Internet Engineering Task Force (IETF)                     M. Nottingham
Request for Comments: 8820                                     June 2020
BCP: 190
Obsoletes: 7320
Updates: 3986
Category: Best Current Practice
ISSN: 2070-1721

URI Design and Ownership




Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and extensible naming system wherein each scheme's specification may further restrict the syntax and semantics of identifiers using that scheme." In other words, the structure of a URI is defined by its scheme. While it is common for schemes to further delegate their substructure to the URI's owner, publishing independent standards that mandate particular forms of substructure in URIs is often problematic.

RFC 3986のセクション1.1.1は、URI構文を「フェデレーションおよび拡張可能な命名システム」として定義しています。各方式の仕様は、その方式を使用して識別子の構文とセマンティクスをさらに制限することができます。言い換えれば、URIの構造はその方式によって定義される。スキームがURIの所有者にさらに代表することは一般的であるが、URIにおいて特定の形態の部分構造を義務付ける独立した標準を発行することがしばしば問題となる。

This document provides guidance on the specification of URI substructure in standards.


This document obsoletes RFC 7320 and updates RFC 3986.

この文書はRFC 7320を廃止し、RFC 3986を更新します。

Status of This Memo


This memo documents an Internet Best Current Practice.


This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841.

この文書は、インターネットエンジニアリングタスクフォース(IETF)の製品です。IETFコミュニティのコンセンサスを表します。それは公開レビューを受け、インターネットエンジニアリングステアリンググループ(IESG)による出版の承認を受けました。BCPの詳細情報はRFC 7841のセクション2で入手できます。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at


Copyright Notice


Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.

Copyright(C)2020 IETFの信頼と文書著者として識別された人。全著作権所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

このドキュメントは、このドキュメントの発行日に有効なBCP 78およびIETFドキュメントに関連するIETFトラストの法的規定(の対象となります。 これらのドキュメントは、このドキュメントに関するお客様の権利と制限について説明しているため、注意深く確認してください。 このドキュメントから抽出されたコードコンポーネントには、Trust LegalProvisionsのセクション4.eで説明されているSimplifiedBSD Licenseテキストが含まれている必要があり、Simplified BSDLicenseで説明されているように保証なしで提供されます。

Table of Contents


   1.  Introduction
     1.1.  Intended Audience
     1.2.  Notational Conventions
   2.  Best Current Practices for Standardizing Structured URIs
     2.1.  URI Schemes
     2.2.  URI Authorities
     2.3.  URI Paths
     2.4.  URI Queries
     2.5.  URI Fragment Identifiers
   3.  Alternatives to Specifying Structure in URIs
   4.  Security Considerations
   5.  IANA Considerations
   6.  References
     6.1.  Normative References
     6.2.  Informative References
   Appendix A.  Changes from RFC 7320
   Author's Address
1. Introduction
1. はじめに

URIs [RFC3986] very often include structured application data. This might include artifacts from filesystems (often occurring in the path component) and user information (often in the query component). In some cases, there can even be application-specific data in the authority component (e.g., some applications are spread across several hostnames to enable a form of partitioning or dispatch).

URI [RFC3986]は、構造化アプリケーションデータを非常に頻繁に含みます。これには、ファイルシステムからのアーティファクト(多くの場合、パスコンポーネントで発生しています)とユーザー情報(多くの場合、クエリコンポーネント)が含まれます。場合によっては、権限コンポーネント内のアプリケーション固有のデータさえ(例えば、一部のアプリケーションが複数のホスト名にまたがって拡散して、パーティション化またはディスパッチの形式を有効にする)。

Implementations can impose further constraints upon the structure of URIs; for example, many web servers use the filename extension of the last path segment to determine the media type of the response. Likewise, prepackaged applications often have highly structured URIs that can only be changed in limited ways (often, just the hostname and port on which they are deployed).


Because the owner of the URI (as defined in [webarch], Section is choosing to use the server or the application, this can be seen as reasonable delegation of authority. However, when such conventions are mandated by a party other than the owner, it can have several potentially detrimental effects:


* Collisions - As more ad hoc conventions for URI structure become standardized, it becomes more likely that there will be collisions between them (especially considering that servers, applications, and individual deployments will have their own conventions).

