Re: [apps-discuss] Webfinger
"Paul E. Jones" <paulej@packetizer.com> Fri, 16 December 2011 14:35 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF87021F8BA8 for <apps-discuss@ietfa.amsl.com>; Fri, 16 Dec 2011 06:35:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[AWL=-0.711, BAYES_00=-2.599, HTML_MESSAGE=0.001, SARE_GIF_ATTACH=1.42]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aga+wl4ivgLY for <apps-discuss@ietfa.amsl.com>; Fri, 16 Dec 2011 06:34:58 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 25B2721F8BAE for <apps-discuss@ietf.org>; Fri, 16 Dec 2011 06:34:58 -0800 (PST)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id pBGEYoHK031550 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 16 Dec 2011 09:34:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1324046093; bh=CkWTo/F1TBJKykVdIyh+Ewg8gRfrMrqzpOk9Idt/Ql8=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=LGcDWTTP7xkdyGqHZpS4ChA9KqTxcsbSgYE1aZzkP1O70HqvhOlBC4KxZKY47Bdh9 LyTGdSBLC6yeDbCvDxPyEOyo4LBP2uJeY1RFyDDmz00e7YbNl8KRakXahsGHUwR6E4 RtRSkyqfPcAHqGbsaGjpaBLKVpZBiyeomd4oXPrE=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Goix Laurent Walter' <laurentwalter.goix@telecomitalia.it>, 'Eran Hammer-Lahav' <eran@hueniverse.com>, apps-discuss@ietf.org
References: <032101cc9288$e3a06910$aae13b30$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735EDED@P3PW5EX1MB01.EX1.SECURESERVER.NET> <06b001cca865$1d9ccb80$58d66280$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735F00B@P3PW5EX1MB01.EX1.SECURESERVER.NET> <086001cca93b$f455cc90$dd0165b0$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735F0DD@P3PW5EX1MB01.EX1.SECURESERVER.NET> <A09A9E0A4B9C654E8672D1DC003633AE4057006772@GRFMBX704BA020.griffon.local> <08dc01cca948$2e569f30$8b03dd90$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735F10F@P3PW5EX1MB01.EX1.SECURESERVER.NET> <A09A9E0A4B9C654E8672D1DC003633AE405700681D@GRFMBX704BA020.griffon.local>
In-Reply-To: <A09A9E0A4B9C654E8672D1DC003633AE405700681D@GRFMBX704BA020.griffon.local>
Date: Fri, 16 Dec 2011 09:34:37 -0500
Message-ID: <012601ccbbff$d7eaddd0$87c09970$@packetizer.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_0127_01CCBBD5.EF237BD0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/v0XgjFwdy9sXrXmTVWBMa/eIuQJBqnysAgBEW78CHWIk+QIu/EtFAjl3mf8CNMDi1wFjd0NdAUzdR94CBUzCHZRq6xjw
Content-Language: en-us
Cc: 'Joseph Smarr' <jsmarr@google.com>
Subject: Re: [apps-discuss] Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2011 14:35:13 -0000
Walter, Sorry for the very belated reply. Ive been busy :) If we immediately jump to an lrdd resource, then we will miss content that would have been provided by host-meta. Erin wanted the resource parameter passed to host-meta so that we get all of the rels there and those provided by lrdd. Thats an interesting optimization, though it concerns me that we have to means of accessing the same information. Two HTTP queries is certainly less optimal, but then again, most queries to any web site results in many queries that could be optimized. Why not just return everything needed to populate a page when performing a GET /? :) Can we guarantee that all web servers would implement the optimization? If they dont, we still have to issue two queries. Personally, I prefer issuing two queries than having conditional statements in the code to accommodate different behavior. If we introduce the optimization, Id prefer that it be mandatorily supported. I like yours idea of asking for specific rels if the client knows what its after. However, two parameters with the same name is a no-no. So this syntax: resource=acct:xy@example.com&rel=hub&rel=author should be different. For example, we could introduce this syntax: resource=acct:xy@example.com&rels=hub,author This serves to reduce the client-side processing, but increases the server-side processing. If we expected a Webfinger query to return volumes of information, I could see value in reducing the information returned (as a benefit to both the client and server). However, I dont expect that to be the case for Webfinger. I believe distributing the work between the client and server is reasonable and Id suggest that we not have the server parse the list of rels in an effort to offload a bit of client-side processing. For the client, I think the extra work is minimal. For the server, its a