<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Web on Crossref</title><link>https://www-crossref-org.pluma.sjfc.edu/categories/web/</link><description>Recent content in Web on Crossref</description><generator>Hugo 0.139.4</generator><language>en-us</language><managingEditor>support@crossref.org (Crossref/Cazinc/Benoît Benedetti)</managingEditor><webMaster>support@crossref.org (Crossref/Cazinc/Benoît Benedetti)</webMaster><lastBuildDate>Tue, 17 Jan 2017 00:00:00 +0000</lastBuildDate><atom:link href="https://www-crossref-org.pluma.sjfc.edu/categories/web/" rel="self" type="application/rss+xml"/><item><title>Linking DOIs using HTTPs: the background to our new guidelines</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/linking-dois-using-https-the-background-to-our-new-guidelines/</link><pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate><author>Geoffrey Bilder</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/linking-dois-using-https-the-background-to-our-new-guidelines/</guid><description>&lt;p>Recently we announced that we were making some new recommendations in our DOI display guidelines. One of them was to use the secure HTTPS protocol to link Crossref DOIs, instead of the insecure HTTP.&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">Some people asked whether the move to HTTPS might affect their ability to measure referrals (i.e. where the people who visit your site come from).&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">TL;DR: Yes&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">Yes. If you do &lt;/span>&lt;b>not&lt;/b>&lt;span style="font-weight: 400;"> move your DOI links to HTTPS, Crossref, its members and the members of &lt;/span>&lt;a href="http://www.doi.org.pluma.sjfc.edu/registration_agencies.html">&lt;span style="font-weight: 400;">other DOI registration agencies&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> (e.g. DataCite, JLC, CNKI)  will find it increasingly difficult to accurately measure referrals. You should link DOIs using HTTPS.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">In fact, if you do not support HTTPS on your site &lt;/span>&lt;b>now&lt;/b>&lt;span style="font-weight: 400;">, it is likely that your ability to measure referrals is already impaired. If you do not already have a plan to move your site to HTTPS, you should develop one.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">If you have already transitioned your site to HTTPS, you should follow the new guidelines and link DOIs via HTTPS as soon as possible. As it stands, you are not sending any referrer information when DOIs are clicked on and followed from your site. You should also make sure that the URLs you have registered with Crossref are HTTPS URLs, otherwise &lt;em>you&lt;/em> will not get referrer information on your site when they are followed.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">Read on if you want some grody details. We&amp;rsquo;ll try to keep it as non-technical as possible.&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">Two protocols, one web&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">To start with your web browser supports two closely related protocols, HTTP and HTTPS.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">The first, HTTP, is the protocol that the web started out with. It is an unencrypted protocol and it is also easy to intercept and modify. It is also very easy and inexpensive to implement.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">The second protocol, HTTPS, is a secure version of the first protocol. It is very difficult to intercept and modify. It has historically been more complex and expensive to implement. &lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">Here you might say - &amp;ldquo;Great, but HTTPS has been around for a long time. We&amp;rsquo;ve used it for sensitive transactions like authentication and credit card transactions. Why do we want to use DOI links with HTTPS?&amp;rdquo; Why are you suggesting that we should even consider moving our entire site to HTTPS? &lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">The pressure to move to HTTPS&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">The insecure HTTP protocol has become a major vector for a lot of security issues on the web. It allows user web pages to be intercepted and modified between the server and the browser. This flaw is being abused for everything from spying, to inserting unwanted advertisements into web pages, to distributing viruses, ransomware and botnets. &lt;/span>