* 衝突 - URI構造のためのより多くのアドホック規則が標準化されるにつれて、それらの間に衝突する可能性が高くなる(特にサーバ、アプリケーション、そして個々の展開がそれら自身の表記を有することを考える)。

* Dilution - When the information added to a URI is ephemeral, this dilutes its utility by reducing its stability (see [webarch], Section 3.5.1) and can cause several alternate forms of the URI to exist (see [webarch], Section 2.3.1).

* 希釈 - URIに追加された情報がエフェメラルである場合、これはその安定性を低下させることによってそのユーティリティを希釈し([Webarch]、3.5.1項を参照)、いくつかの代替形式のURIを存在する可能性があります([Webarch]、セクション2.3を参照)。.1)。

* Rigidity - Fixed URI syntax often interferes with desired deployment patterns. For example, if an authority wishes to offer several applications on a single hostname, it becomes difficult to impossible to do if their URIs do not allow the required flexibility.

* 剛性 - 固定URI構文は、しばしば所望の展開パターンを妨害します。たとえば、権限が単一のホスト名に複数のアプリケーションを提供したい場合は、そのURIが必要な柔軟性を許可しない場合は不可能になります。

* Operational Difficulty - Supporting some URI conventions can be difficult in some implementations. For example, specifying that a particular query parameter be used with "http" URIs can preclude the use of web servers that serve the response from a filesystem. Likewise, an application that fixes a base path for its operation (e.g., "/v1") makes it impossible to deploy other applications with the same prefix on the same host.

* 運用上の難易度 - いくつかのURI規約をサポートすることは、いくつかの実装では困難になる可能性があります。たとえば、「HTTP」URIで特定のクエリパラメータを使用することを指定することで、ファイルシステムからの応答を処理するWebサーバーの使用を排除できます。同様に、その動作のためのベースパス(例えば、「/ v1」)を修正するアプリケーションは、同じホスト上の同じ接頭辞を有する他のアプリケーションを展開することを不可能にする。

* Client Assumptions - When conventions are standardized, some clients will inevitably assume that the standards are in use when those conventions are seen. This can lead to interoperability problems; for example, if a specification documents that the "sig" URI query parameter indicates that its payload is a cryptographic signature for the URI, it can lead to undesirable behavior.

* クライアントの仮定 - 規則が標準化されている場合、一部のクライアントは必然的に、それらの表記法が見られるときに標準が使用されていると仮定します。これは相互運用性の問題につながる可能性があります。たとえば、「SIG」URI QueryパラメータがそのペイロードがURIの暗号署名であることを示す指定文書が、望ましくない行動につながる可能性があります。

Publishing a standard that constrains an existing URI structure in ways that aren't explicitly allowed by [RFC3986] (usually, by updating the URI scheme definition) is therefore sometimes problematic, both for these reasons and because the structure of a URI needs to be firmly under the control of its owner.


This document explains some best current practices for establishing URI structures, conventions, and formats in standards. It also offers strategies for specifications in Section 3.


1.1. Intended Audience
1.1. 対象とする訪問者

This document's guidelines and requirements target the authors of specifications that constrain the syntax or structure of URIs or parts of them. Two classes of such specifications are called out specifically:


* Protocol Extensions ("Extensions") - specifications that offer new capabilities that could apply to any identifier or to a large subset of possible identifiers, e.g., a new signature mechanism for "http" URIs, metadata for any URI, or a new format.

* プロトコル拡張子( "拡張子") - 任意の識別子に適用できる新しい機能、または可能な識別子の大きなサブセット、例えば「HTTP」URIの新しい署名メカニズム、任意のURIのためのメタデータ、または新しいフォーマットを提供する仕様。

* Applications Using URIs ("Applications") - specifications that use URIs to meet specific needs, e.g., an HTTP interface to particular information on a host.

* URIS( "Applications")を使用するアプリケーション - 特定のニーズを満たすためにURIを使用する仕様、例えば、ホスト上の特定の情報へのHTTPインタフェース。

Requirements that target the generic class "Specifications" apply to all specifications, including both those enumerated above and others.


