This paragraph from RFC3986 reassures me that sarif is a sensible URI scheme, even though its “scope” is a single SARIF file: URIs have a global scope and are interpreted consistently regardless of context, though the result of that interpretation may be in relation to the end-user's context . For example, "
http://localhost/ " has the same interpretation for every user of that reference, even though the network interface corresponding to "localhost" may be different for each end-user: interpretation is independent of access. However, an action made on the basis of that reference will take place in relation to the end-user's context , which implies that an action intended to refer to a globally unique thing must use a URI that distinguishes that resource from all other things . URIs that identify in relation to the end-user's local context should only be used when the context itself is a defining aspect of the resource , such as when an on-line help manual refers to a file on the end- user's file system (e.g., " file:///etc/hosts "). So I will proceed with the registration. Larry From:
sarif@lists.oasis-open.org <
sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Myriad Consulting Inc) Sent: Wednesday, September 16, 2020 4:24 PM To:
sarif@lists.oasis-open.org Subject: [EXTERNAL] [sarif] Registering a URI scheme Our TC’s work item
https://github.com/oasis-tcs/sarif-spec/issues/182 , “Register SARIF MIME type and sarif URI scheme” also proposed two other IANA registrations: The URI scheme sarif , which points to locations within a SARIF file, for example sarif:/inlineExternalProperties/0 The media type application/sarif-external-properties+json , describing SARIF external properties files. The media type is uncontroversial, and I’m going to begin the process of registering it. As to the sarif URI scheme, I’m going to read RFC7595, “Guidelines and Registration Procedures for URI Schemes”, before deciding what to do. I’m a little concerned that the limited scope of this construct (pointing, as it does, into a single, un-named file) might not actually qualify it as a URI. Larry