WDIFF

draft-duerst-iri-00.txt --> draft-duerst-iri-01.txt

Network Working Group M. Duerst
Internet-Draft W3C/Keio University
Expires: October 16, December 30, 2002 M. Suignard
Microsoft Corporation
April 17,
July 1, 2002

Internationalized Resource Identifiers (IRI)
draft-duerst-iri-00
draft-duerst-iri-01

Status of this Memo

This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on October 16, December 30, 2002.

Abstract

This document defines a new protocol element, the Internationalized
Resource Identifier (IRI), as a complement to the URI [RFC2396]. An
IRI is a sequence of characters from the Universal Character Set
[ISO10646]. A mapping from IRIs to URIs is defined, which means that
IRIs can be used instead of URIs where appropriate to identify
resources.

The approach of defining a new protocol element was chosen, instead
of extending or changing the definition of URIs, to allow a clear
distinction and to avoid incompatibilities with existing software.

Duerst & Suignard Expires October 16, December 30, 2002 [Page 1]
Internet-Draft Internationalized Resource Identifiers April July 2002

Guidelines for the use and deployment of IRIs in various protocols,
formats, and software components that now deal with URIs are
provided.

Section 1 introduces concepts, definitions, and the scope of this
specification. Section 2 discusses the IRI syntax and conversion
between IRIs and URIs. Section 3 deals with limitations on
characters appropriate for use in IRIs, and with processing of IRIs.
Section 4 discusses software requirements for IRIs from an
operational viewpoint.

NOTE

This draft replaces draft-masinter-url-i18n-08.txt. This document is a product of the Internationalization Working Group
(I18N WG) of the World Wide Web Consortium (W3C). For general
discussion, please use the www-i18n-comments@w3.org mailing list
(publicly archived at
http://lists.w3.org/Archives/Public/www-i18n-comments/). http://lists.w3.org/Archives/Public/www-i18n-
comments/). For more information on the topic of this document,
please also see [W3CIRI] and [Duer01].

Duerst & Suignard Expires October 16, 2002 [Page 2]

Internet-Draft Internationalized Resource Identifiers April 2002

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 Overview and Motivation . . . . . . . . . . . . . . . . . . . 4
1.2 Applicability . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. IRI Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Summary of IRI syntax Syntax . . . . . . . . . . . . . . . . . . . . 6
2.2 ABNF for IRI References and IRIs . . . . . . . . . . . . . . . 6
2.3 Mapping of IRIs to URIs IRI Equivalence and Normalization . . . . . . . . . . . . . . 9
3. Relationship between IRIs and URIs . . . . 8
2.3.1 When to convert from . . . . . . . . . . 10
3.1 Mapping of IRIs to URIs . . . . . . . . . . . . . 10
2.4 . . . . . . 11
3.2 Converting URIs to IRIs . . . . . . . . . . . . . . . . . . 10
3. Considerations for use of IRIs . . 12
4. Bidirectional IRIs for Right-to-left Languages . . . . . . . . 13
4.1 Bidi IRI Structure . . . . . 11
3.1 IRI Character Limitations . . . . . . . . . . . . . . . . . 11
3.2 Bidirectional 14
4.2 Visual Rendering of Bidi IRIs for right-to-left languages . . . . . . . 13
3.3 Processing IRIs . . . . . . . . . 14
4.3 Input of Bidi IRIs . . . . . . . . . . . . . 13
4. Software requirements . . . . . . . . . 15
5. Use of IRIs . . . . . . . . . . 14
4.1 URI/IRI software interfaces . . . . . . . . . . . . . . . 15
5.1 Limitations on UCS Character Allowed in IRI . 14
4.2 URI/IRI entry . . . . . . . . 15
5.2 Software Interfaces and Protocols . . . . . . . . . . . . . . 16
5.3 Format of URIs and IRIs in Documents and Protocols . 14
4.3 URI/IRI generation . . . . . 17
5.4 Relative IRI References . . . . . . . . . . . . . . . . 15
4.4 URI/IRI selection . . . 17
6. URI/IRI Processing Guidelines (informative) . . . . . . . . . 17
6.1 URI/IRI Software Interfaces . . . . . . . . . 16
4.5 Display of URIs/IRIs . . . . . . . . 18
6.2 URI/IRI Entry . . . . . . . . . . . . 16
4.6 Interpretation of URI/IRIs . . . . . . . . . . . . 18
6.3 URI/IRI Generation . . . . . 17
4.7 Transportation of URI/IRIs in document formats and protocols 18
5. Upgrading strategy . . . . . . . . . . . . . . . . . 19
6.4 URI/IRI Selection . . . . 18
6. Security considerations . . . . . . . . . . . . . . . . . . 19
7. Acknowlegdements .
6.5 Display of URIs/IRIs . . . . . . . . . . . . . . . . . . . . . 20
References
6.6 Interpretation of URIs and IRIs . . . . . . . . . . . . . . . 20
6.7 Upgrading Strategy . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . 21
7. Security Considerations . . . . . . . . . 23
Full Copyright Statement . . . . . . . . . . 21
8. Change log . . . . . . . . 24

Duerst . . . . . . . . . . . . . . . . . . 22
9. Acknowlegdements . . . . . . . . . . . . . . . . . . . . . . . 23
References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 26

Duerst & Suignard Expires October 16, December 30, 2002 [Page 2]
Internet-Draft Internationalized Resource Identifiers July 2002

Full Copyright Statement . . . . . . . . . . . . . . . . . . . 27

Duerst & Suignard Expires December 30, 2002 [Page 3]
Internet-Draft Internationalized Resource Identifiers April July 2002

1. Introduction

1.1 Overview and Motivation

A URI is defined in [RFC2396] as a sequence of characters chosen from
a limited subset of the repertoire of US-ASCII characters.

The characters in URIs are frequently used for representing words of
natural languages. Such usage has many advantages: such URIs are
easier to memorize, easier to interpret, easier to transcribe, easier
to create, and easier to guess. For most languages other than
English, however, the natural script uses characters other than A-Z.
For many people, handling Latin characters is as difficult as
handling the characters of other scripts is for people who use only
the Latin alphabet. Many languages with non-Latin scripts do have
transcriptions to Latin letters and such transcriptions are now often
used in URIs, but they introduce additional ambiguities.

The infrastructure for the appropriate handling of characters from
local scripts is now widely deployed in local versions of operating
system and application software. Software that can handle a wide
variety of scripts and languages at the same time is increasingly
widespread. Also, there are increasing numbers of protocols and
formats that can carry a wide range of characters.

This document defines a new protocol element, called IRI
(Internationalized Resource Identifier), by extending the syntax of
URIs to a much wider repertoire of characters. It also defines
"internationalized" versions corresponding to other constructs from
[RFC2396], such as URI references.

Using characters outside of A-Z in IRIs brings with it some
difficulties; a discussion of potential problems and workarounds can
be found in the later sections of this document.

URIs often contain Internet host names embedded within them. There
is an ongoing discussion of internationalization and host names; the
specific issues of the relationship of IRIs and possible future
"internationalized" host names are not discussed here. (See [IDN-
URI] for a separate proposal.)

1.2 Applicability

IRIs are designed to be compatible with recent recommendations on URI
syntax [RFC2718]. The compatibility is provided by providing a well
defined and deterministic mapping from the IRI character sequence to
the functionally equivalent URI character sequence. Practical use of
IRIs (or IRI references) in place of URIs (or URI references) depends
on the following conditions being met:

Duerst & Suignard Expires October 16, 2002 [Page 4]

Internet-Draft Internationalized Resource Identifiers April 2002

a. The protocol or format element used should be explicitly
designated to carry IRIs. That is, the intent is not to
introduce IRIs into contexts that are not defined to accept
them. For examlpe, example, XML schema [XMLSchema] has an explicit type

Duerst & Suignard Expires December 30, 2002 [Page 4]
Internet-Draft Internationalized Resource Identifiers July 2002

"anyURI" that can be used to designate designates the use of IRIs.

b. The protocol or format carrying the IRIs must have a mechanism
to represent the wide range of characters used in IRIs, either
natively or by some protocol- or format-specific escaping
mechanism (for example numeric character references in [XML1]).

c. Either by definition for all the URIs of a specific URI
scheme, or at least for some specific URIs, the encoding of
non-ASCII characters has to be based on UTF-8. For new URI
schemes, this is recommended in [RFC2718]. This allows IRIs to
be used with the URN syntax [RFC2141] as well as recent URL
scheme definitions based on UTF-8, such as IMAP URLs [RFC2192]
and POP URLs [RFC2384]. This condition may also apply to only
a piece of a URI (reference), such as the fragment identifier.

