Difference between revisions of "Endpoint"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
  
 
==Context==
 
==Context==
Endpoints have been defined in may standardized contexts.
+
Endpoints have been defined in many standardized contexts.
 
* [https://hl7.org/fhir/R4/endpoint.html The FHIR Resource Endpoint]
 
* [https://hl7.org/fhir/R4/endpoint.html The FHIR Resource Endpoint]
 
*
 
*
Line 12: Line 12:
 
## IP V6
 
## IP V6
 
# URL addresses which are converted to IP addresses by a [[DNS]]
 
# URL addresses which are converted to IP addresses by a [[DNS]]
## Web addresses which use the URL scheme HTTP:// or the preferred HTTPS://
+
## Web addresses which use the URL scheme HTTP:// or the preferred HTTPS:// These are the ones of particular interest here.
## Other application specific URL schemes, like media or datagram.
+
## Other application specific URL schemes, like streaming media or data-gram.
  
 
==Problem==
 
==Problem==

Latest revision as of 20:28, 25 April 2023

Full Title or Meme

An Endpoint is typically a URL addressing one service of a Web Site.

Context

Endpoints have been defined in many standardized contexts.

There are two broad classes of endpoints.

  1. IP address
    1. IP V4 which are of the form 123.045.067.089
    2. IP V6
  2. URL addresses which are converted to IP addresses by a DNS
    1. Web addresses which use the URL scheme HTTP:// or the preferred HTTPS:// These are the ones of particular interest here.
    2. Other application specific URL schemes, like streaming media or data-gram.

Problem

  • It has been recognized for many years that URLs (and hence Endpoints are poor substitutes for Web Site Identifiers[1]. Yet no one has found a suitable substitute.
  • Many standards have been focused on setting new endpoints for every service defined by the web site.
  • Since endpoints are just URLs their ability to access sign in credentials or cookies is determined by policies set by the browser manufacturer or, possibly, by an administrator. These policies are subject to changes that are never explained, or even explainable, to the user.
  • Since endpoint policy is not under the control of the standards, there is no chance for them to make it really clear when an endpoint will be consider to be a part of the origin and thus not subject to cross-origin policies.

Security

Like any URL access point, and device Endpoint is subject to worldwide attacks.

Solution

A good solution is still being sought; here are some ideas:

References

  1. Jakob Nielsen, URL as UI https://www.nngroup.com/articles/url-as-ui/