&lt;p>&lt;span style="font-weight: 400;">As such, there has been a steady drumbeat of industry encouragement to move to the more secure HTTPS protocol for all website functions.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">We are not going to argue all the points here. Instead we will mention the major constituencies that are advocating for a move to HTTPS and provide you with some pointers. We apologise that these are all so US-centric, but a lot of the web&amp;rsquo;s global direction does seem to be presaged by US adoption trends.&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">Google&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">It is probably easiest to start with Google, since its practices tend to focus the attention of those managing websites.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">Back in 2014 &lt;/span>&lt;a href="https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html">&lt;span style="font-weight: 400;">Google announced that they would slowly move toward including the use of HTTPS as a ranking signal&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">. In 2015 they upped the ante by announcing that &lt;/span>&lt;a href="https://security.googleblog.com/2015/12/indexing-https-pages-by-default.html">&lt;span style="font-weight: 400;">they would start indexing HTTPS versions of pages by default&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">. It looks like in early 2017 they will really start to take the gloves off as they &lt;/span>&lt;a href="https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure">&lt;span style="font-weight: 400;">modify their Chrome browser to flag sites that do not use HTTPS as being &lt;code>insecure&lt;/code>&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">.&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">Every top website, &lt;/span>&lt;a href="http://www.urbandictionary.com/define.php?term=evah">&lt;span style="font-weight: 400;">evah&lt;/span>&lt;/a>&lt;/h2>
&lt;span style="font-weight: 400;">It looks like Google's plan is working too. Their &lt;/span>&lt;a href="https://www.google.com/transparencyreport/https/grid/?hl=en">&lt;span style="font-weight: 400;">2016 transparency report&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> shows that most top websites have already transitioned to HTTPS and that this translates to approximately 25% of all web traffic worldwide taking place using HTTPS. Indeed, over 50% of all web pages viewed by desktop users are delivered via HTTPS.&lt;/span>
&lt;h2>&lt;span style="font-weight: 400;">Government agencies&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">The USA’s Whitehouse issued [&lt;/span>&lt;a href="https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government">&lt;span style="font-weight: 400;">a directive instructing all Federal websites to adopt HTTPS&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">]. As of December 2016 &lt;/span>&lt;a href="https://pulse.cio.gov/">&lt;span style="font-weight: 400;">64%&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> of federal websites have made the transition.&lt;/span>
&lt;h2>&lt;span style="font-weight: 400;">Libraries&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">Much of the pressure to move to HTTPS is coming from the library community who have a historical tradition of protecting patron privacy and resisting efforts to censor content. The third principle of the American Library Association's code of ethics reads:&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">We protect each library user&amp;rsquo;s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">Recently there has been &lt;/span>&lt;a href="https://www.eff.org/deeplinks/2016/12/librarians-act-now-protect-your-users-its-too-late">&lt;span style="font-weight: 400;">a major push by the Electronic Frontier Foundation&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> to get libraries to adopt a number of security and privacy practices, including the use of HTTPS by all library systems as well as those used by library vendors.&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">What are Crossref members doing about HTTPS?&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">How big an issue is this? How many of our members have moved to HTTPS? How many plan to? Well, we looked at the URLs that are registered with Crossref and we tested them with both protocols. Eventually we will write a blog post detailing our findings - but the highlights are:&lt;/span>
