URL path prefixes that start with /.well-known/. This implementation is in response to the common expectation for web-based protocols to require certain services or information be available at URLs consistent across servers, regardless of the way URL paths are organized on a particular host. The URIs implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistent well-known locations across servers.

The IETF has defined a simple way for web servers to hold metadata that any user agent (e.g., web browser) can request. The metadata is useful for various tasks, including directing a web user to use an mobile app instead of the website or indicating the different ways that the site can be secured. The well-known locations are used by web servers to share metadata with user agents; sometimes these are files and sometimes these are requests for information from the web server software itself. The way to declare the different metadata requests that can be provided is standardized by the IETF so that other developers know how to find and use this information.

Use[]

The path well-known URI begins with the characters /.well-known/, and whose scheme is "HTTP", "HTTPS", or another scheme that has explicitly been specified to use well-known URIs. As an example, if an application hosts the service "example", the corresponding well-known URIs on https://www.example.com/ would start with https://www.example.com/.well-known/example.[1]

Information shared by a web site as a well-known service is expected to meet a specific standard. Specifications that need to define a resource for such site-wide metadata can register their use with Internet Assigned Numbers Authority (IANA) to avoid collisions and minimize impingement upon sites' URI space.

List of well-known URIs[]

The list below describes known standards for .well-known services that a web server can implement.

URI suffix Description Reference Date of IANA registration
acme-challenge Automated Certificate Management Environment (ACME) [2] 2019-03-01
apple-app-site-association An Apple service that enables secure data exchange between iOS and a website. [3]
apple-developer-merchantid-domain-association Apple Pay [4]
ashrae BACnet - A Data Communication Protocol for Building Automation and Control Networks [5] 2016-01-22
assetlinks.json AssetLinks protocol used to identify one or more digital assets (such as web sites or mobile apps) that are related to the hosting web site in some fashion. [6] 2015-09-28
autoconfig/mail Mozilla Thunderbird mail autoconfiguration service [7]
browserid Mozilla Persona
caldav Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) [8]
carddav Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) [8]
change-password Helps password managers find the URL for the change password section. [9]
coap CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets [10] 2017-12-22
core Constrained RESTful Environments () Link Format [11]
csvm CSV metadata, Model for Tabular Data and Metadata on the Web [12] 2015-09-28
dat Links domain to Dat identifier, used by Beaker web browser.[13] [14]
dnt Site-wide tracking status resource [15] 2015-08-19
dnt-policy.txt A privacy-friendly Do Not Track (DNT) Policy [16] 2015-08-19
est Enrollment over Secure Transport (EST) [17] 2013-08-16
genid The Resource Description Framework (RDF) Skolem IRIs [18] 2012-11-15
gpc Global Privacy Control (GPC) [19]
hoba HTTP Origin-Bound Authentication () [20] 2015-01-20
host-meta Web Host Metadata [21]
host-meta.json Web Host Metadata [21]
http-opportunistic Opportunistic Security for HTTP/2 [22] 2017-03-20
keybase.txt Used by the Keybase project to identify a proof that one or more people whose public keys may be retrieved using the Keybase service have administrative control over the origin server from which it is retrieved. [23] 2014-04-08
matrix Provides discovery for both client and server APIs to the Matrix federated protocol. [24]
mercure Discovery of Mercure hubs. Mercure is a protocol enabling the pushing of data updates to web browsers and other HTTP clients in a fast, reliable and battery-efficient way. [25]
mta-sts.txt SMTP MTA Strict Transport Security Policy [26] 2018-06-21
ni Naming Things with Hashes [27]
nodeinfo Metadata for federated social networking servers [28]
openid-configuration OpenID Connect [29] 2013-08-27
openorg Organisation Profile Document [30] 2015-05-29
openpgpkey OpenPGP Web Key Service [31]
pki-validation CA/Browser Forum’s Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates [32] 2017-02-06
posh PKIX over Secure HTTP (POSH) [33] 2015-09-20
pubvendors.json The IAB pubvendors.json tech spec, which provide a standard for publishers to publicly declare the vendors that they work with, and their respective data rights/configuration. [34] 2020-09-07
reload-config REsource LOcation And Discovery () Base Protocol [35]
repute-template A Reputation Query Protocol [36] 2013-09-30
resourcesync ResourceSync Framework Specification [37] 2017-05-26
security.txt Standard to help organizations define the process for security researchers to disclose security vulnerabilities [38] 2018-08-20
stun-key Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization [39] 2015-06-12
time Time over HTTPS specification [40] 2015-12-09
timezone Time Zone Data Distribution Service [41] 2015-08-03
uma2-configuration User-Managed Access (UMA) 2.0 grant for OAuth 2.0 authorization [42] 2017-06-20
void Describing Linked Datasets with the VoID Vocabulary [43] 2011-05-11
webfinger WebFinger [44] 2013-03-15, 2013-09-06
xrp-ledger.toml XRP ledger node & account information. [45]

References[]

  • "Well-Known URIs". IANA. Retrieved 6 February 2018.