In cases and for pieces where an encoding other than UTF-8 is used,
and for raw binary data encoded in URIs (see [RFC2397]), the octets
have to be %-escaped. In these situations, the ability of IRIs to
directly represent a wide character repertoire cannot be used.

1.3 Definitions

The following definitions are used in this document; they follow the
terms in [RFC2130] [RFC2130], [RFC2277] and [RFC2277]: [ISO10646]:

character: An abstract object with A member of a separate identity. set of elements used for the
organization, control, or representation of data. For example,
"LATIN CAPITAL LETTER A" names a character.

octet: 8 an ordered sequence of eight bits considered as a unit

character repertoire: A set of characters (in the mathematical
sense)

sequence of characters: A sequence (one after another) of
characters

sequence of octets: A sequence (one after another) of octets

(character) encoding: A method of representing a sequence of
characters as a sequence of octets (maybe with variants). A
method of (unambiguously) converting a sequence of octets into
a sequence of characters.

Duerst & Suignard Expires October 16, 2002 [Page 5]

Internet-Draft Internationalized Resource Identifiers April 2002

code point: A placeholder for a character in a character encoding,
for example to encode additional characters in future versions
of the character encoding.

Duerst & Suignard Expires December 30, 2002 [Page 5]
Internet-Draft Internationalized Resource Identifiers July 2002

charset: The name of a parameter or attribute used to identify a
character encoding.

2. IRI Syntax

This section defines the syntax of Internationalized Resource
Identifiers (IRIs).

As with URIs, an IRI is defined as a sequence of characters, not as a
sequence of octets. This definition accommodates the fact that IRIs
may be written on paper or read over the radio as well as being
transmitted over the network. The same IRI may be represented as
different sequences of octets in different protocols or documents if
these protocols or documents use different character encodings and/or
transfer encodings. Using the same character encoding as the
containing protocol or document assures that the characters in the
IRI can be handled (searched, converted, displayed,...) in the same
way as the rest of the protocol or document.

2.1 Summary of IRI syntax Syntax

IRIs are defined similarly to URIs in [RFC2396] (as modified by
[RFC2732]),
[RFC2732] and [IDNURI]), but the class of unreserved characters is
extended by adding all the characters of the UCS (Universal Character
Set, [ISO10646]) beyond U+0080, subject to the limitations given in
Section 3. 5.1.

Otherwise, the syntax and use of components and reserved characters
is the same as that in [RFC2396]. All the operations defined in
[RFC2396], such as the resolution of relative URIs, can be applied to
IRIs by IRI-processing software in exactly the same way as this is
done to URIs by URI-processing software.

Characters outside the US-ASCII range MUST NOT be used for
syntactical purposes such as to delimit components in newly defined
schemes. As an example, it is not allowed to use U+00A2, CENT SIGN,
as a delimiter, because it is in the 'iunreserved' category, in the
same way as it is not possible to use '-' as a delimiter, because it
is in the 'unreserved' category.

2.2 ABNF for IRI References and IRIs

While it might be possible to define IRI references and IRIs merely

Duerst & Suignard Expires October 16, 2002 [Page 6]

Internet-Draft Internationalized Resource Identifiers April 2002
by their transformation to URIs, they can also be accepted and
processed directly. Therefore, an ABNF definition for IRI references
(which are the most general concept and the start of the grammar) and
IRIs is given here.

Duerst & Suignard Expires December 30, 2002 [Page 6]
Internet-Draft Internationalized Resource Identifiers July 2002

The following rules are different form from [RFC2396]:

IRI-reference = [ absoluteIRI | relativeIRI ] [ "#" ifragment ]
absoluteIRI = scheme ":" ( ihier_part | iopaque_part )
relativeIRI = ( inet_path | iabs_path | irel_path )
[ "?" iquery ]
ihier_part = ( inet_path | iabs_path ) [ "?" iquery ]
iopaque_part = iric_no_slash *iric
iric_no_slash = iunreserved | escaped | ";" | "?" | ":" | "@" |
"&" | "=" | "+" | "$" | ","
inet_path = "//" iauthority [ iabs_path ]
iabs_path = "/" ipath_segments
irel_path = irel_segment [ iabs_path ]
irel_segment = 1*( iunreserved | escaped |
";" | "@" | "&" | "=" | "+" | "$" | "," )
iauthority = server iserver | ireg_name
ireg_name = 1*( iunreserved | escaped | "$" | "," |
";" | ":" | "@" | "&" | "=" | "+" )
iserver = [ [ userinfo "@" ] ihostport ]
iuserinfo = *( iunreserved | escaped |
";" | ":" | "&" | "=" | "+" | "$" | "," )
ihostport = ihost [ ":" port ]
ihost = ihostname | IPv4address | IPv6reference
ihostname = << as specified by [IDNA] >>
ipath_segments = isegment *( "/" isegment )
isegment = *ipchar *( ";" iparam )
iparam = *ipchar
ipchar = iunreserved | escaped |
":" | "@" | "&" | "=" | "+" | "$" | ","
iquery = *iric
ifragment = *iric
iric = reserved | iunreserved | escaped
iunreserved = ichar | unreserved
ichar = << allowed character of the UCS [ISO10646] of beyond

U+009F, subject to the limitations in
Section 3.1. >> |
space | delims | unwise

Note that the space character and various delimiters are allowed in
IRIs and IRI references. This is further discussed in section 3.1,
point b. Section 5.1.

Duerst & Suignard Expires October 16, December 30, 2002 [Page 7]
Internet-Draft Internationalized Resource Identifiers April July 2002

The following describe the allowed characters of the UCS [ISO10646]
using the UCS-4 encoding notation for these characters:

U+00A0-U+D7FF
U+F900-U+FDCF
U+FDF0-U+FFEF
U+10000-U+1FFFD
U+20000-U+2FFFD
U+30000-U+3FFFD
U+40000-U+4FFFD
U+50000-U+5FFFD
U+60000-U+6FFFD
U+70000-U+7FFFD
U+80000-U+8FFFD
U+90000-U+9FFFD
U+A0000-U+AFFFD
U+B0000-U+BFFFD
U+C0000-U+CFFFD
U+D0000-U+DFFFD
U+E1000-U+EFFFD

Duerst & Suignard Expires December 30, 2002 [Page 8]
Internet-Draft Internationalized Resource Identifiers July 2002

The following are the same as [RFC2396] as modified by [RFC2732]:

reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
"$" | "," | "[" | "]"
unreserved = alphanum | mark
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" |
"(" | ")"
escaped = "%" HEXDIG HEXDIG
server = [ [ userinfo "@" ] hostport ]
userinfo hex hex
hex = *( unreserved digit | escaped "A" |
";" "B" | ":" "C" | "&" "D" | "=" "E" | "+" "F" | "$"
"a" | "," )
hostport = host [ ":" port ]
host = hostname "b" | IPv4address "c" | IPv6reference "d" | "e" | "f"
IPv6reference = "[" IPv6address "]"
hostname = *( domainlabel "." ) toplabel [ "." ]
domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
toplabel = alpha | alpha *( alphanum | "-" ) alphanum
IPv6address = hexpart [ ":" IPv4address ]
IPv4address = 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT
hexpart = hexseq | hexseq "::" [ hexseq ] | "::"
[ hexseq ]
hexseq = hex4 *( ":" hex4)
hex4 = 1*4HEXDIG 1*4hex
port = *DIGIT
scheme = alpha *( alpha | digit | "+" | "-" | "." )
alphanum = alpha | digit
alpha = lowalpha | upalpha
lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" |
"i" |
"j" | "k" | "l" | "m" | "n" | "o" | "p" | "q" |
"r" |
"s" | "t" | "u" | "v" | "w" | "x" | "y" | "z"
upalpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" |
"I" |
"J" | "K" | "L" | "M" | "N" | "O" | "P" | "Q" |
"R" |
"S" | "T" | "U" | "V" | "W" | "X" | "Y" | "Z"
digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
"8" | "9"
space = <US-ASCII << US-ASCII coded character 20 hexadecimal> hexadecimal >>
delims = "<" | ">" | "#" | "%" | <">
unwise = "{" | "}" | "|" | "\" | "^" | "`"

