Well-known URI
Uniform address for services on a website From Wikipedia, the free encyclopedia
A well-known URI is a Uniform Resource Identifier for URL path prefixes that start with /.well-known/. They are implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistent well-known locations across servers.
Description
Summarize
Perspective
 | This section needs additional citations for verification. (October 2021) |
Well-known URIs are Uniform Resource Identifiers defined by the IETF in RFC 8615.[1] They are URL path prefixes that start with /.well-known/. This implementation is in response to the common expectation for web-based protocols to require certain services or information be available at URLs consistent across servers, regardless of the way URL paths are organized on a particular host. The URIs are implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistently in well-known locations across servers.
The IETF has defined a simple way for web servers to hold metadata that any user agent (e.g., web browser) can request. The metadata is useful for various tasks, including directing a web user to use a mobile app instead of the website or indicating the different ways that the site can be secured. The well-known locations are used by web servers to share metadata with user agents; sometimes these are files and sometimes these are requests for information from the web server software itself. The way to declare the different metadata requests that can be provided is standardized by the IETF so that other developers know how to find and use this information.
Use
The path well-known URI begins with the characters /.well-known/, and whose scheme is "HTTP", "HTTPS", or another scheme that has explicitly been specified to use well-known URIs. As an example, if an application hosts the service "example", the corresponding well-known URIs on https://www.example.com/ would start with https://www.example.com/.well-known/example.[1]
Information shared by a web site as a well-known service is expected to meet a specific standard. Specifications that need to define a resource for such site-wide metadata can register their use with the Internet Assigned Numbers Authority (IANA) to avoid collisions and minimize impingement upon sites' URI space.
List of well-known URIs
Summarize
Perspective
The list below describes known standards for .well-known services that a web server can implement.
| URI suffix | Description | Reference | Date of IANA registration |
|---|---|---|---|
| acme-challenge | Automated Certificate Management Environment (ACME) | [2] | 2019-03-01 |
| ai-plugin.json | Manifest for a ChatGPT plugin | [3] | |
| apple-app-site-association | An Apple service that enables secure data exchange between iOS and a website | [4] | |
| apple-developer-merchantid-domain-association | Apple Pay | [5] | |
| ashrae | BACnet – A data communication protocol for building automation and control networks | [6] | 2016-01-22 |
| assetlinks.json | AssetLinks protocol used to identify one or more digital assets (such as web sites or mobile apps) that are related to the hosting web site in some fashion | [7] | 2015-09-28 |
| atproto-did | Handle-to-DID resolution for AT Protocol | [8] | |
| autoconfig/mail | Mozilla Thunderbird mail autoconfiguration service | [9] | |
| browserid | Mozilla Persona | ||
| caldav | Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) | [10] | |
| carddav | Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) | [10] | |
| change-password | Helps password managers find the URL for changing client account passwords | [11] | |
| coap | CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets | [12] | 2017-12-22 |
| com.apple.remotemanagement | Apple-Account–based user enrollment for mobile device management | [13][14] | |
| core | Constrained RESTful Environments (CoRE) Link Format | [15] | |
| csvm | CSV metadata, Model for Tabular Data and Metadata on the Web | [16] | 2015-09-28 |
| dat | Links domain to Dat identifier, used by Beaker web browser[17] | [18] | |
| did.json | did:web Decentralized Identifiers (DIDs) for the Web | ||
| discord | Domain verification for Discord account connection | [19] | |
| dnt | Site-wide tracking status resource | [20] | 2015-08-19 |
| dnt-policy.txt | A privacy-friendly Do Not Track (DNT) Policy | [21] | 2015-08-19 |
| est | Enrollment over Secure Transport (EST) | [22] | 2013-08-16 |
| genid | Resource Description Framework (RDF) Skolem IRIs | [23] | 2012-11-15 |
| gpc.json | Global Privacy Control (GPC) | [24] | |
| hoba | HTTP Origin-Bound Authentication (HOBA) | [25] | 2015-01-20 |
| host-meta | Web Host Metadata | [26] | |
| host-meta.json | Web Host Metadata | [26] | |
| http-opportunistic | Opportunistic Security for HTTP/2 | [27] | 2017-03-20 |
| keybase.txt | Used by the Keybase project to identify a proof that one or more people whose public keys may be retrieved using the Keybase service have administrative control over the origin server from which it is retrieved | [28] | 2014-04-08 |
| matrix | Provides discovery for both client and server APIs to the Matrix federated protocol | [29] | |
| mercure | Discovery of Mercure hubs. Mercure is a protocol enabling the pushing of data updates to web browsers and other HTTP clients in a fast, reliable and battery-efficient way. | [30] | |
| mta-sts.txt | SMTP MTA Strict Transport Security Policy | [31] | 2018-06-21 |
| ni | Naming Things with Hashes | [32] | |
| nodeinfo | Metadata for federated social networking servers | [33] | |
| nostr.json | Discovery of Nostr public keys and related relays, according to NIP-05 | [34] | 2024-03-18 |
| oauth-authorization-server | OAuth Authorization Server Metadata | [35] | 2018-03-27 |
| openid-configuration | OpenID Connect | [36] | 2013-08-27 |
| openorg | Organisation Profile Document | [37] | 2015-05-29 |
| openpgpkey | OpenPGP Web Key Service | [38] | |
| passkey-endpoints | Formally advertises support for passkeys and provides direct links for enrollment and management for password managers to automatically create/upgrade. | [39] | |
| pki-validation | CA/Browser Forum’s Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates | [40] | 2017-02-06 |
| posh | PKIX over Secure HTTP (POSH) | [41] | 2015-09-20 |
| privacy-sandbox-attestations.json | The Google Chrome Privacy Sandbox attestation file | [42] | |
| pubvendors.json | The IAB pubvendors.json tech spec, which provide a standard for publishers to publicly declare the vendors that they work with, and their respective data rights/configuration | [43] | 2020-09-07 |
| reload-config | REsource LOcation And Discovery (RELOAD) Base Protocol | [44] | |
| repute-template | A Reputation Query Protocol | [45] | 2013-09-30 |
| resourcesync | ResourceSync Framework Specification | [46] | 2017-05-26 |
| security.txt | Standard to help organizations define the process for security researchers to disclose security vulnerabilities | [47] | 2018-08-20 |
| statements.txt | Standard for collective contract signing | [48] | |
| stun-key | Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization | [49] | 2015-06-12 |
| tdmrep.json | Domain-wide TDM (Text and Data Mining) reservation | [50] | |
| time | Time over HTTPS specification | [51] | 2015-12-09 |
| timezone | Time Zone Data Distribution Service | [52] | 2015-08-03 |
| uma2-configuration | User-Managed Access (UMA) 2.0 grant for OAuth 2.0 authorization | [53] | 2017-06-20 |
| vercel/flags | Overridable Feature Flag's for Vercel's Toolbar | [54] | |
| void | Describing Linked Datasets with the VoID Vocabulary | [55] | 2011-05-11 |
| webfinger | WebFinger | [56] | 2013-03-15, 2013-09-06 |
| xrp-ledger.toml | XRP ledger node & account information | [57] |
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.