Note that this specification ought not be interpreted as preventing the allocation of control of URIs by parties that legitimately own them or have delegated that ownership; for example, a specification might legitimately define the semantics of a URI on IANA's web site as part of the establishment of a registry.


There may be existing IETF specifications that already deviate from the guidance in this document. In these cases, it is up to the relevant communities (i.e., those of the URI scheme as well as any relevant community that produced the specification in question) to determine an appropriate outcome, e.g., updating the scheme definition or changing the specification.


1.2. Notational Conventions
1.2. 表記規則

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

この文書のキーワード "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", および "OPTIONAL" はBCP 14 [RFC2119] [RFC8174]で説明されているように、すべて大文字の場合にのみ解釈されます。

2. Best Current Practices for Standardizing Structured URIs
2. 構造化URIを標準化するための最良の現在の方法

This section updates [RFC3986] by advising Specifications how they should define structure and semantics within URIs. Best practices differ, depending on the URI component in question, as described below.


2.1. URI Schemes
2.1. URIスキーム

Applications and Extensions can require the use of one or more specific URI schemes; for example, it is perfectly acceptable to require that an Application support "http" and "https" URIs. However, Applications ought not preclude the use of other URI schemes in the future, unless they are clearly only usable with the nominated schemes.

アプリケーションと拡張機能は、1つ以上の特定のURI方式を使用する必要があります。たとえば、アプリケーションが "HTTP"と "HTTPS" URIをサポートすることを要求することを完全に受け入れられません。しかしながら、適用は、将来的には他のURIスキームの使用を排除しないでください。

A Specification that defines substructure for URI schemes overall (e.g., a prefix or suffix for URI scheme names) MUST do so by modifying [BCP35] (an exceptional circumstance).


2.2. URI Authorities
2.2. URI当局

Scheme definitions define the presence, format, and semantics of an authority component in URIs; all other Specifications MUST NOT constrain or define the structure or the semantics for URI authorities, unless they update the scheme registration itself or the structures it relies upon (e.g., DNS name syntax, as defined in Section 3.5 of [RFC1034]).

スキーム定義URIの権限コンポーネントの存在、形式、およびセマンティクスを定義します。他のすべての仕様は、スキーム登録自体またはそれが依存する構造(例えば、[RFC1034]のセクション3.5で定義されているように、DNS Name Syntax)を更新しない限り、URI権限の構造または意味論を制限または定義してはならない。

For example, an Extension or Application cannot say that the "foo" prefix in "" is meaningful or triggers special handling in URIs, unless they update either the "http" URI scheme or the DNS hostname syntax.

たとえば、 "http" uriスキームまたはDNSホスト名のどちらかを更新しない限り、 ""の "foo"プレフィックスが意味があるかトリガーされているとは言えません。構文。

Applications can nominate or constrain the port they use, when applicable. For example, BarApp could run over port nnnn (provided that it is properly registered).


2.3. URI Paths
2.3. URIパス

Scheme definitions define the presence, format, and semantics of a path component in URIs, although these are often delegated to the Application(s) in a given deployment.

Scheme Definitionsは、URI内のパスコンポーネントの存在、形式、およびセマンティクスを定義しますが、これらは特定の展開でアプリケーションに委任されることが多いです。

To avoid collisions, rigidity, and erroneous client assumptions, Specifications MUST NOT define a fixed prefix for their URI paths -- for example, "/myapp" -- unless allowed by the scheme definition.

衝突、剛性、および誤ったクライアントの仮定を回避するために、仕様はURIパスの固定プレフィックスを定義してはいけません - たとえば、「/ myapp」 - スキーム定義によって許可されていない限り。

One such exception to this requirement is registered "well-known" URIs, as specified by [RFC8615]. See that document for a description of the applicability of that mechanism.


Note that this does not apply to Applications defining a structure of a URI's path "under" a resource controlled by the server. Because the prefix is under control of the party deploying the Application, collisions and rigidity are avoided, and the risk of erroneous client assumptions is reduced.


For example, an Application might define "app_root" as a deployment-controlled URI prefix. Application-defined resources might then be assumed to be present at "{app_root}/foo" and "{app_root}/bar".