2.3 Mapping of IRIs to URIs

This section defines how to map an IRI to a URI. Everything in this
section applies also to IRI references Equivalence and URI references, as well Normalization

There is no general rule or procedure to decide whether two arbitrary
IRIs are equivalent or not (i.e. refer to the same resource or not).
Two IRIs that look almost the same may refer to different resources.
Two IRIs that look completely different may refer to, and resolve to,
the same resource.

In some scenarios, such as
components thereof (for example fragment identifiers).

This mapping has XML Namespaces ([XMLNamespace]), a
definite answer to the question of IRI equivalence is needed that is
independent of the scheme used and always can be calculated quickly
and without accessing a network. In such cases, two purposes:

a) Syntactical: Many URI schemes IRIs SHOULD be
defined as equivalent if and components define additional
syntactical restrictions not captured in Section 2.2. Such only if they are character-by-character
equivalent (which is the same as byte-by-byte equivalent if the

Duerst & Suignard Expires October 16, December 30, 2002 [Page 8] 9]
Internet-Draft Internationalized Resource Identifiers April July 2002

restrictions can be applied to IRIs by noting that

character encoding for both IRIs are
only valid if they is the same). In such a case, the
comparison function MUST NOT map the IRIs to syntactically valid URIs. This means

It follows from the above that such syntactical restrictions do not have to IRIs SHOULD NOT be defined
again on modified when being
transported.

For actual resolution, differences in escaping (except for the IRI level.

b) Interpretational: URIs identify resources
escaping of reserved characters) MUST always result in various ways.
IRIs also identify resources. The resource that an IRI
identifies is the same as the one identified by the URI
obtained after converting the IRI according
resource. For example, foo://example.com/XML, foo://example.com/
XM%4C, and foo://example.com/XM%4c must resolve to the procedure
defined here. This means that there same resource.
If this kind of equivalence is no need to define the
association between identifier and resource again on be tested, the IRI
level.

This mapping is accomplished in two parts. Part A) is skipped if the
input is already in a UCS-based encoding (for escaping of both
IRIs to be compared has to be aligned, for example UTF-8 or UTF-
16). In that case, it is assumed by converting both
IRIs to URIs (see Section 3.1) and making sure that the IRI is already case of the
hexadecimal characters in NFC.

Part A) This part has three variants, depending on where the input
comes from.

Variant 1) a) Start with an IRI written %-escape is always the same. Such
conversions MUST only be done on paper or read out
loud, or otherwise represented as a sequence of
characters independent of any encoding. b) Represent the
IRI characters as fly, without changing the
original IRI.

Specific schemes and resolution mechanisms may define additional
equivalences. For a sequence specific scheme, two IRIs that e.g. differ only
by case may be equivalent. However, this document does not deal with
scheme-specific issues.

The Unicode Standard [UNIV3] defines various equivalences between
sequences of characters from the UCS.
c) Normalize for various purposes. Unicode Standard Annex
#15 [UNI15] defines various Normalization Forms for these
equivalences. IRIs SHOULD be created using the character sequence according to Normalization Form C (NFC), as defined in [UNI15]. (See
further discussion in Section 3.1.)

Note: In practice, steps b) and c) will often be
performed together, for example by using a keyboard or
other input mechanism that is designed to produce NFC.

Variant 2) a) Start with
(NFC). When an IRI is created in some digital
representation (e.g. an octet stream) UCS-based encoding without the
end-user being aware of or interested in some non- Unicode encoding. b) Represent normalization
issues, the IRI characters as a
sequence of characters from MUST be created using the UCS. c) Normalize normalization form NFC.
Equivalence of IRIs MUST rely on the
character sequence according IRIs being appropriately pre-
normalized, rather than applying normalization, except when
converting from a non-UCS-based encoding to Normalization Form C, as
defined in [UNI15]. (See further discussion in Section
3.1.)

Note: In practice, steps b) and c) will often be
performed together, for example by using an UCS-based encoding,
where a normalizing transcoder
that produces output using NFC MUST be used.

Various IRI schemes may allow the usage of International Domain Names
(IDN) [IDNA]. When in NFC.

Variant 3) a) Start with use in IRIs, those names SHOULD be validated
using the rules defined by [Nameprep]. An IRI containing an invalid
IDN cannot successfully be resolved. For legibility purposes, IDN
components of IRIs SHOULD not be converted into ASCII Compatible
Encoding (ACE). However, this conversion may be applied when mapping
an IRI in into an Unicode-based encoding
(for example UTF-8 or UTF-16). Move directly URI, see Section 3.1.

3. Relationship between IRIs and URIs

IRIs are meant to Part 2.
It is assumed that replace URIs in identifying resources for
protocols, formats and software components which use a UCS-based
character repertoire. These protocols and components may never need
to use URIs directly, especially when the IRI resource identifier is already in NFC. used

Duerst & Suignard Expires October 16, December 30, 2002 [Page 9] 10]
Internet-Draft Internationalized Resource Identifiers April July 2002

Part B) For each character that

simply for identification purposes. However, when the resource
identifier is used for resource retrieval, it is disallowed in URI references,
apply steps a) through c) below. The disallowed characters
consist of all non-ASCII characters, plus many cases
necessary to determine the excluded
characters listed associated URI because most retrieval
mechanisms currently only are defined for URIs. (Additional
rationale is given in Section 2.4 3.1.)

3.1 Mapping of [RFC2396], except for the
number sign (#) and percent sign (%) and the square bracket
characters re-allowed in [RFC2732].

1) Convert the character IRIs to URIs

This section defines how to map an IRI to a sequence of one or more octets
using UTF-8 [RFC2279].

2) Convert each octet URI. Everything in this
section applies also to %HH, where HH is the hexadecimal
notation of the octet value. Note: This is identical to
the escaping mechanism in Section 2.4.1 of [RFC2396].

3) Replace the original character by the resulting character
sequence.

Note that in this process (in step B3), characters allowed in URI IRI references and existing escape sequences are not escaped further.
(This mapping is similar to, but different from, the escaping applied
when including arbitrary content into some part of a URI.)

The above mapping produces a URI fully conforming to [RFC2396] out of
each IRI. The references, as well as
components thereof (for example fragment identifiers).

This mapping is also an identity transformation for URIs has two purposes:

a) Syntactical: Many URI schemes and is idempotent--applying the mapping a second time will components define additional
syntactical restrictions not change
anything. Every URI is therefore by definition an IRI. captured in Section 2.3
gives details about when exactly to convert from an IRI to an URI.

2.3.1 When 2.2. Such
restrictions can be applied to convert from IRIs to URIs

The mapping from by noting that IRIs to URIs SHOULD are
only valid if they map to syntactically valid URIs. This means
that such syntactical restrictions do not have to be applied when necessary,
and as late as possible.

2.4 Converting defined
again on the IRI level.

b) Interpretational: URIs to identify resources in various ways.
IRIs

In some situations, also identify resources. When the IRI is used simply for
indentification purposes, it may be desirable to try to convert a URI into
an equivalent IRI. This section gives a procedure is not necessary to do such a
conversion. In general, map the IRI to
an URI mapping is many-to-one, so (see Section 2.3). However, when an IRI is used for
resource retrieval, the conversion resource that the IRI locates is not invertible. The conversion described in this
section will always give an the
same as the one located by the URI obtained after converting
the IRI which maps back according to the URI procedure defined here. This means
that was
used as an input for there is no need to define resolution again on the conversion, but perhaps not exactly IRI
level.