&lt;ul>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">Slightly fewer than half of the member domains tested only support HTTP.&lt;/span>&lt;/li>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">Slightly fewer than half of the member domains tested support both HTTP and HTTPS.&lt;/span>&lt;/li>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">About 370 of the member domains tested only support HTTPS.&lt;/span>&lt;/li>
&lt;/ul>
&lt;h2>&lt;span style="font-weight: 400;">The transition to HTTPS and the issue of DOI referrals&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">The HTTP referrer is a piece of information passed on by a browser that indicates the site from which the user navigated.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">So, for example, if a user visiting site &lt;code>A&lt;/code> clicks on a link which takes them to site &lt;code>B&lt;/code>, site &lt;code>B&lt;/code> will then record in its logs that a user visited them from site A. Obviously, this is important information for understanding where your web site traffic comes from. &lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">The default rules for referrals are&lt;sup>&lt;a href="#fn1">1&lt;/a>&lt;/sup>&lt;/span>&lt;span style="font-weight: 400;">:&lt;/span>&lt;/p>
&lt;ol>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">If you link between two sites with the same level of security, all referral information is retained.&lt;/span>&lt;/li>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">When you follow a link from an insecure (HTTP) web site to a secure (HTTPS) site, referral data is passed on to the secure web site. &lt;/span>&lt;/li>
&lt;li style="font-weight: 400;">&lt;span style="font-weight: 400;">If you follow a link from a secure (HTTPS) web site to an insecure (HTTP) site, referral data is not passed on to the insecure web site.&lt;/span>&lt;/li>
&lt;/ol>
&lt;span style="font-weight: 400;">So let's see what the situation would look like with normal links. If we had two sites, `A` &amp;amp; `B`, the following table maps the possible combinations of protocols that can be used to link from `A` to `B`. So, for example, row #2 reads:&lt;/span>
&lt;blockquote>&lt;span style="font-weight: 400;">A user browses site A using HTTP and clicks on a HTTPS link to publisher B who hosts their site using HTTPS. &lt;/span>&lt;/blockquote>
&lt;span style="font-weight: 400;">The last column indicates if the referrer information is passed along by the browser. In the case of row #2, the answer is “yes”. The user has navigated from a less secure site to a more secure site.&lt;/span>
&lt;table>
&lt;tbody>
&lt;tr>
&lt;td>&lt;b>User views site A using&lt;/b>&lt;/td>
&lt;td>&lt;b>Site A links to site B using&lt;/b>&lt;/td>
&lt;td>&lt;b>Browser reports referrer to site B&lt;/b>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;span style="font-weight: 400;">
But this gets a little more complicated with DOIs. In this case publisher `A` links to publisher `B` through the DOI system. This means there are two parts to the link. The first `(A-&amp;gt;doi.org)` results in a redirect (A-&amp;gt;B). Again we use the last columns to indicate when referrer information is passed along to site B. Again, let’s look at row #2. It reads:&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">A user browses the site of member A using HTTP and clicks on a HTTP DOI link. The DOI system redirects the browser to member B using an HTTPS link registered with Crossref by member B. The middle column and the last column records whether Crossref and the publisher were able to see referrer information. The answer in both cases is “yes”. In the first case (A-&amp;gt;DOI) because the link was from a less secure site (HTTP on A) to a more secure site (HTTPS at DOI). The second case because the link is between two sites at the same security level (HTTP).&lt;/span>&lt;/p>
&lt;table>
&lt;tbody>
&lt;tr>
&lt;td>&lt;/td>
&lt;td>&lt;b>User views site A using&lt;/b>&lt;/td>
&lt;td>&lt;b>Site A links DOI using&lt;/b>&lt;/td>
&lt;td>&lt;b>Browser reports referrer to Crossref&lt;sup>&lt;a href="#fn2">2&lt;/a>&lt;/sup>&lt;/b>&lt;/td>
&lt;td>&lt;b>Crossref redirects to site B using&lt;sup>&lt;a href="#fn3">3&lt;/a>&lt;/sup>&lt;/b>&lt;/td>
&lt;td>&lt;b>Browser reports referrer to site B&lt;/b>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">1&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">2&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">3&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">4&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">5&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">6&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">7&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTP&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">No&lt;/span>&lt;/td>