たとえば、アプリケーションはデプロイメント管理URIプレフィックスとして「app_root」を定義することがあります。アプリケーション定義のリソースは、 "{app_root} / foo"と "{app_root} / bar"に存在すると想定されます。

Extensions MUST NOT define a structure within individual URI components (e.g., a prefix or suffix), again to avoid collisions and erroneous client assumptions.


2.4. URI Queries
2.4. URIクエリ

The presence, format, and semantics of the query component of URIs are dependent upon many factors and can be constrained by a scheme definition. Often, they are determined by the implementation of a resource itself.


Applications can specify the syntax of queries for the resources under their control. However, doing so can cause operational difficulties for deployments that do not support a particular form of a query. For example, a site may wish to support an Application using "static" files that do not support query parameters.


Extensions MUST NOT constrain the format or semantics of queries, to avoid collisions and erroneous client assumptions. For example, an Extension that indicates that all query parameters with the name "sig" indicate a cryptographic signature would collide with potentially preexisting query parameters on sites and lead clients to assume that any matching query parameter is a signature.

拡張機能は、衝突や誤ったクライアントの仮定を避けるために、クエリのフォーマットまたはセマンティクスを制限してはなりません。たとえば、 "sig"という名前のすべてのクエリパラメータが暗号署名を示すことを示す拡張子は、サイトおよびリードクライアント上の潜在的に既存のクエリパラメータと衝突し、一致するクライアントパラメータが署名であると仮定する。

Per the "Form submission" section of [HTML5], HTML constrains the syntax of query strings used in form submission. New form languages are encouraged to allow creation of a broader variety of URIs (e.g., by allowing the form to create new path components, and so forth).


2.5. URI Fragment Identifiers
2.5. URIフラグメント識別子

Section 3.5 of [RFC3986] specifies fragment identifiers' syntax and semantics as being dependent upon the media type of a potentially retrieved resource. As a result, other Specifications MUST NOT define structure within the fragment identifier, unless they are explicitly defining one for reuse by media types in their definitions (for example, as JSON Pointer [RFC6901] does).


An Application that defines common fragment identifiers across media types not controlled by it would engender interoperability problems with handlers for those media types (because the new, non-standard syntax is not expected).


3. Alternatives to Specifying Structure in URIs
3. URIの構造を特定するための代替案

Given the issues described in Section 1, the most successful strategy for Applications and Extensions that wish to use URIs is to use them in the fashion for which they were designed: as links that are exchanged as part of the protocol, rather than statically specified syntax. Several existing specifications can aid in this.


[RFC8288] specifies relation types for web links. By providing a framework for linking on the Web, where every link has a relation type, context, and target, it allows Applications to define a link's semantics and connectivity.

[RFC8288] Webリンクの関係タイプを指定します。Web上でリンクするためのフレームワークを提供することによって、すべてのリンクが関係型、コンテキスト、およびターゲットを持つと、アプリケーションはリンクの意味と接続性を定義できます。

[RFC6570] provides a standard syntax for URI Templates that can be used to dynamically insert Application-specific variables into a URI to enable such Applications while avoiding impinging upon URI owners' control of them.


[RFC8615] allows specific paths to be "reserved" for standard use on URI schemes that opt into that mechanism ("http" and "https" by default). Note, however, that this is not a general "escape valve" for Applications that need structured URIs; see that specification for more information.

[RFC8615]そのメカニズムを選択するURI方式( "HTTP"と "HTTPS"を標準使用するには、特定のパスを "Reserved"にすることができます(デフォルトでは "HTTP"と "HTTPS"を選択できます。ただし、これは構造化URIを必要とするアプリケーションの一般的な「脱出バルブ」ではないことに注意してください。詳細についてはその仕様を参照してください。

Specifying more elaborate structures in an attempt to avoid collisions is not an acceptable solution and does not address the issues described in Section 1. For example, prefixing query parameters with "myapp_" does not help, because the prefix itself is subject to the risk of collision (since it is not "reserved").


4. Security Considerations
4. セキュリティに関する考慮事項

This document does not introduce new protocol artifacts with security considerations. It prohibits some practices that might lead to vulnerabilities; for example, if a security-sensitive mechanism is introduced by assuming that a URI path component or query string has a particular meaning, false positives might be encountered (due to sites that already use the chosen string). See also [RFC6943].