This mapping is accomplished in two steps.

Step 1) This step generates a UCS-based encoding from the original
IRI (if there ever was one). In general, URI format. This step has three variants, depending on the
form of the input.

Variant A) If the IRI is written on paper or read out loud,
or otherwise represented as a sequence of characters
independent of any encoding: Represent the IRI as a
sequence of characters from the UCS normalized according
to Normalization Form C (NFC, [UNI15]).

Variant B) If the IRI
conversion removes escape sequences, but is in some digital representation
(e.g. an octet stream) in some non-Unicode encoding:
Convert the IRI to a sequence of characters from the UCS
normalized according to NFC.

Duerst & Suignard Expires December 30, 2002 [Page 11]
Internet-Draft Internationalized Resource Identifiers July 2002

Variant C) If the IRI is in an Unicode-based encoding (for
example UTF-8 or UTF-16): Do not normalize. Move
directly to Step 2.

Step 2) For each character that is disallowed in URI references,
apply steps 1) through 3) below. The disallowed characters
consist of all escaping can non-ASCII characters, plus the excluded
characters listed in Section 2.4 of [RFC2396], except for the
number sign (#) and percent sign (%) and the square bracket
characters re-allowed in [RFC2732].

1) Convert the character to a sequence of one or more octets
using UTF-8 [RFC2279].

2) Convert each octet to %HH, where HH is the hexadecimal
notation of the octet value. Note: This is identical to
the escaping mechanism in Section 2.4.1 of [RFC2396].

3) Replace the original character by the resulting character
sequence.

Note that in this process (in step 2.3), characters allowed in URI
references and existing escape sequences are not escaped further.
(This mapping is similar to, but different from, the escaping applied
when including arbitrary content into some part of a URI.)

The above mapping produces a URI fully conforming to [RFC2396] (as
amended by [RFC2732] and [IDNURI]) out of each IRI. The mapping is
also an identity transformation for URIs and is idempotent --
applying the mapping a second time will not change anything. Every
URI is therefore by definition an IRI.

Note: For backwards compatibility with infrastructure that does not
implement the updates of [IDNURI], converters MAY also convert the
'ihostname' part of an IRI using the ToASCII operation specified in
Section 4.1 of [IDNA] between Step 1 and Step 2. Note that the
ToASCII operation may fail. Note that Internationalized Domain Names
may be contained in parts of an IRI other than the 'ihostname' part.

3.2 Converting URIs to IRIs

In some situations, it may be desirable to try to convert a URI into
an equivalent IRI. This section gives a procedure to do such a
conversion. The conversion described in this section will always
give an IRI which maps back to the URI that was used as an input for
the conversion, but perhaps not exactly the original IRI (if there
ever was one).

Duerst & Suignard Expires December 30, 2002 [Page 12]
Internet-Draft Internationalized Resource Identifiers July 2002

URI to IRI conversion removes escape sequences, but not all escaping
can be eliminated. There are many reasons for this:

a. Some escape sequences are necessary to distinguish escaped and
unescaped uses of reserved characters.

b. Some escape sequences cannot be interpreted as sequences of
UTF-8 octets.

(Note: Due to the regularities in the octet patterns of UTF-8,
there is a very high probability, but no guarantee, that escape
sequences that can be interpreted as sequences of UTF-8 octets
actually originated from UTF-8. For a detailed discussion, see
[Duer97].)

c. The conversion may result in a character that is not
appropriate in an IRI. See Section 5.1 for further details.

Conversion from a URI to an IRI is done using the following steps (or
any other algorithm that produces the same result):

1) Represent the URI as a sequence of octets in US-ASCII.

2) Convert all hexadecimal escapes (% followed by two hexadecimal
digits) of %80 and higher to the corresponding octets.

3) Re-escape any octets that are not part of a strictly legal UTF-
8 octet sequence.

4) Re-escape all octets that in UTF-8 represent characters that
are not appropriate according to Section 5.1.

5) Interpret the resulting octet sequence as a sequence of
characters encoded in UTF-8.

This procedure will convert as many escaped non-ASCII characters as
possible to characters in an IRI. Because there are some choices
when applying step 4) (see Section 5.1), results may differ.

4. Bidirectional IRIs for Right-to-left Languages

Some UCS characters, such as those used in the Arabic and Hebrew
script, have an inherent right-to-left writing direction. IRIs
containing such characters (called bidirectional IRIs or Bidi IRIs)
require additional attention because of the non-trivial relation
between logical representation (used for digital representation as
well as when reading/spelling) and visual representation (used for
display/printing).

Duerst & Suignard Expires December 30, 2002 [Page 13]
Internet-Draft Internationalized Resource Identifiers July 2002

4.1 Bidi IRI Structure

IRIs have an inherent structure that distinguishes structural
characters (usually punctuation such as '@', '.', ':', '/', and so
on) called delimiters and payload components (usually consisting
mostly of letters and digits).

ISSUE: Exact definition of components.

In their internal digital representation, i.e. stored or transmitted
for resolution, bidirectional IRIs MUST be in full logical order both
for the overall structure as well as for the individual components.
They MUST conform directly to the IRI syntax rules (which includes
the rules relevant to their scheme). This is necessary to make sure
that bidirectional IRIs can be processed in the same way as other
IRIs.

The components have the following restrictions:

1) A component MUST NOT not use both right-to-left and left-to-
right characters.

2) A component MUST NOT contain bidirectional formatting
characters.

3) A component using right-to-left characters MUST NOT use any
other class of characters (e.g. neutrals or numbers).

Note: Restrictions 1) and 2) are not very severe, in that they do not
overly restrict useful identifiers. Also, trying to remove it would
make it impossible for humans to predict the logical sequence of
characters inside a single component. On the other hand, it would be
very desirable to remove or at least soften restriction 3).
Otherwise, it is impossible to combine Arabic or Hebrew letters with
numbers, or to use a hyphen between two subcomponents of an Arabic
component to avoid the cursive connection of the two subcomponents.
To a certain extent, softening this restriction should be
eliminated. There are many reasons for this:

a. Some escape sequences are necessary easily
possible by adding additional formatting characters in well defined
ways similar to distinguish escaped and
unescaped uses the provisions in Section 4.2. Feedback on this
issue is particularly welcome.

4.2 Visual Rendering of reserved characters. Bidi IRIs

Bidirectional IRIs MUST be rendered visually by rendering each
component and each structural character from left to right. They
MUST render each component according to its natural direction (i.e.
left-to-right for components with left-to-right characters, right-to-
left for components with right-to-left characters).

Duerst & Suignard Expires October 16, December 30, 2002 [Page 10] 14]
Internet-Draft Internationalized Resource Identifiers April July 2002

b. Some escape sequences cannot be interpreted as sequences of
UTF-8 octets.

(Note: Due

ISSUE: The alternative is to the regularities display a series of right-to-left
components in their natural (right-to-left) order. This has the octet patterns of UTF-8,
there is a very high probability, but no guarantee,
advantage that escape
sequences that can it will often be interpreted as sequences of UTF-8 octets
actually originated from UTF-8. For a detailed discussion of easier for native people to read the odds, see [Duer97].)

c. The conversion may result
components in a character that the right order. The restrictions on individual
components change. In some cases, the correct visual rendering is not
appropriate
automatic (i.e. exactly the same as with the Unicode algorithm), and
so in an IRI. See section 3.1 for further details.

Conversion from a URI these cases, no bidi formatting characters have to an IRI be added.

In a textual context, i.e. assuming rendering by the Unicode
bidirectional algorithm, the visual rendering backing store is done using
as follows:

The visual representation uses some of the following steps (or
any other algorithm that produces the same result):

1) Represent the URI as Bidi formatting
characters described by using a sequence of octets in US-ASCII.