&lt;/tr>
&lt;tr>
&lt;td>&lt;span style="font-weight: 400;">8&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">HTTPS&lt;/span>&lt;/td>
&lt;td>&lt;span style="font-weight: 400;">Yes&lt;/span>&lt;/td>
&lt;/tr>
&lt;/tbody>
&lt;/table>
&lt;h2>&lt;span style="font-weight: 400;">
So what does this mean?&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">Our old display guidelines recommended linking DOIs using HTTP. Rows #1, #2, #5, #6 represent the status quo.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">About half of our members support HTTPS. A few support it exclusively and it seems, given the industry pressures mentioned above, those who support both protocols are likely doing so as a transition stage to HTTPS-only sites.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">This means that &lt;/span>&lt;b>the scenarios represented in row #5 &amp;amp; #6 are already happening&lt;/b>&lt;span style="font-weight: 400;">. The referral information for any user viewing one of our member sites using HTTPS is being lost when they click on DOIs that use the HTTP protocol. Crossref doesn&amp;rsquo;t get the referral data and neither does the member whose DOI has been clicked on.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">Of course this applies to non-member sites that link to DOIs as well. Wikipedia is the largest referrer of DOIs from outside the industry. In 2015 The Wikimedia Foundation &lt;/span>&lt;a href="https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/">&lt;span style="font-weight: 400;">made a highly publicised transition&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> to HTTPS on all of their sites. This means that any of our members who are running HTTP sites have already lost the ability to see any referral information from Wikipedia on their own sites. However, Crossref &lt;/span>&lt;a href="http://blog.crossref.org.pluma.sjfc.edu/2016/05/https-and-wikipedia.html">&lt;span style="font-weight: 400;">worked closely with Wikimedia&lt;/span>&lt;/a>&lt;span style="font-weight: 400;"> to ensure that, at the very least, Crossref was still able to record Wikimedia referral data on behalf of our members.&lt;/span>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">A solution&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">It is largely this work with Wikimedia that has helped us to understand just how important it is for Crossref to get ahead of the curve in helping our community to transition to HTTPS.&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">As long as our members are running a combination of HTTP and HTTPS sites, there is no way for our community to avoid some disruption in the flow of referral data. And we certainly would never entertain the notion of asking our members to keep using HTTP.The best we can do is recommend a practice that will help smooth the transition to HTTPS. That is what we are doing.Our new recommendation is to move to linking DOIs using HTTPS. This is represented in rows #3, #4, #7 and #8 in the table above. &lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">This is a particularly important step for our members who have already moved to hosting their sites on HTTPS. As long as they are using HTTP DOIs on their site, they will be sending no referral traffic to Crossref, other Crossref members or other users of the DOI infrastructure. This is captured in scenarios #5 and #6.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">If our linking guidelines are followed during the industry’s transition to HTTPS, then scenario #5 and #6 will eventually be replaced with scenario #7. It is still not perfect, but at least it means that, during the transition, publishers who are still running HTTP sites will be able to get some DOI referral data via Crossref. And of course, once our members have widely transitioned to HTTPS, everything will go back to normal and they will be able to see referral data on their own sites as well (i.e.they will have moved from the state represented in row #1 to state represented in row #8.)&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">In summary, please change your sites to use HTTPS to link DOIs. They should look like this:&lt;/span>&lt;/p>
&lt;p>&lt;a href="https://doi-org.pluma.sjfc.edu/10.7554/eLife.20320">&lt;span style="font-weight: 400;">&lt;a href="https://doi-org.pluma.sjfc.edu/10.7554/eLife.20320" target="_blank">https://doi-org.pluma.sjfc.edu/10.7554/eLife.20320&lt;/a>&lt;/span>&lt;/a>&lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">FAQ&lt;/span>&lt;/h2>