minimal amount of sifting multiplied by the number of queries per second it will receive. Paul From: Goix Laurent Walter [mailto:laurentwalter.goix@telecomitalia.it] Sent: Wednesday, November 23, 2011 3:45 AM To: Eran Hammer-Lahav; Paul E. Jones; apps-discuss@ietf.org Cc: 'Joseph Smarr' Subject: R: [apps-discuss] Webfinger All, I am not sure that making the host-meta itself act as a proxy for resource-specific information is the best option. There are probably different use cases we are thinking of: - one is related to a server that wishes to interact with (multiple) users on another server. - another (more unclear to me) is related to a web app directly requesting specific information about a remote user For the first scenario the local server would probably retrieve the remote host-meta once, cache it and then perform queries for each user using the lrdd link template. Also typically this large amount of users may not be known simultaneously, so no need for specifying a list of users (resources) in the same query. However I would assume in most cases the urls/templates for the target rels in the single resource descriptor provided by the remote server may often be along the same pattern. This may call for an easier mechanism for a server to discover/cache not only the lrdd template but the other rels it needs (avatar, profile-page, etc): I can understand this may not always be feasible but at least it would save numerous queries. In the second one the web app typically would ideally like a single request (json) to get a specific info (1 or more rels) about a specific user (resource). This calls for some sort of standard API but I'm not sure it is host-meta responsibility to define it. In principle this would be like standardizing the lrdd endpoint and its parameters ('rel' and 'resource/uri'). Summarizing, what about rethinking the following: 1- standardize (under webfinger) the lrdd endpoint (e.g as .well-known/lrdd[.json]) so that we can save one invocation from a web app 2- enable/suggest this same lrdd endpoint to provide back rels as templates when no specific resource is requested. This may require the definition of additional variables ({}) to refer to the username only for example (in general to give more flexibility to the hosting server), whilst at the same time potentially enabling the requesting server to cache these templates and use them to retrieve user information more easily/frequently Probably in both cases the entity performing the invocation knows already which rels is needs, so filters here may be useful although not a must. Here are some examples: Ø GET /.well-known/lrdd.json?resource=acct:xy@example.com&rel=hub&rel=author HTTP/1.1 { "subject":"acct:xy@example.com", "links":[ { "rel":"hub", "href":"http://example.com/xy/hub", }, { "rel":"author", "href":"http://example.com/xy", }, { "rel":"author", "template":"http://example.com/author?q=acct:xy%40example.com" } ] } Ø GET /.well-known/lrdd?rel=hub&rel=author HTTP/1.1 <?xml version="1.0" encoding="UTF-8"?> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"> <Subject>example.com</Subject> <!-- host name here --> <Link rel="hub" template="http://example.com/{username}/hub <http://example.com/%7busername%7d/hub> "/> <!-- {username} could be defined to refer to that part only of the URI. Works with acct: URI only --> <Link rel="author" template="http://example.com/{username} <http://example.com/%7busername%7d> "/> <Link rel="author" template="http://example.com/author?q={uri} <http://example.com/author?q=%7buri%7d> "/> </XRD> Thoughts? walter Da: Eran Hammer-Lahav [mailto:eran@hueniverse.com] Inviato: martedì 22 novembre 2011 20.10 A: Paul E. Jones; Goix Laurent Walter; apps-discuss@ietf.org Cc: 'Joseph Smarr' Oggetto: RE: [apps-discuss] Webfinger Not exactly. Resource gives all the links for that resource. Rel further reduces the selection. If you need 10, dont use rel, just resource. EHL From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: Tuesday, November 22, 2011 10:55 AM To: 'Goix Laurent Walter'; Eran Hammer-Lahav; apps-discuss@ietf.org Cc: 'Joseph Smarr' Subject: RE: [apps-discuss] Webfinger Walter, Including the resource parameter could remove the need to further process the templates on the client side and to perform a second query for the lrdd XRD/JRD document. If the server implementation does