2) Convert all hexadecimal escapes (% XML-style entity notation:

&lrm; U+200E LEFT-TO-RIGHT MARK
&rlm; U+200F RIGHT-TO-LEFT MARK
&lre; U+202A LEFT-TO-RIGHT EMBEDDING
&rle; U+202B RIGHT-TO-LEFT EMBEDDING
&pdf; U+202C POP DIRECTIONAL FORMATTING
&lro; U+202D LEFT-TO-RIGHT OVERRIDE
&rlo; U+202E RIGHT-TO-LEFT OVERRIDE

Each component with right-to-left characters is preceded and
followed by two hexadecimal
digits) of %80 and higher an &lrm;. This left-to-right mark provides a left-
to-right context to intervening syntactic characters.

If the corresponding octets.

3) Re-escape any octets overall context (base directionality) is right-to-left,
the identifier is preceded by an &lre; and followed by a &pdf;.
This makes sure that the components of the identifier are not part
rendered in left-to-right order. This may also be done by
using the equivalent features of a strictly legal UTF-
8 octet sequence.

4) Re-escape all octets that higher-order protocol (e.g.
by using the dir='ltr' attribute in UTF-8 reperesent characters that
are not appropriate HTML).

4.3 Input of Bidi IRIs

Bidi input methods MUST generate Bidi IRIs in logical order while
rendering them according to Section 3.1.

This procedure will convert as many escaped non-ASCII characters as
possible 4.2. During input, rendering
should be updated after every new character that is input to characters in an IRI. Because there are some choices
when applying step 3) (see Section 3.1), results may differ.

3. Considerations for use avoid
end user confusion.

5. Use of IRIs

3.1 IRI Character

5.1 Limitations

Not all characters of the on UCS are appropriate for use as resource
identifiers. Character Allowed in IRI

This section discusses the limitations on characters and character
sequences usable for IRIs. The considerations in this section are relevant when creating IRIs and when converting from URIs
to IRIs.

Because of the large and increasing number of characters in the UCS
and the large number of situations where IRIs can be used, it is
impossible to give general rules for which characters should be
avoided. The following considerations are relevant:

a. The repertoire of characters allowed in each IRI component is
limited by the definition of that component. For example, the
definition of host names in URIs does not currently allow hex

Duerst & Suignard Expires October 16, December 30, 2002 [Page 11] 15]
Internet-Draft Internationalized Resource Identifiers April July 2002

escapes, or "_", or many other punctuation characters. This
specification does not relax those limits, and so

relevant when creating IRIs
currently may not contain any non-ASCII and when converting from URIs to IRIs.

a. The repertoire of characters allowed in host
names. This specification likewise does not extended each IRI component is
limited by the definition of that component. For example, the
definition of the scheme component does not allow characters
beyond US-ASCII.

(Note: In accordance with URI practice, generic IRI software
cannot and should not check for such limitations.)

b. In the URI syntax, characters that are likely to be used to
delimit URIs in text and print ("space", "delims", and
"unwise") were excluded. They are included in the IRI syntax,
for the following reasons:

1) The syntax includes many other characters that are not
appropriate in many cases.

2) Some implementation practice already allows them in URI
references (for example spaces in fragment identifiers).

3) It is very convenient in some cases, for example for
XPointers in XML attributes.

4) Considering context is already necessary in the case of
URIs, for example for "&" in XML.

However, these characters should be used carefully. Whenever
there is a chance that an IRI will be used in a component where
these characters can be harmful, they should be escaped.

c. The UCS contains many areas of "characters" which have no
well-established way of inputting them. These should be
avoided. Characters that fall into this category include
Dingbats, Mathematical and other symbols, ligatures and
presentation forms.

d. The UCS contains many areas of characters for which there are
strong visual look-alikes. Because of the likelihood of
transcription errors, these also should be avoided. This
includes the full-width equivalents of ASCII characters, half-
width Katakana characters for Japanese, and many others. This
also includes many look-alikes of "space", "delims", and
"unwise", characters excluded in [RFC2396].

e. Characters with no visual representation may not be
interoperably entered. Control characters MUST NOT be used.
This includes

Additional information is available from [UNIXML]. Although [UNIXML]
is written in a different context, it discusses many of the traditional ranges
categories of control characters
(U+0000-U+001F and U+007F-U+009F) as well code points not appropriate for IRIs.

5.2 Software Interfaces and Protocols

Although an IRI is defined as other cases such a sequence of characters, software
interfaces for URIs typically function on sequences of octets. Thus,
software interfaces and protocols MUST define which character

Duerst & Suignard Expires October 16, December 30, 2002 [Page 12] 16]
Internet-Draft Internationalized Resource Identifiers April July 2002

as plane-14 language tag characters.

f. Some code points are reserved for private use or for special

encoding purposes. They are not interoperable. Code points
reserved for private use MUST NOT be is used. Code points
reserved for surrogates

Intermediate software interfaces between IRI-capable components and
URI-only components MUST NOT be used.

g. Where there exist duplicate ways of encoding a certain
character as visible to map the user, Normalization Form C IRIs as
defined in [UNI15] MUST be used.

Additional information is available per Section 3.1, when
transferring from [UNIXML]. Although this is
written in IRI-capable to URI-only components. Such a different context, it discusses many mapping
SHOULD be applied as late as possible. It should not be applied
between components that are known to be able to handle IRIs.

5.3 Format of URIs and IRIs in Documents and Protocols

Document formats that transport URIs may need to be upgraded to allow
the categories transport of characters and code points not appropriate for IRIs.

For reasons of transcribability, many characters have been excluded
from In those cases where the document as a whole
has a native character encoding, IRIs above. These can nevertheless MUST also be encoded in an this
encoding, and converted accordingly by a parser or interpreter. IRI if
necessary. They have to
characters that are not expressible in the native encoding SHOULD be
escaped using the procedure in escaping conventions of the document format if such
conventions are available. Alternatively, they MAY be escaped
according to Section
2.3. 3.1. For example, a space can always be encoded in a URI and in an
IRI as %20. A non-breaking space (U+00A0) must HTML, XML, or SGML,
numeric character references should be encoded used. If a document as %C2%A0.

3.2 Bidirectional a
whole has a native character encoding, and that character encoding is
not UTF-8, then IRIs for right-to-left languages

Some UCS characters, such as those used MUST NOT be placed into the document in the Arabic and Hebrew
script, have an inherent right-to-left writing direction. IRIs
containing such characters (called bidirectional IRIs or Bidi IRIs)
require additional attention because of UTF-
8 character encoding.

Note: Some formats already accommodate IRIs, although they use
different terminology. HTML 4.0 [HTML4] defines the non-trivial relation
between logical representation (used for digital representation as
well conversion from
IRIs to URIs as when reading/spelling) error-avoiding behavior. XML 1.0 [XML1], XLink
[XLink], and visual representation (used for
display/printing). This document does not address bidi-specific
issues. A proposal for addressing these issues can XML Schema [XMLSchema] and specifications based upon
them allow IRIs. Also, it is expected that all relevant new W3C
formats and protocols will be found in
[Bidi].

3.3 Processing required to handle IRIs [CharMod].

5.4 Relative IRI References

Processing of relative forms of IRIs against a base is handled
straightforwardly; the algorithms of RFC 2396 may be applied
directly, treating the characters additionally allowed in IRIs in the
same way as unreserved characters in URIs. Other processing
operations on IRIs and IRI references similarly work analogous to
their URI complements.

Such processing and mapping to URIs is commutative, which means that
the same result is obtained independent of whether the processing or
the mapping is done first. If both IRIs and URIs are involved in
processing, the IRI parts SHOULD be preserved as long as possible.
For example, it is possible to create an absolute IRI from a relative
IRI and a URI base. When IRIs are compared, they SHOULD temporarily

Duerst & Suignard Expires October 16, 2002 [Page 13]

Internet-Draft Internationalized Resource Identifiers April 2002

be mapped to URIs to eliminate potential differences in the degree of
escaping.