&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> If I have moved my site to HTTPS, do I need to redeposit my URLs to that they use the HTTPS protocol instead?&lt;/span>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Yes. If you want to be able to still collect referrer information on your site (scenario #8) as opposed to via Crossref (scenario #7).&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> But can’t I avoid redepositing my URLs and get referrer data again if I simply redirect HTTP URLs to HTTPS on my own site?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> No. The browser will strip referrer information if there is any HTTP step in the redirects. Even if the redirect is done on your own site.&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> Can I avoid having to redeposit all my URLs? Can’t Crossref just update the protocol on our existing DOIs for us?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Contact &lt;/span>&lt;a href="mailto:support@crossref.org">&lt;span style="font-weight: 400;">&lt;a href="mailto:support@crossref.org">support@crossref.org&lt;/a>&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">. We’ll see what we can do.&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> What about all the old PDFs that are are there? They link to DOIs using HTTP. &lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> That is true. But links followed from PDFs don’t send referrer information anyway.&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> And what about my new PDFs? Should I start linking DOIs from them using HTTPS.&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Probably. But not because of the DOI referrer problem. Simply because HTTPS is a more secure, private, and future-proof protocol.&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> Don’t some countries block HTTPS?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Typically countries block specific sites and/or services. We do not know of any countries that have a blanket block on the HTTPS protocol.&lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> I use a link resolver that uses OpenURL + a  cookie pusher to redirect my users to local resources. What do I need to do?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> You need to change your cookie pusher script to enable the &lt;code>Secure&lt;/code> attribute for cookies for HTTPS-linked DOIs.   &lt;/span>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> Can I use protocol-relative URLs (e.g. &lt;/span>&lt;a href="https://doi-org.pluma.sjfc.edu/10.7554/eLife.20320">&lt;span style="font-weight: 400;">//doi.org/10.7554/eLife.20320&lt;/span>&lt;/a>&lt;span style="font-weight: 400;">)?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Protocol-relative URLs can be used in HTML HREFs to help ease the transition from HTTP to HTTPS, but use the full protocol in the text of the DOI link itself. So, for example, the following is fine:&lt;/span>&lt;span style="font-weight: 400;">
&lt;/span>&lt;span style="font-weight: 400;">
&lt;/span>&lt;/p>
&lt;pre>&lt;a href="//doi.org/10.7554/eLife.20320">https://doi-org.pluma.sjfc.edu/10.7554/eLife.20320&lt;/a>&lt;/pre>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> I hear that HTTP and HTTPS versions of URI identifiers are considered to be different identifiers. Doesn’t this mean that by moving to HTTPS we are essentially doubling the number of DOI-based identifiers out there?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> Yes. It isn’t a problem that is only being faced by DOIs. Basically all HTTP-URI based identifiers face the same issue. We will put in place appropriate same-as assertions in our metadata and HTTP headers to allow people to understand that the HTTP and HTTPS representations of the DOI point to the same thing. &lt;/span>&lt;/p>
&lt;p>&lt;em>On a personal note (@gbilder speaking- don’t blame @CrossrefOrg) - it breaks my brain that the official line is that the protocol difference means they are different identifiers. As a practical matter (a concept the W3C seems to be increasingly alienated from), it would be insane for anybody to follow this policy to the letter. You can probably be pretty safe swapping the protocols on DOIs and being sure you will get the same thing.&lt;/em>&lt;/p>
&lt;hr />
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>Q:&lt;/strong> I see that the Crossref site isn’t running on HTTPS. Are you just a bunch of hypocrites?&lt;/span>&lt;/p>
&lt;p>&lt;span style="font-weight: 400;">&lt;strong>A:&lt;/strong> &lt;del>Yes. The site will be moving to HTTPS-only very soon. Then we won’t be.&lt;/del> We do now.&lt;/span>&lt;/p>
