Trisha Shetty (Editor)

Internationalized Resource Identifier

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

The Internationalized Resource Identifier (IRI) was defined by the Internet Engineering Task Force (IETF) in 2005 as a new internet standard to extend upon the existing Uniform Resource Identifier (URI) scheme. The new standard was published in RFC 3987.

Contents

While URIs are limited to a subset of the ASCII character set, IRIs may contain characters from the Universal Character Set (Unicode/ISO 10646), including Chinese or Japanese kanji, Korean, Cyrillic characters, and so forth.

Syntax

IRI extend upon URIs by using the Universal Character Set whereas URIs were limited to the ASCII with far fewer characters. IRIs may be represented by a sequence of octets but by definition is defined as a sequence of characters because IRIs can be spoken or written by hand.

Compatibility

IRIs are mapped to URIs to retain backwards-compatibility with systems that do not support the new format.

For applications and protocols that do not allow direct consumption of IRIs, the IRI should first be converted to Unicode using canonical composition normalization (NFC), if not already in Unicode format.

All non-ASCII code points in the IRI should next be encoded as UTF-8, and the resulting bytes percent-encoded, to produce a valid URI.

ASCII code points that are invalid URI characters may be encoded the same way, depending on implementation.

This conversion is easily reversible; by definition, converting an IRI to an URI and back again will yield an IRI that is semantically equivalent to the original IRI, even though it may differ in exact representation.

Some protocols may impose further transformations; e.g. Punycode for DNS labels.

Advantages

There are reasons to see URIs displayed in different languages; mostly, it makes it easier for users who are unfamiliar with the Latin (A-Z) alphabet. Assuming that it isn't too difficult for anyone to replicate arbitrary Unicode on their keyboards, this can make the URI system more accessible.

Disadvantages

Mixing IRIs and ASCII URIs can make it much easier to do phishing attacks that trick someone into believing they are on a site they really are not on. For example, one can replace the "a" in www.ebay.com or www.paypal.com with an internationalized look-alike "a" character such as <α>, and point that IRI to a malicious site. This is known as an IDN homograph attack.

While a URI does not provide people with a way to specify Web resources using their own alphabets, an IRI does not make clear how Web resources can be accessed with keyboards that are not capable of generating the requisite internationalized characters. This does mean that IRIs are now handled in a way very similar to many other software which might require the use of variant Input method when dealing with texts in various languages.

References

Internationalized Resource Identifier Wikipedia