4. Software requirements

6. URI/IRI Processing Guidelines (informative)

This informative section explains the issues and difficulties in provides guidelines for supporting IRIs in
the same software components and operations that currently process
URIs: software interfaces that handle URIs, software that allows
users to enter URIs, software that generates URIs, software that
displays URIs, formats and protocols that transport URIs, and
software that interprets URIs. These may all require more or less
modification before functioning properly with IRIs. The
considerations in this section also apply to URI references and IRI
references.

4.1

Duerst & Suignard Expires December 30, 2002 [Page 17]
Internet-Draft Internationalized Resource Identifiers July 2002

6.1 URI/IRI software interfaces Software Interfaces

Software interfaces that handle URIs, such as URI-handling APIs and
protocols transferring URIs, need interfaces and protocol elements
that are designed to carry IRIs.

Note that although an IRI is defined as a sequence of characters,
software interfaces for URIs typically function on sequences of
octets. Thus, it is necessary to define clearly which character
encoding is used.

In case the current handling in an API or protocol is based on US-
ASCII, UTF-8 is recommended as the encoding for IRIs, because this is
compatible with US-ASCII, is in accordance with the recommendations
of [RFC2277], and makes it easy to convert to URIs where necessary.
In any case, the encoding used must not be left undefined.

Intermediate software interfaces between IRI-capable components and
URI-only components MUST map the IRIs as per section 2.3 above, when
transferring from IRI-capable to URI-only components. However, such
a mapping SHOULD be applied as late as possible. It should not be
applied between components that are known to be able to handle IRIs.

The transfer from URI-only to IRI-capable components requires no
mapping, although the conversion described in section 2.4 Section 3.2 above may
be performed. It is preferable not to perform this inverse
conversion when there is a chance that this cannot be done correctly.

4.2

6.2 URI/IRI entry Entry

There are components that allow users to enter URIs into the system,
for example, by typing or dictation. This software must be updated
to allow for IRI entry.

Duerst & Suignard Expires October 16, 2002 [Page 14]

Internet-Draft Internationalized Resource Identifiers April 2002

A person viewing a visual representation of an IRI (as a sequence of
glyphs, in some order, in some visual display) or hearing an IRI,
will use a entry method for characters in the user's language to
input the IRI. Depending on the script and the input method used,
this may be a more or less complicated process.

The process of IRI entry must assure, as far as possible, that the
limitations
restrictions defined in Section 3.1 2.2 are met. This may be done by
choosing appropriate input methods or variants/settings thereof, by
appropriately converting the characters being input, by eliminating
characters that cannot be converted, and/or by issuing a warning or
error message to the user.

An input field primarily or only used for the input of URIs/IRIs
should allow the user to view an IRI as converted to a URI. Places
where the input of IRIs is frequent should provide the possibility
for viewing an IRI as converted to a URI. This will help users when
some of the software they use does not yet accept IRIs.

An IRI input component that interfaces to components that handle
URIs, but not IRIs, must escape the IRI before passing it to such a
component.

For the input of IRIs with right-to-left characters, please see
[Bidi].

4.3
Section 4.

Duerst & Suignard Expires December 30, 2002 [Page 18]
Internet-Draft Internationalized Resource Identifiers July 2002

6.3 URI/IRI generation Generation

Systems that are offering resources through the Internet, where those
resources have logical names, sometimes automatically generate URIs
for the resources they offer. For example, some HTTP servers can
generate a directory listing for a file directory, and then respond
to the generated URIs with the files.

Many legacy character encodings are in use in various file systems.
Many currently deployed systems do not transform the local character
representation of the underlying system before generating URIs.

For maximum interoperability, systems that generate resource
identifiers should do the appropriate transformations. They should
use IRIs converted to URIs in cases where it cannot be expected that
the recipient is able to handle IRIs. Due to the way most user
agents currently work, native IRIs, encoded in UTF-8, may be used if
the recipient announces that it can interpret UTF-8. This requires
that the whole page is sent as UTF-8. If this is not possible,
escaping can always be used.

This recommendation in particular applies to HTTP servers. For FTP

Duerst & Suignard Expires October 16, 2002 [Page 15]

Internet-Draft Internationalized Resource Identifiers April 2002
servers, similar considerations apply, see in particular [RFC2640].

4.4

6.4 URI/IRI selection Selection

In some cases, resource owners and publishers have control over the
IRIs used to identify their resources. Such control is mostly
executed by controlling the resource names, such as file names,
directly.

In such cases, it is recommended to avoid choosing IRIs that are
easily confused. For example, for US-ASCII, the lower-case ell "l"
is easily confused with the digit one "1", and the upper-case oh "O"
is easily confused with the digit zero "0". Publishers should avoid
confusing users with "br0ken" or "1ame" identifiers.

Outside of the US-ASCII range, there are many more opportunities for
confusion; a complete set of guidelines is too lengthy to include
here. As long as names are limited to characters from a single
script, native writers of a given script or language will know best
when ambiguities can appear, and how they can be avoided. What may
look ambiguous to a stranger may be completely obvious to the average
native user. On the other hand, in some cases, the UCS contains
variants for compatibility reasons, for example for typographic
purposes. These should be avoided wherever possible. Although there
may be exceptions, in general newly created resource names should be
in NFKC [UNI15] (which means that they are also in NFC).

Note that the limitations defined in Section 3.1 and the
recommendations given here are of a different nature. The
limitations defined in Section 3.1 are necessary to avoid duplicate
encodings that are artifacts of digital representation and that the
user has no way to distinguish visually. On the other hand, in a
given context, an identifier such as "BOX0021" can be completely
appropriate, and it is impossible to find an algorithm that
distinguishes the appropriate from the confusing identifiers.

Duerst & Suignard Expires December 30, 2002 [Page 19]
Internet-Draft Internationalized Resource Identifiers July 2002

In certain cases, there is a chance that letters from different
scripts look the same. The best known example is the Latin 'A', the
Greek 'Alpha', and the Cyrillic 'A'. To avoid such cases, only IRIs
should be generated where all the letters in a single component are
from the same script. This is similar to the heuristics used to
distinguish between letters and numbers in the examples above. Also,
for the above three scripts, using lower-case letters results in
fewer ambiguities than using upper-case letters.

4.5

6.5 Display of URIs/IRIs

Many systems contain software that presents URIs to users as part of

Duerst & Suignard Expires October 16, 2002 [Page 16]

Internet-Draft Internationalized Resource Identifiers April 2002

the system's user interface (sometimes presenting 'friendly' URIs,
such as a shortened or more legible substring of the URI). This
section applies to this presentation, as well as to the strategy for
printing URIs in magazines, newspapers, or reading them over the
radio.

Software that displays identifiers to users should follow a general
principle: "Don't display something to a user that the user would not
be able to enter." The consequences of this principle require
judgement about the availability of software that implements the
entry methods described in Section 3.2.

In situations where a viewer the rendering software is not likely to have software
that implements non-ASCII character entry (as described in
Section 3.1), or where it can be expected that only a limited
range of to display
non-ASCII characters can be entered, any part of an
IRI containing characters outside the range allowed in
[RFC2396] or any additions SHOULD parts of the IRI correctly using the available layout and
font resources, these parts should be escaped before being displayed.

b) In situations where a viewer _is_ likely to have such software,
IRIs SHOULD be displayed directly.

For display of Bidi IRIs, please see [Bidi].

4.6 Section 4.2.

6.6 Interpretation of URI/IRIs URIs and IRIs

Software that interprets IRIs as the names of local resources should
accept IRIs in multiple forms, and convert and match them with the
appropriate local resource names.

First, multiple representations include both IRIs in the native
character encoding of the protocol and also their URI counterparts.

Second, it may include URIs constructed based on other character
encodings than UTF-8. Such URIs may be produced by user agents that
do not conform to this specification and use legacy encodings to
convert non-ASCII characters to URIs. Whether this is necessary, and
what character encodings to cover, depends on a number of factors,
such as the legacy character encodings used locally and the
distribution of various versions of user agents. For example,
software for Japanese may accept URIs in Shift_JIS and/or EUC-JP in
addition to UTF-8.