&lt;p> &lt;/p>
&lt;h2>&lt;span style="font-weight: 400;">References&lt;/span>&lt;/h2>
&lt;ol>
&lt;li id="fn1">These rules can be tweaked using meta referrer tags (https://www.w3.org/TR/referrer-policy/), but not in any way that both avoids the fundamental problems outlined here &lt;b>and&lt;/b> that preserves the security/privacy characteristics that are the very reason to implement HTTPS in the first place.&lt;/li>
&lt;li id="fn2">To be pedantic- it actually passes referrer information to the DOI proxy (https://doi-org.pluma.sjfc.edu/), which in turn is reported to Crossref.&lt;/li>
&lt;li id="fn3">To continue with the pedantry- the DOI proxy does the redirect based on the URL member B has deposited with Crossref.&lt;/li>
&lt;/ol></description></item><item><title>Does Size Matter?</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/does-size-matter/</link><pubDate>Mon, 28 Jul 2008 00:00:00 +0000</pubDate><author>Tony Hammond</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/does-size-matter/</guid><description>&lt;p>Interesting &lt;a href="http://googleblog.blogspot.com/2008/07/we-knew-web-was-big.html" target="_blank">post&lt;/a> from Google, in which they say:&lt;/p>
&lt;blockquote>
&lt;p>&lt;em>“Recently, even our search engineers stopped in awe about just how big the web is these days — when our systems that process links on the web to find new content hit a milestone: 1 trillion (as in 1,000,000,000,000) unique URLs on the web at once!”&lt;/em>&lt;/p>
&lt;/blockquote>
&lt;p>Puts Crossref’s 32,639,020 unique DOIs into some kind of perspective: 0.0033%. But nonetheless that trace percentage still seems to me to be reasonably large, especially in view of it forming a persistent and curated set.&lt;/p>
&lt;p>&lt;strong>&lt;em>Update:&lt;/em>&lt;/strong> Talking of Google numbers, &lt;a href="http://royal.pingdom.com/" target="_blank">pingdom&lt;/a> has a post “&lt;a href="http://royal.pingdom.com/?p=276" target="_blank">Map of all Google data center locations&lt;/a>” with maps of US, Europe and World locations.&lt;/p></description></item><item><title>Publishing Linked Data</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/publishing-linked-data/</link><pubDate>Thu, 19 Jul 2007 00:00:00 +0000</pubDate><author>Tony Hammond</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/publishing-linked-data/</guid><description>&lt;p>With these words:&lt;/p>
&lt;blockquote>
&lt;p>_“There was quite some interest in Linked Data at this year’s World Wide&lt;/p>
&lt;/blockquote>
&lt;blockquote>
&lt;p>Web Conference (WWW2007). Therefore, Richard Cyganiak, Tom Heath and I&lt;/p>
&lt;/blockquote>
&lt;blockquote>
&lt;p>decided to write a tutorial about how to publish Linked Data on the&lt;/p>
&lt;/blockquote>
&lt;blockquote>
&lt;p>Web, so that interested people can find all relevant information, best&lt;/p>
&lt;/blockquote>
&lt;blockquote>
&lt;p>practices and references in a single place.”_&lt;/p>
&lt;/blockquote>
&lt;p>Chris Bizer announces this draft &lt;a href="https://web.archive.org/web/20120315113002/http://www4.wiwiss.fu-berlin.de/bizer/pub/LinkedDataTutorial/" target="_blank">How to Publish Linked Data on the Web&lt;/a>. It’s a bright and breezy tutorial and useful (to me, anyway) for disclosing a couple of links:&lt;/p>
&lt;ul>
&lt;li>&lt;a href="http://www.w3.org/2001/tag/findings" target="_blank">Findings of the W3C TAG&lt;/a>
&lt;ul>
&lt;li>
&lt;p>&lt;a href="http://www.w3.org/DesignIssues/LinkedData.html" target="_blank">Linked Data - Design Issues&lt;/a> &lt;/ul>
The tutorial is unsurprisingly orthodox in its advocacy for all things HTTP and goes on to say:&lt;/p>
&lt;blockquote>
&lt;p>&lt;em>“In the context of Linked Data, we restrict ourselves to using HTTP URIs only and avoid other URI schemes such as URNs and DOIs.”&lt;/em>&lt;/p>
&lt;/blockquote>
&lt;p>But this only relates back to Berners-Lee’s piece on Linked Data referenced above in which he says:&lt;/p>
&lt;blockquote>
&lt;p>&lt;em>“The second rule, to use HTTP URIs, is also widely understood. The only deviation has been, since the web started, a constant tendency for people to invent new URI schemes (and sub-schemes within the urn: scheme) such as LSIDs and handles and XRIs and DOIs and so on, for various reasons. Typically, these involve not wanting to commit to the established Domain Name System (DNS) for delegation of authority but to construct something under separate control. Sometimes it has to do with not understanding that HTTP URIs are names (not addresses) and that HTTP name lookup is a complex, powerful and evolving set of standards. This issue discussed at length elsewhere, and time does not allow us to delve into it here.”&lt;/em>&lt;/p>