Footnotes[]

  1. ^ a b Nottingham, Mark (May 6, 2019). "Well-Known Uniform Resource Identifiers (URIs)" – via IETF. Cite journal requires |journal= (help)
  2. ^ Barnes, Richard; Hoffman-Andrews, Jacob; McCarney, Daniel; Kasten, James (March 6, 2019). "Automatic Certificate Management Environment (ACME)" – via IETF. Cite journal requires |journal= (help)
  3. ^ "App Search Programming Guide: Support Universal Links". developer.apple.com.
  4. ^ "Apple Developer Documentation". developer.apple.com.
  5. ^ "Proposed Addendum am to Standard 135-2012, BACnet - A Data Communication Protocol for Building Automation and Control Networks" (PDF).
  6. ^ "Getting Started | Google Digital Asset Links". Google Developers.
  7. ^ "Thunderbird:Autoconfiguration - MozillaWiki".
  8. ^ a b Daboo, Cyrus (February 6, 2013). "Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV)" – via IETF. Cite journal requires |journal= (help)
  9. ^ "A Well-Known URL for Changing Passwords". wicg.github.io. Retrieved 2021-10-06.
  10. ^ Bormann, Carsten; Lemay, Simon; Tschofenig, Hannes; Hartke, Klaus; Silverajan, Bill; Raymor, Brian (February 6, 2018). "CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets" – via IETF. Cite journal requires |journal= (help)
  11. ^ Shelby, Zach (August 6, 2012). "Constrained RESTful Environments (CoRE) Link Format" – via IETF. Cite journal requires |journal= (help)
  12. ^ "Model for Tabular Data and Metadata on the Web". www.w3.org. Retrieved 2021-10-06.
  13. ^ "Use a domain name with dat://". beakerbrowser.com. Retrieved 2020-08-24.
  14. ^ "DEP-0005: DNS - Dat Protocol". www.datprotocol.com.
  15. ^ "Tracking Preference Expression (DNT)". www.w3.org. Retrieved 2021-10-06.
  16. ^ "A privacy-friendly Do Not Track (DNT) Policy". Electronic Frontier Foundation. April 24, 2014.
  17. ^ Pritikin, Max; Yee, Peter E.; Harkins, Dan (October 6, 2013). "Enrollment over Secure Transport" – via IETF. Cite journal requires |journal= (help)
  18. ^ "RDF 1.1 Concepts and Abstract Syntax". www.w3.org. Retrieved 2021-10-06.
  19. ^ "Global Privacy Control (GPC)". globalprivacycontrol.github.io.
  20. ^ Farrell, Stephen; Hoffman, Paul E.; Thomas, Michael (March 6, 2015). "HTTP Origin-Bound Authentication (HOBA)". Section 6 – via IETF.
  21. ^ a b Cook, Blaine; Hammer-Lahav, Eran (October 6, 2011). "Web Host Metadata" – via IETF. Cite journal requires |journal= (help)
  22. ^ Nottingham, Mark; Thomson, Martin (May 6, 2017). "Opportunistic Security for HTTP/2". Section 2.3 – via IETF. Cite journal requires |journal= (help)
  23. ^ "The "keybase.txt" Well-Known Resource Identifier". keybase.io.
  24. ^ "Client-Server API".
  25. ^ "Mercure.rocks: Mercure: The Specification". mercure.rocks.
  26. ^ Margolis, Daniel; Risher, Mark; Ramakrishnan, Binu; Brotman, Alex; Jones, Janet (September 6, 2018). "SMTP MTA Strict Transport Security (MTA-STS)" – via IETF. Cite journal requires |journal= (help)
  27. ^ Farrell, Stephen; Kutscher, Dirk; Dannewitz, Christian; Ohlman, Börje; Keränen, Ari; Hallam-Baker, Phillip (April 6, 2013). "Naming Things with Hashes" – via IETF. Cite journal requires |journal= (help)
  28. ^ "NodeInfo". July 19, 2021 – via GitHub.
  29. ^ "Final: OpenID Connect Discovery 1.0 incorporating errata set 1". openid.net.
  30. ^ "Organisation Profile Documents". opd.data.ac.uk.
  31. ^ Koch, Werner. "OpenPGP Web Key Directory" – via IETF. Cite journal requires |journal= (help)
  32. ^ "Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates" (PDF).
  33. ^ Miller, Matthew A.; Saint-Andre, Peter (November 6, 2015). "PKIX over Secure HTTP (POSH)" – via IETF. Cite journal requires |journal= (help)
  34. ^ "web".
  35. ^ Jennings, Cullen; Lowekamp, Bruce; Rescorla, Eric; Baset, Salman; Schulzrinne, Henning (January 6, 2014). "REsource LOcation And Discovery (RELOAD) Base Protocol" – via IETF.
  36. ^ Borenstein, Nathaniel S.; Kucherawy, Murray (November 6, 2013). "A Reputation Query Protocol" – via IETF. Cite journal requires |journal= (help)
  37. ^ "ANSI/NISO Z39.99-2017".
  38. ^ "security.txt". security.txt.
  39. ^ Reddy.K, Tirumaleswar; Patil, Prashanth; R, Ram; Uberti, Justin (August 6, 2015). "Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization" – via IETF. Cite journal requires |journal= (help)
  40. ^ "20151129 Time over HTTPS specification — PHKs Bikeshed". phk.freebsd.dk.
  41. ^ Douglass, Michael; Daboo, Cyrus (March 6, 2016). "Time Zone Data Distribution Service" – via IETF. Cite journal requires |journal= (help)
  42. ^ Maler, E.; Machulak, M.; Richer, J. (January 7, 2018). "User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization". docs.kantarainitiative.org.
  43. ^ "Describing Linked Datasets with the VoID Vocabulary". www.w3.org. Retrieved 2021-10-06.
  44. ^ Jones, Paul; Salgueiro, Gonzalo; Jones, Michael; Smarr, Joseph (September 6, 2013). "WebFinger" – via IETF. Cite journal requires |journal= (help)
  45. ^ "xrp-ledger.toml File | XRPL.org". xrpl.org.
Retrieved from ""