Third, it may include additional mappings to be more user-friendly
and robust against transmission errors. These would be similar to
how currently some servers treat URIs as case-insensitive, or perform
additional matchings to account for spelling errors. For characters

Duerst & Suignard Expires October 16, 2002 [Page 17]

Internet-Draft Internationalized Resource Identifiers April 2002
beyond the ASCII repertoire, this may for example include ignoring
the accents on received IRIs or resource names where appropriate.
Please note that such mappings, including case mappings, are
language-dependent.

It can be difficult to unambiguously identify a resource if too many
mappings are taken into consideration. However, escaped and non-
escaped parts of IRIs can always clearly be distinguished. Also, the

Duerst & Suignard Expires December 30, 2002 [Page 20]
Internet-Draft Internationalized Resource Identifiers July 2002

regularity of UTF-8 (see [Duer97] makes the potential for collisions
lower than it may seem at first sight.

4.7 Transportation of URI/IRIs in document formats and protocols

Document formats that transport URIs may need to be upgraded to allow
the transport of IRIs. In those cases where the document as a whole
has a native character encoding, IRIs SHOULD also be encoded in this
encoding, and converted accordingly by a parser or interpreter. IRI
characters that are not expressible in the native encoding SHOULD be
escaped according to Section 2.2, or MAY be escaped in another way if
the document format provides a way to do this. For example, in HTML,
XML, or SGML, numeric character references can be used. If a
document as a whole has a native character encoding, and that
character encoding is not UTF-8, then IRIs MUST NOT be placed into
the document in the UTF-8 character encoding.

Please note that some formats already accomodate IRIs, although they
use different terminology. HTML 4.0 [HTML4] defines the conversion
from IRIs to URIs as error-avoiding behavior. XML 1.0 [XML1], XLink
[XLink], and XML Schema [XMLSchema] and specifications based upon
them allow IRIs. Also, it is expected that all relevant new W3C
formats and protocols will be required to handle IRIs [CharMod].

5. potential for collisions
lower than it may seem at first sight.

6.7 Upgrading strategy Strategy

As this recommendation places further constraints on software for
which many instances are already deployed, it is important to
introduce upgrades carefully, and to be aware of the various
interdependencies.

If IRIs cannot be interpreted correctly, they should not be generated
or transported. This suggests that upgrading URI interpreting
software to accept IRIs should have highest priority.

On the other hand, a single IRI is interpreted only by a single or
very few interpreters that are known in advance, while it may be
entered and transported very widely.

Therefore, IRIs benefit most from a broad upgrade of software to be

Duerst & Suignard Expires October 16, 2002 [Page 18]

Internet-Draft Internationalized Resource Identifiers April 2002
able to enter and transport IRIs, but before publishing any
individual IRI, care should be taken to upgrade the corresponding
interpreting software in order to cover the forms expected to be
received by various versions of entry and transport software.

The upgrade of generating software to generate IRIs instead of a
local encoding should happen only after the service is upgraded to
accept IRIs. Similarly, IRIs should only be generated when the
service accepts IRIs and the intervening infrastructure and protocol
is known to transport them safely.

Display software should be upgraded only after upgraded entry
software has been widely deployed to the population that will see the
displayed result.

These recommendations, when taken together, will allow for the
extension from URIs to IRIs in order to handle scripts other than
ASCII while minimizing interoperability problems.

7. Security considerations

If IRI entry software normalizes Considerations

Incorrect escaping or unescaping can lead to security problems. In
particular, some UTF-8 decoders do not check against overlong byte
sequences. As an example, a '/' is encoded with the characters entered, byte 0x2F both
in UTF-8 and in ASCII, but some UTF-8 decoders also wrongly interpret
the
resource names on the interpreting side sequence 0xC0 0xAF as a '/'. A sequence such as '%C0%AF..' may
pass some security tests and then be interpreted as '/..' in a path
if UTF-8 decoders are not normalized
accordingly, fault-tolerant, if conversion and the interpreting software does checking are
not take this into
account, there is a possibility of "spoofing". Similar possibilities
turn up when interpreting software accepts URIs done in various native
encodings or allows accents the right order, and/or if reserved characters and similar things to be ignored.

Duerst & Suignard Expires December 30, 2002 [Page 21]
Internet-Draft Internationalized Resource Identifiers July 2002

unreserved characters are not clearly distinguished.

There are various ways in which "spoofing" can occur with IRIs.
"Spoofing" means that somebody may add a resource name that looks the
same or similar to the user while actually being different, or a
resource name that contains the same characters, user, but in points to a different
encoding. resource. The
added resource may pretend to be the real resource by looking very
similar, but may contain all kinds of changes that may be difficult
to spot but can cause all kinds of problems. Most spoofing
possibilities for IRIs are extensions of those for URIs.

Spoofing can occur for various reasons. A first reason is that
normalization expectations of a user or actual normalization when
entering an IRI do not match the normalization used on the server
side. Conceptually, this is no different from the problems
surrounding the use of case-insensitive web servers. For example, a
popular web page with a mixed case name (http://big.site/PopularPage.html) (http://big.site/
PopularPage.html) might be "spoofed" by someone who obtains access to (http://big.site/
popularpage.html).
http://big.site/popularpage.html. However, the introduction of
character normalization, and of additional mappings for user
convenience, and of mappings for various encodings may increase the number of chance for spoofing.

Spoofing can occur due to the fact that in the UCS, there are many
characters that look very similar. Details are discussed in Section
6.4. Again, this is very similar to spoofing possibilities. possibilities on US-
ASCII, e.g. using 'br0ken' or '1ame' URIs.

Spoofing can occur when URIs in various encodings are accepted to
deal with older user agents. In some cases, in particular for Latin-based Latin-
based resource names, this is usually easy to detect because UTF-8-encoded UTF-8-
encoded names, when interpreted and viewed as legacy encodings,
produce mostly garbage. In other cases, when concurrently used
encodings have a similar structure, but there are

Duerst & Suignard Expires October 16, 2002 [Page 19]

Internet-Draft Internationalized Resource Identifiers April 2002 no characters that
have exactly the same encoding, detection is more difficult. A good example may be

Spoofing can occur in various IRI components, such as the concurrent use of Shift_JIS and
EUC-JP on domain name
part or a Japanese server.

Administrators path part. For considerations specific to the domain name
part, see [Nameprep]. For the path part, administrators of large sites
which allow independent users to create
subareas resources in the same subarea
may need to be careful that the aliasing rules do not create
chances to check for spoofing.

8. Change log

Changes from -00 to -01

- Re-integrated the section on Bidi, some issues left.

- Integrated IDN, changed syntax (host, userinfo,....).

Duerst & Suignard Expires December 30, 2002 [Page 22]
Internet-Draft Internationalized Resource Identifiers July 2002

- Moved some text around, marked some as informational.

- Made a clear distinction of IRI use for identification only and
for resource resolution.

- Fixed various details in wording, spelling,...

9. Acknowlegdements

We would like to thank Larry Masinter for his work as co-author coauthor of
many earlier versions of this document. document (draft-masinter-url-i18n-xx).

The issue addressed here has been discussed at numerous times over
the last years; for example, there was a thread in the HTML working
group in August 1995 (under the topic of "Globalizing URIs") in the
www-international mailing list in July 1996 (under the topic of
"Internationalization and URLs"), and ad-hoc meetings at the Unicode
conferences in September 1995 and September 1997.

Thanks to Francois Yergeau, Chris Wendt, Yaron Goland, Graham Klyne,
Roy Fielding, Tim Berners-Lee, M.T. Carrasco Benitez, James Clark,
Andrea Vine, Misha Wolf, Leslie Daigle, Makoto MURATA, Tex Texin,
Bjoern Hoehrmann, Dan Oscarson, and many others for help with
understanding the issues and possible solutions. Thanks also to the
members of the W3C I18N Working Group and Interest Group for their
contributions and their work on [CharMod], to the members of many
other W3C WGs for adopting the ideas, and to the members of the
Montreal IAB Workshop on Internationalization and Localization for
their review.