&lt;/blockquote>
&lt;p>Hmm. Does make one wonder where the concept of URI ever arose. Surely the nascent WWW application should have mandated the exclusive use of HTTP identifiers? Seems that this concept snuck up on us somehow and we now have to put it back into the box. Pandora, indeed!&lt;/p>
&lt;p>Back to the tutorial there are some unorthodox terms or at least I had not heard of them before. Contrasted with the defined term &lt;strong>information resources&lt;/strong> (from &lt;a href="http://www.w3.org/TR/webarch/" target="_blank">AWWW&lt;/a>) is the undefined term “non-information resources”. Further on, there’s a distinction made between two types of RDF triple: “literal triples” and “RDF links”. I hadn’t heard of either of these terms before although they are presented as if they were in common usage. The tutorial then goes on to deprecate the use of certain RDF features because it makes it “easier for clients”. So, I guess that the full expressivity of RDF is either not required or the world of “linked data” is not quite so large as it would like to be.&lt;/p>
&lt;p>And later on, there’s this puzzling injunction:&lt;/p>
&lt;blockquote>
&lt;p>&lt;em>“You should only define terms that are not already defined within well-known vocabularies. In particular this means not defining completely new vocabularies from scratch, but instead extending existing vocabularies to represent your data as required.”&lt;/em>&lt;/p>
&lt;/blockquote>
&lt;p>Am I wrong, or is there something of a Catch 22 there? To extend an arbitrary vocabulary I would need to be the namespace authority - to be the “URI owner” in W3C speak. But I can’t be the authority for all namespaces/vocabularies because by the intent of the above they would likely be just the one (true?) vocabulary which I may or may not be the authority for. I thought the intent of the RDF model and XML namespaces was that terms could be applied from disparate vocabularies to the description at hand.&lt;/p>
&lt;p>Anyways, I am not trying to knock the draft. It’s something of a curate’s egg, that’s true, but I am genuinely looking forward to reading it through and would encourage others to have a look at it too.&lt;/p>
&lt;/li>
&lt;/ul>
&lt;/li>
&lt;/ul></description></item><item><title>eprintweb.org</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/eprintweb.org/</link><pubDate>Fri, 02 Mar 2007 00:00:00 +0000</pubDate><author>Ed Pentz</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/eprintweb.org/</guid><description>&lt;p>IOP has created an instance of the arXiv repository called eprintweb.org at &lt;a href="https://web.archive.org/web/20130803071935/http://eprintweb.org/S/" target="_blank">https://web.archive.org/web/20130803071935/http://eprintweb.org/S/&lt;/a>. What’s the difference from arXiv? From the eprinteweb.org site - “We have focused on your experience as a user, and have addressed issues of navigation, searching, personalization and presentation, in order to enhance that experience. We have also introduced reference linking across the entire content, and enhanced searching on all key fields, including institutional address.”&lt;/p>
&lt;p>The site looks very good and it’s interesting to see a publisher developing a service directly engaging with a repository.&lt;/p>
&lt;p>Some interesting points to note: There are DOI links to published articles - &lt;code>http://www.eprintweb.org/S/article/astro-ph/0603001&lt;/code> - which IOP gets from Crossref. References in the preprints are also linked - &lt;code>http://www.eprintweb.org/S/article/astro-ph/0603001/refs&lt;/code>&lt;/p>
&lt;p>Crossref will soon be making available an author/title only query for repositories to use to find DOIs for published papers when the preprint doesn’t have the full citation. Many authors don’t go back to their preprints to update the reference to the published version but the new Crossref query will enable the repositories to do this automatically.&lt;/p></description></item><item><title>Sir TimBL’s Testimony</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/sir-timbls-testimony/</link><pubDate>Fri, 02 Mar 2007 00:00:00 +0000</pubDate><author>Tony Hammond</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/sir-timbls-testimony/</guid><description>&lt;p>Just in case anybody may not have seen this, &lt;a href="http://dig.csail.mit.edu/2007/03/01-ushouse-future-of-the-web.html" target="_blank">here&lt;/a>‘s the testimony of Sir Tim Berners-Lee yesterday before a House of Representatives Subcommittee on Telecommunications and the Internet. Required reading.&lt;/p>