5. IANA Considerations
5. IANAの考慮事項

This document has no IANA actions.


6. References
6. 参考文献
6.1. Normative References
6.1. 引用文献

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <>.

[RFC2119] BRADNER、S、「RFCSで使用するためのキーワード」、BCP 14、RFC 2119、DOI 10.17487 / RFC2119、1997年3月、<>。

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <>.

[RFC3986] Berners-Lee、T.、Field、R.、およびL.Masinter、「Uniform Resource Identifier(URI):汎用構文」、STD 66、RFC 3986、DOI 10.17487 / RFC3986、2005年1月、<>。

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <>.

[RFC8174] Leiba、B、「RFC 2119キーワードの大文字の曖昧さ」、BCP 14、RFC 8174、DOI 10.17487 / RFC8174、2017年5月、<>。

[webarch] Jacobs, I. and N. Walsh, "Architecture of the World Wide Web, Volume One", December 2004, <>.

[Webarch] Jacobs、I.およびN.Walsh、「ワールドワイドウェブ、ボリュームワンのアーキテクチャ」、2004年12月、<>。

6.2. Informative References
6.2. 参考引用

[BCP35] Thaler, D., Ed., Hansen, T., and T. Hardie, "Guidelines and Registration Procedures for New URI Schemes", BCP 35, RFC 7595, June 2015, <>.

[BCP35] Thaler、D.、ED。、Hansen、T.、およびT. hardie、「新しいURIスキームのガイドラインと登録手順」、BCP 35、RFC 7595、2015年6月、<https:///>。

[HTML5] WHATWG, "HTML - Living Standard", Section 4.10.21, June 2020, <>.

[HTML5] whatwg、 "HTML-Living Standard"、4.10.21、2020年6月、<>。

[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, <>.

[RFC1034] Mockapetris、P.、「ドメイン名 - コンセプトと施設」、STD 13、RFC 1034、DOI 10.17487 / RFC1034、1987年11月、<>。

[RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., and D. Orchard, "URI Template", RFC 6570, DOI 10.17487/RFC6570, March 2012, <>.

[RFC6570] Gregorio、J.、Fielding、R.、Hadley、M.、Nottingham、M.、およびD. Orchard、 "Uriテンプレート"、RFC 6570、DOI 10.17487 / RFC6570、2012年3月、<https:// / info / rfc6570>。

[RFC6901] Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed., "JavaScript Object Notation (JSON) Pointer", RFC 6901, DOI 10.17487/RFC6901, April 2013, <>.

[RFC6901] Bryan、P.、ED。、ZYP、K.、およびM. Nottingham、Ed。、「JavaScriptオブジェクト表記(JSON)ポインタ」、RFC 6901、DOI 10.17487 / RFC6901、2013年4月、<>。

[RFC6943] Thaler, D., Ed., "Issues in Identifier Comparison for Security Purposes", RFC 6943, DOI 10.17487/RFC6943, May 2013, <>.

[RFC6943] Thaler、D。、「セキュリティ目的の識別子比較の問題」、RFC 6943、DOI 10.17487 / RFC6943、2013年5月、<>。

[RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, <>.

[RFC8288]ノッティンガム、M。、「Webリンク」、RFC 8288、DOI 10.17487 / RFC8288、2017年10月、<>。

[RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, <>.

[RFC8615]ノッティンガム、M、「よく知られているユニフォーム識別子(URIS)」、RFC 8615、DOI 10.17487 / RFC8615、2019年5月、<>。

Appendix A. Changes from RFC 7320
付録A. RFC 7320からの変更

Many of the requirements of RFC 7320 were removed, in the spirit of making this BCP guidance rather than rules.

RFC 7320の要件の多くは、ルールではなくこのBCPガイダンスをするという精神で削除されました。



Thanks to David Booth, Dave Crocker, Tim Bray, Anne van Kesteren, Martin Thomson, Erik Wilde, Dave Thaler, and Barry Leiba for their suggestions and feedback.

Davidブース、Dave Crocker、Tim Breay、Anne Van Kesteren、Martin Thomson、Erik Wilde、Dave Thaler、およびBarry Leibaのおかげでお願いします。

Author's Address


Mark Nottingham