References

[Bidi] Duerst, M., "Internet Identifiers and Bidirectionality",
draft-duerst-iri-bidi-00 (work in progress), July 2001,
<http://www.ietf.org/internet-drafts/draft-duerst-iri-
bidi-00.txt>.

[CharMod] Duerst, M., Yergeau, F., Ishida, R., Wolf, M.,
Freytag, A. and T. Texin, "Character Model for the
World Wide Web", World Wide Web Consortium Working
Draft, February April 2002, <http://www.w3.org/TR/charmod>.

[Duer97] Duerst, M., "The Properties and Promizes Promises of UTF-8",
Proc. 11th International Unicode Conference, San Jose
, September 1997, <http://www.ifi.unizh.ch/mml/mduerst/
papers/PDF/IUC11-UTF-8.pdf>.

Duerst & Suignard Expires October 16, 2002 [Page 20]

Internet-Draft Internationalized Resource Identifiers April 2002 <http://www.ifi.unizh.ch/mml/
mduerst/papers/PDF/IUC11-UTF-8.pdf>.

[Duer01] Duerst, M., "Internationalized Resource Identifiers:
From Specification to Testing", Proc. 19th
International Unicode Conference, San Jose ,
September 2001, <http://
www.w3.org/2001/Talks/0912-IUC-IRI/paper.html>. <http://www.w3.org/2001/Talks/0912-
IUC-IRI/paper.html>.

Duerst & Suignard Expires December 30, 2002 [Page 23]
Internet-Draft Internationalized Resource Identifiers July 2002

[HTML4] Raggett, D., Le Hors, A. and I. Jacobs, "HTML 4.01
Specification", World Wide Web Consortium
Recommendation, December 1999, <http://www.w3.org/TR/
REC-html40/appendix/notes.html#h-B.2>.

[IDN-URI]

[IDNURI] Duerst, M., "Internationalized Domain Names in URIs URIs",
draft-ietf-idn-uri-02.txt (work in progress), July
2002, <http://www.ietf.org/internet-drafts/draft-
ietf-idn-uri-02.txt>.

[IDNA] Faltstrom, P., Hoffman, P. and
IRIs", draft-ietf-idn-uri-01 A. Faltstrom,
"Internationalizing Domain Names in Applications
(IDNA)", draft-ietf-idn-idna-09.txt (work in
progress),
November 2001, <http://www.ietf.org/internet-drafts/
draft-ietf-idn-uri-01.txt>. May 2002, <http://www.ietf.org/internet-
drafts/draft-ietf-idn-idna-09.txt>.

[ISO10646] International Organization for Standardization,
"Information Technology - Universal Multiple-Octet
Coded Character Set (UCS) - Part 1: Architecture and
Basic Multilingual Plane", ISO Standard 10646-1, with
amendments, October 2000.

[Nameprep] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
Profile for Internationalized Domain Names", draft-
ietf-idn-nameprep-10.txt (work in progress), May
2002, <http://www.ietf.org/internet-drafts/draft-
ietf-idn-nameprep-10.txt>.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2130] Weider, C., Preston, C., Simonsen, K., Alvestrand,
H., Atkinson, R., Crispin, M. and P. Svanberg, "The
Report of the IAB Character Set Workshop held 29
February - 1 March, 1996", RFC 2130, April 1997.

[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.

[RFC2192] Newman, C., "IMAP URL Scheme", RFC 2192, September
1997.

[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
Languages", BCP 18, RFC 2277, January 1998.

[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998.

[RFC2384] Gellens, R., "POP URL Scheme", RFC 2384, August 1998.

Duerst & Suignard Expires December 30, 2002 [Page 24]
Internet-Draft Internationalized Resource Identifiers July 2002

[RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter,
"Uniform Resource Identifiers (URI): Generic Syntax",
RFC 2396, August 1998.

[RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397,
August 1998.

Duerst & Suignard Expires October 16, 2002 [Page 21]

Internet-Draft Internationalized Resource Identifiers April 2002

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Nielsen, H.,
Masinter, L., Leach, P. and T. Berners-Lee,
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616,
June 1999.

[RFC2640] Curtin, B., "Internationalization of the File
Transfer Protocol", RFC 2640, July 1999.

[RFC2718] Masinter, L., Alvestrand, H., Zigmond, D. and R.
Petke, "Guidelines for new URL Schemes", RFC 2718,
November 1999.

[RFC2732] Hinden, R., Carpenter, B. and L. Masinter, "Format
for Literal IPv6 Addresses in URL's", RFC 2732,
December 1999.

[UNIV3] The Unicode Consortium, "The Unicode Standard Version
3.0", Addison-Wesley, Reading, MA , 2000.

[UNI15] Davis, M. and M. Duerst, "Unicode Normalization
Forms", Unicode Standard Annex #15, March 2001, <http://
www.unicode.org/unicode/reports/tr15/tr15-21.html>.
<http://www.unicode.org/unicode/reports/tr15/tr15-
21.html>.

[UNIXML] Duerst, M. and A. Freytag, "Unicode in XML and other
Markup Languages", Unicode Technical Report #20,
World Wide Web Consortium Note, Februar 2002, <http://
www.w3.org/TR/unicode-xml/>. <http:/
/www.w3.org/TR/unicode-xml/>.

[W3CIRI] "Internationalization - URIs and other identifiers",
<http://www.w3.org/International/O-URL-and-ident.html>.
<http://www.w3.org/International/O-URL-and-
ident.html>.

[XLink] DeRose, S., Maler, E. and D. Orchard, "XML Linking
Language (XLink) Version 1.0", World Wide Web
Consortium Recommendation, June 2001, <http://www.w3.org/TR/xlink/
#link-locators>. <http://
www.w3.org/TR/xlink/#link-locators>.

[XML1] Bray, T., Paoli, J., Sperberg-McQueen, C. and E.
Maler, "Extensible Markup Language (XML) 1.0 (Second
Edition)", World Wide Web Consortium Recommendation,

Duerst & Suignard Expires December 30, 2002 [Page 25]
Internet-Draft Internationalized Resource Identifiers July 2002

including Erratum 26 at http://www.w3.org/XML/xml-V10-2e-
errata#E26, http://www.w3.org/XML/xml-
V10-2e-errata#E26, October 2000, <http://www.w3.org/TR/REC-
xml#sec-external-ent>. <http://www.w3.org/
TR/REC-xml#sec-external-ent>.

[XMLNamespace] Bray, T., Hollander, D. and A. Layman, "Namespaces in
XML", World Wide Web Consortium Recommendation,
January 1999, <http://www.w3.org/TR/REC-xml#sec-
external-ent>.

[XMLSchema] Biron, P. and A. Malhotra, "XML Schema Part 2:
Datatypes", World Wide Web Consortium Recommendation,
May 2001, <http://www.w3.org/TR/xmlschema-2/#anyURI>.

Duerst & Suignard Expires October 16, 2002 [Page 22]

Internet-Draft Internationalized Resource Identifiers April 2002

Authors' Addresses

Martin Duerst (Note: Please write "Duerst" with u-umlaut wherever
possible, for example as "D&#252;rst in XML and HTML.)
W3C/Keio University
5322 Endo
Fujisawa 252-8520
Japan

Phone: +81 466 49 1170
Fax: +81 466 49 1171
EMail: duerst@w3.org
URI: http://www.w3.org/People/D%C3%BCrst/
(Note: This is the escaped form of an IRI.)

Michel Suignard
Microsoft Corporation

One Microsoft Way
Redmond, WA 98052
U.S.A.

Phone: +1 425 882-8080
EMail: mailto:michelsu@microsoft.com
URI: http://www.suignard.com

Duerst & Suignard Expires October 16, December 30, 2002 [Page 23] 26]
Internet-Draft Internationalized Resource Identifiers April July 2002

Full Copyright Statement

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFC Editor function is currently provided by the
Internet Society.

Duerst & Suignard Expires October 16, December 30, 2002 [Page 24] 27]

----