&lt;p>(Via this &lt;a href="https://web.archive.org/web/20070307171557/http://www.savetheinternet.com/blog/2007/03/01/world-wide-web-inventor-says-net-neutrality-a-top-priority-for-congress/" target="_blank">post&lt;/a> yesterday in the &lt;a href="http://www.savetheinternet.com/blog/" target="_blank">Save the Internet&lt;/a> blog.)&lt;/p></description></item><item><title>At Last! URIs for InChI</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/at-last-uris-for-inchi/</link><pubDate>Mon, 19 Feb 2007 00:00:00 +0000</pubDate><author>Tony Hammond</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/at-last-uris-for-inchi/</guid><description>&lt;p>The &lt;a href="http://info-uri.info/" target="_blank">info registry&lt;/a> has now added in the &lt;a href="http://iupac.org/inchi/" target="_blank">InChI&lt;/a> namespace (see registry entry &lt;a href="http://info-uri.info/registry/OAIHandler?verb=GetRecord&amp;amp;#038;metadataPrefix=reg&amp;amp;#038;identifier=info:inchi/" target="_blank">here&lt;/a>) which now means that chemical compounds identified by InChIs (&lt;a href="http://iupac.org/" target="_blank">IUPAC&lt;/a>‘s International Chemical Identifiers) are expressible in URI form and thus amenable to many Web-based description technologies that use URI as the means to identify objects, e.g. XLink, RDF, etc. As an example, the InChI identifier for &lt;a href="http://en.wikipedia.org/wiki/Naphthalene" target="_blank">naphthalene&lt;/a> is&lt;/p>
&lt;p>InChI=1/C10H8/c1-2-6-10-8-4-3-7-9(10)5-1/h1-8H&lt;/p>
&lt;p>and can now be legitimately expressed in URI form as&lt;/p>
&lt;p>info:inchi/InChI=1/C10H8/c1-2-6-10-8-4-3-7-9(10)5-1/h1-8H&lt;/p>
&lt;p>The info URI scheme exists to support legacy namespaces get a leg up onto the Web. Registered namespaces include PubMed identifiers, DOIs, handles, ADS bibcodes, etc. Increasingly we’ll be expecting to see identifiers (both new and old) represented in a common form - URI.&lt;/p></description></item><item><title>RSC launches semantic enrichment of journal articles</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/rsc-launches-semantic-enrichment-of-journal-articles/</link><pubDate>Thu, 01 Feb 2007 00:00:00 +0000</pubDate><author>rkidd</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/rsc-launches-semantic-enrichment-of-journal-articles/</guid><description>&lt;p>The RSC has gone live today with the results of &lt;a href="https://web.archive.org/web/20070812060042/http://www.rsc.org.pluma.sjfc.edu/Publishing/Journals/ProjectProspect/index.asp" target="_blank">Project Prospect&lt;/a>, introducing semantic enrichment of journal articles across all our titles. I’m pretty sure we’re the first primary research publisher to do anything of this scope.&lt;/p>
&lt;p>We’re identifying chemical compounds and providing synonyms, InChIs (IUPAC’s Chemical Identifier), downloadable CML (Chemical Markup Language), SMILES strings and 2D images for these compounds. In terms of subject area we’re marking up terms from the IUPAC Gold Book, and also Open Biomedical Ontology terms from the Gene, Cell, and Sequence Ontologies. All this stuff is currently available from an enhanced HTML view, with the additional information and links to related articles accessed via highlights in the article and popups.&lt;/p>
&lt;p>The mark-up tools have been developed together with UK academics based at the Unilever Centre of Molecular Informatics and the Computing Laboratory at Cambridge University.&lt;/p>
&lt;p>At launch we have about 100 articles from our 2007 publications, with the enhanced views currently free-to-air. Feel free to take a look.&lt;/p></description></item><item><title>What’s in a URI?</title><link>https://www-crossref-org.pluma.sjfc.edu/blog/whats-in-a-uri/</link><pubDate>Mon, 08 Jan 2007 00:00:00 +0000</pubDate><author>Tony Hammond</author><guid>https://www-crossref-org.pluma.sjfc.edu/blog/whats-in-a-uri/</guid><description>&lt;p>First off, a Happy New Year to all!&lt;/p>
&lt;p>A &lt;a href="https://web.archive.org/web/20130903193049/https://utils.its.caltech.edu/pipermail/openurl/2007-January/000376.html" target="_blank">post of mine&lt;/a> to the &lt;a href="https://web.archive.org/web/20130903202546/https://utils.its.caltech.edu/mailman/listinfo/openurl" target="_blank">OpenURL list&lt;/a> may possibly be of interest. Following up the recent W3C TAG (Technical Architecture Group) Finding on “The Use of Metadata in URIs” I pointed out that the TAG do not seem to be aware of OpenURL: which is both a standard prescription for including metadata in URI strings and a US information standard to boot.&lt;/p></description></item></channel></rss>