IETF Logo Mail Archive

Re: [apps-discuss] WebFinger compromises

Joe Gregorio <joe@bitworking.org> Wed, 31 October 2012 16:20 UTC

Return-Path: <joe.gregorio@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5DC21F870F for <apps-discuss@ietfa.amsl.com>; Wed, 31 Oct 2012 09:20:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-8WM-1FTz05 for <apps-discuss@ietfa.amsl.com>; Wed, 31 Oct 2012 09:20:40 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4183021F8668 for <apps-discuss@ietf.org>; Wed, 31 Oct 2012 09:20:39 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id n5so1758786oag.31 for <apps-discuss@ietf.org>; Wed, 31 Oct 2012 09:20:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=yx6myq4dzd5ng5QWHB1KXeBRwV9bE+OVv5DqpJDjAKY=; b=oK6NUn38XUS/ureOe3/XwQjIGCax20fiy7magPksuc53DuMGTLuB+V8oETFDIN9b8u 4lG7iR3aMfzLDWiQ4gRb59pOoTPuVSCRZ6/oZ6h0ZsQXVBlcjsefNR1SqBX8X8P8SYGE alnO+6VZuP3wrctnriWEio7e6ZmF5rtDViufPzgO5r+aUGiC5oRM1DViVExuzQQ7khQ9 P/VMydqAVB7RWTu3I2IbOgHfezRmY5AGmu8GS0DTG04qEPvLKLjE1VRgwgXo5mtqDdrI YlndV20Cu4q/+zQAHU6/ozZ5U2plx9kdnZTKn+WITJfYD8MTi/65TZJWjJS4jABQLGJA 4D+w==
MIME-Version: 1.0
Received: by 10.182.31.13 with SMTP id w13mr31209470obh.29.1351700436211; Wed, 31 Oct 2012 09:20:36 -0700 (PDT)
Sender: joe.gregorio@gmail.com
Received: by 10.76.84.101 with HTTP; Wed, 31 Oct 2012 09:20:36 -0700 (PDT)
In-Reply-To: <50914952.7090100@stpeter.im>
References: <CAAkTpCqcijuj9m6yVgWXeZqrBWLDSbhbsDNfM1JmsmESa307qg@mail.gmail.com> <22D799A3-D79C-47C4-B9B3-3FFD5146B35D@gmail.com> <50914952.7090100@stpeter.im>
Date: Wed, 31 Oct 2012 12:20:36 -0400
X-Google-Sender-Auth: 5p4w-pogE42YRsLimjGsSMIECL0
Message-ID: <CA+-NybUGaaTTRB93eXHHiTVuTn5SERAJVbqvEGVkoBqCEvuQyQ@mail.gmail.com>
From: Joe Gregorio <joe@bitworking.org>
To: webfinger@googlegroups.com
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Thu, 01 Nov 2012 08:03:02 -0700
Cc: public-fedsocweb@w3.org, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [apps-discuss] WebFinger compromises
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2012 16:35:20 -0000

On Wed, Oct 31, 2012 at 11:52 AM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
> [ +cc apps-discuss@ietf.org given that the spec is now an
> Internet-Draft... ]
>
> On 10/31/12 9:48 AM, Dick Hardt wrote:
>> +1 on everything.
>>
>> A simple, easy to understand spec that solves the major use cases
>> released soon is far superior to kitchen sink spec that solves all use
>> cases that is released in a year.
>>
>> JSON only (if that is not obvious, you need to write some code this decade)
>>
>> 1 round trip vs 2 round. Pick one that is simple to implement. Let's not
>> get caught up in optimization. Brad's comments below seem sane (as usual)

Agreed, +1 to everything he said.

  -joe

>>
>> -- Dick
>>
>>
>> On Oct 31, 2012, at 12:45 AM, Brad Fitzpatrick <bradfitz@google.com
>> <mailto:bradfitz@google.com>> wrote:
>>
>>> To everybody who recently saw me rant about WebFinger in person
>>> recently, hello again.
>>>
>>> To everybody else, a brief summary:
>>>
>>> -- I was an early WebFinger evangelist. I remember discussing it at
>>> conferences for years before it sorta became a thing. I think I even
>>> named it?
>>>
>>> -- I added Google's WebFinger support
>>> (https://groups.google.com/group/webfinger/msg/e8df6402708841ea)
>>>
>>> -- I think it's critically important for the Internet to preserve
>>> user@host.com <mailto:user@host.com> hierarchical identifiers before
>>> email gets too passe and we're stuck with single-namespaced walled
>>> gardens.  It's on us to make email-looking identifiers more useful to
>>> compete with all the latest proprietary silo hotness, before the
>>> people of the internet no longer recognize them.
>>>
>>> (trying to establish that I'm a friend here)
>>>
>>> That said,
>>>
>>> -- this is the slowest moving community ever (I accept part of the
>>> blame here)
>>>
>>> -- can we please stop changing things?
>>>
>>> -- JSON, XRD, great, whatever.  But let's just pick one.  If JSON is
>>> now the hotness, let's pick *only* JSON.  Specs that say "X is
>>> required but you can maybe do Y if you want to" just reek of political
>>> compromise to gain a certain party's favor.  Look at OpenID 2.0.  (I
>>> remember being sad about those political moves too, but I had lost the
>>> energy to fight)
>>>
>>> -- My recommendation: just remove all mention of XRD from the latest
>>> WebFinger spec.  Yes, this is counter to my "please stop changing
>>> things" bullet earlier.  But WebFinger has a better chance of success
>>> if it's a simple spec.  And you're not breaking compatibility with
>>> anybody because *nobody uses WebFinger*.
>>>
>>> -- 1 round trip, 2 round trips. Don't really care. 2 round trips keeps
>>> the spec simpler and the 1st will be highly cacheable (Expires:
>>> weeks), so it's 1 round trip in practice, but I won't fight (too much)
>>> *optional* parameters in the 1st request to possibly skip the 2nd
>>> request.  It worries me, though.  I'd rather see that optimization
>>> added in a subsequent version of the spec, so all 1.0 implementations
>>> have then shown that they're capable of performing the base algorithm.
>>>  I worry that too many servers will implement the optimization and
>>> then lazy clients will become pervasive which only do one round trip,
>>> thus making the "optional" optimization now de facto required for
>>> servers.  So I'd really rather drop that from the spec too.  Let's add
>>> it only later, once it's shown to be needed.  As is, clients could
>>> even fire off two HTTP requests in parallel to reduce latency, one for
>>> host-meta and one optimistically for the presumed host-meta location
>>> in cases of big hosts that rarely change, or expired cached host-meta
>>> documents.
>>>
>>> I will continue to fight for Google's WebFinger support, but I'm not
>>> the only one losing patience.
>>>
>>> Everybody please hurry up, simplify, then hurry up.  I'll help however
>>> I can.  I'm not sure whether this was helpful.
>>>
>>> - Brad
>>>
>>> (If any of the above is offensive to my employer, I'm speaking as myself.)
>>>
>>
>
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>



-- 
Joe Gregorio        http://bitworking.org

v2.23.0 | Report a Bug | By Email