This version: : http://pavatar.com/spec/pavatar-0.3.0
Latest version: : http://pavatar.com/spec
Previous versions: : http://pavatar.com/spec/pavatar-0.2.0 : http://jeenaparadies.net/specs/pavatar-0.1.2 : http://jeenaparadies.net/specs/pavatar-0.1.1 : http://jeenaparadies.net/specs/pavatar-0.1.0
Editors : Jeena Paradies [email protected]
© 2006 Jeena Paradies
The Personal Avatar (short Pavatar) system is a way to use small personalized images to standardize a providers profile picture through various websites when leaving comments and other content. Providers are able to host their Personal Avatars themselves.
This is the 18 December 2006 Candidate Recommendation of the Personal Avatar. This Candidate Recommendation was published to indicate that the document is believed to be stable and to encourage implementation by the developer community.
Comments are welcome, please write to [email protected].
- Definitions
- Personal Avatar Conformance Requirements
- Technical Definition
- Refusing Personal Avatar Requests
- Autodiscovery
- HTTP Header
- Link Element
- Direct URL
- Precedence
- Dealing with Personal Avatars
- Autodiscovery Algorithm
- Manipulating
- Caching
- Updating Cached Personal Avatars
- Appendix
- Optimization
- Support of Conformance to Arbitrary Rules
Provider : Provider is the person who leaves a comment, post, annotation or similar content on a publishers page and possesses the Personal Avatar. The provider and the consumer may be the same.
Providers website : A providers website must be a valid HTTP URL according to RFC 1738, which the provider has specified as his website.
Personal Avatar : A Personal Avatar is a picture stored on the provider's website conforming to the Personal Avatar conformance requirements described in [2][conformance-requirements].
Consumer : The consumer provides the service for the provider to act. The consumer and the provider may be the same.
The Personal Avatar implementation (short: implementation) : This is the implementation running the provider's service dealing the Personal Avatars.
Now : Now refers to the time the HTTP request is finished.
The key words must, must not, required, shall, shall not, should, should not, recommended, may, and optional in this document are to be interpreted as described in RFC 2119.
A valid Personal Avatar must be a 80x80 pixel sized image in GIF (GIF89a), PNG (PNG) or JPEG ([ISO/IEC IS 10918-1], [ISO/IEC IS 14495-1], [ISO/IEC IS 15444-1]) format.
A valid Personal Avatar must not exceed the size of 409600 Bit (the octuple size of an uncompressed 80x80pixel big picture with 8-bit color depth).
A valid Personal Avatar must be publicly accessible through a valid HTTP URL (RFC 1738). This URL must be used to reference the Personal Avatar (see Autodiscovery).
The Personal Avatar must have the correct Content-Type header.
The provider may restrict access to the Personal Avatar. The provider must act accordingly to HTTP, e.g. should response with a 403 HTTP status code, if access is denied. It is recommended to use the keyword "none" of the HTTP-Header X-Pavatar as described in 3.a. to refuse the delivery of the Personal Avatar completely.
The URL of the Personal Avatar must be offered by the provider in one or more of the following ways to the consumer, the use of [3.a]. and [3.b]. is recommended. The consumer must accept all three ways.
If chosen, a reference to a Personal Avatar must be returned with a X-Pavatar HTTP header, for example:
X-Pavatar: http://example.com/path/to/my-own_pavatar.png
The value of the X-Pavatar header must be the absolute URL of the Personal Avatar or the keyword "none".
The server response must not include more than one such header.
If chosen, an HTML or XHTML Personal Avatar enabled page must contain a <link> element. It must have one of the following forms:
HTML
: <link rel="pavatar" href="URL">
XHTML
: <link rel="pavatar" href="URL" />
The URL in the "href" attribute must be a valid and absolute HTTP URL according to RFC 1738 or the keyword "none".
If chosen, there must be a file named "pavatar.png" on the providers server. The URL for this file must conform to the following form. The EBNF keywords used here are similar to the ones used in RFC 1738.
hostport = host [ ":" port ]
hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ]
puri = "http://" hostport *[ "/" hsegment ] "/pavatar.png"
Example in Pseudocode:
- IF the last
hsegmetends with a slash: GOTO 3 - Remove the first
hsegment - Append "pavatar.png" to the result
- IF success (i.e. a 2xx answer to an HEAD request) EXIT(SUCCESS)
- ELSE remove all
hsegments - Append "pavatar.png" to the result
- IF success (i.e. a 2xx answer to an HEAD request) EXIT(SUCCESS)
- EXIT(FAILURE)
The HTTP Header (3.a.) method must have the highest precedence, the Direct URL (3.c) method the lowest.
The implementation should ensure to use as little traffic as possible to deal with Personal Avatars (e.g., use conditional get HTTP headers like If-Modified-Since).
Personal Avatar implementations, given a publisher's website URL, should follow the following steps to find the Personal Avatar URL (obs. if the implementation finds the keyword "none" instead of a valid URL it must abort the autodiscovery because there will be no Personal Avatar at all):
-
Examine the HTTP headers of the response. If there are any
X-Pavatarheaders then the first such header's value should be used as the Personal Avatar resource. Clients must examine the HTTP headers if they are able to. If for some reason the HTTP headers are not available to the implementation then this step may be skipped, however, implementers should be aware that this will reduce the usefulness of their application as link elements cannot be used for resources that are neither HTML nor XHTML, and HTTP headers are defined to override link elements when they differ. -
If there is no
X-PavatarHTTP Header, search the entity body for the first match of the following regular expression:If the regular expression matched, clients must decode the allowed HTML entities (
&for&,<for<,>for>, and"for"). -
If no
X-PavatarHTTP Header and no<link>could be found the implementation shall check first if there is a Personal Avatar in the publisher's website directory. If not, it shall check if there is a Personal Avatar in the publisher's website document root.
The implementation may manipulate the cached Personal Avatar if necessary, e.g. changes in width and height, colors, etc. but it must respect the visual identity of the provider and therefore avoid destructive transformations of the Personal Avatar, such as those that fundamentally alter the content of the image.
The implementation should cache all Personal Avatars it wants to serve. It should not serve them remotely.
The implementation may check regularly for changed Personal Avatars using the information given in the Cache-Control or Expires headers. If the publisher's website doesn't send these headers, it is recommended that it checks weekly for changes.
The implementation should remember URLs for which the autodiscovery didn't find a Personal Avatar and not check them for changes until the provider posts something new.
This chapter is informative. Useragents are not required to implement the properties of this chapter in order to conform to the Personal Avatar specification.
Clients may optimize the search. For example:
- The client may initally only send an HTTP HEAD request in the hope that the header will be found and the content will not have to be fetched.
- Since
<link>elements may only appear in the document's head, clients may abort when the strings</head>or<body>are seen (e.g. if the client reads the content one line at a time). - Since the Personal Avatar links are most likely to appear near the top of the document, clients may abort the search after passing a certain size threshold. Clients may similarly use the HTTP Content-Range header to only fetch the first few kilobytes of the target URI.
The implementation may include an automatic denial-of-publish mechanism if the Personal Avatar is unknown to the system. It may include a notification mechanism in case of an automatic denial-of-publish.