Internationalized Resource Identifier | |
Long Name: | Internationalized Resource Identifier |
Status: | Proposed Standard |
Authors: |
|
Organization: | |
Domain: | Character encoding |
Abbreviation: | IRI |
Base Standards: |
|
The Internationalized Resource Identifier (IRI) is an internet protocol standard which builds on the Uniform Resource Identifier (URI) protocol by greatly expanding the set of permitted characters.[1] [2] [3] It was defined by the Internet Engineering Task Force (IETF) in 2005 in RFC 3987. While URIs are limited to a subset of the US-ASCII character set (characters outside that set must be mapped to octets according to some unspecified character encoding, then percent-encoded), IRIs may additionally contain most characters from the Universal Character Set (Unicode/ISO 10646),[4] [5] including Chinese, Japanese, Korean, and Cyrillic characters.
IRIs extend URIs by using the Universal Character Set, where URIs were limited to ASCII, with far fewer characters. IRIs may be represented by a sequence of octets but by definition are defined as a sequence of characters, because IRIs may be spoken or written by hand.
IRIs are mapped to URIs to retain backwards-compatibility with systems that do not support the new format.[6]
For applications and protocols that do not allow direct consumption of IRIs, the IRI should first be converted to Unicode using canonical composition normalization (NFC), if not already in Unicode format.
All non-ASCII code points in the IRI should next be encoded as UTF-8, and the resulting bytes percent-encoded, to produce a valid URI.
Example: The IRI https://en.wiktionary.org/wiki/Ῥόδος becomes the URI https://en.wiktionary.org/wiki/%E1%BF%AC%CF%8C%CE%B4%CE%BF%CF%82
ASCII code points that are invalid URI characters may be encoded the same way, depending on implementation.
This conversion is easily reversible; by definition, converting an IRI to an URI and back again will yield an IRI that is semantically equivalent to the original IRI, even though it may differ in exact representation.[7]
Some protocols may impose further transformations; e.g. Punycode for DNS labels.
There are reasons to see URIs displayed in different languages; mostly, it makes it easier for users who are unfamiliar with the Latin (A–Z) alphabet. Assuming that it isn't too difficult for anyone to replicate arbitrary Unicode on their keyboards, this can make the URI system more accessible.[8]
Mixing IRIs and ASCII URIs can make it much easier to execute phishing attacks that trick someone into believing they are on a different site than they really are. For example, one can replace an ASCII "a" in www.myfictionalbank.com
with the Unicode look-alike "α" to give www.myfictionαlbank.com
and point that IRI to a malicious site. This is known as an IDN homograph attack.
While a URI does not provide people with a way to specify web resources using their own alphabets, an IRI does not make clear how web resources can be accessed with keyboards that are not capable of generating the requisite internationalized characters. This means that IRIs are now handled in a way very similar to many other software which might require the use of a non-keyboard input method when dealing with texts in various languages.