not support the resource parameter, then the client would have to go about it as it would today. I like the idea of reducing complexity on the client, but if resource is optional, then we do not actually reduce the complexity at all. It does potentially reduce the time required to fetch the information by one round-trip to the server. Is that worth it? Perhaps. For most data, there are three queries: 1) host-meta 2) LRDD 3) Actual data sought (e.g., an avatar file) Introducing resource means we do to queries: 1) host-mesa?resource 2) Actual data sought (e.g., an avatar file) That sounds good for a single piece of information. However, if the client needs to perform 10 queries for 10 links found, then that one additional step is little savings. Im on the fence over it. Paul From: Goix Laurent Walter [mailto:laurentwalter.goix@telecomitalia.it] Sent: Tuesday, November 22, 2011 1:42 PM To: Eran Hammer-Lahav; Paul E. Jones; apps-discuss@ietf.org Cc: 'Joseph Smarr' Subject: R: [apps-discuss] Webfinger I guess the discussion is moving from a pure descriptor (which may be static in most cases) to a sort of API, which could have endless parameters. >From the current/original webfinger description, the host-meta would mostly be static, which implies no API-like, and no parameter, but the lrdd link can typically be dynamic/API-like (to support the template mechanism). As such it could easily accommodate some more parameters as well (in a similar flavor than opensearch), e.g. to request specific link rels if we want. What would be the scope of supporting uri parameters when accessing host-meta? Does this intend to save an interaction step? walter Da: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] Per conto di Eran Hammer-Lahav Inviato: martedì 22 novembre 2011 19.33 A: Paul E. Jones; apps-discuss@ietf.org Cc: 'Joseph Smarr' Oggetto: Re: [apps-discuss] Webfinger Yes, it is no longer a template and must be converted to href. As for testing support, just check for Subject. Pretty simple to do. EHL From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: Tuesday, November 22, 2011 9:27 AM To: Eran Hammer-Lahav; apps-discuss@ietf.org Cc: 'Joseph Smarr'; 'Gonzalo Salgueiro'; 'Blaine Cook' Subject: RE: [apps-discuss] Webfinger A couple more questions on (3): Why expand templates like this: { "rel":"author", "template":"http://example.com/author?q=http%3A%2F%2Fexample.com%2Fxy" } The requesting entity could expand the templates. I can appreciate the reasoning for having ?resource query the LRDD URL and return back the ordered list of links, but why have the server modify the discovered templates like the one above? Its no longer a template, really. Should we change template to be href? If a server does not understand ?resource, its likely to simply ignore it. But, if a client expects it to be processed, it will cause confusion. Would it be better to introduce /.well-known/host-meta-resource? If a 404 is returned, then that is a clear indicator to the client. Other suggestions? Paul From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] Sent: Monday, November 21, 2011 9:52 PM To: Paul E. Jones; apps-discuss@ietf.org Cc: 'Joseph Smarr'; 'Gonzalo Salgueiro'; 'Blaine Cook' Subject: RE: [apps-discuss] Webfinger 1. Require the server to offer JRD, leave it to the client to pick one flavor. 2. Host-meta dumps the decision on the applications. You need to decide if WebFinger is an application or just syntactic sugar on top of host-meta. 3. Expand every template in host-meta + level one LRDD links (excluding templates in LRDD). EHL From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: Monday, November 21, 2011 7:49 AM To: Eran Hammer-Lahav; apps-discuss@ietf.org Cc: 'Joseph Smarr'; 'Gonzalo Salgueiro'; 'Blaine Cook' Subject: RE: [apps-discuss] Webfinger Eran, Thanks for your feedback. The editorial, structural, and behavioral items well addressed (including adhering to host-meta section 4.2). Let me ask about specific comments: 1) You want to mandate use of JSON, which we also indicated in the draft. However, I would personally prefer to give both XML and JSON equal weight and require both. 2) You wanted to mandate HTTPS. Im not opposed, but host-meta does not mandate it. Shouldnt we Webfinger requirements on what is there? 3) Regarding resource extension: if I query host-meta, there may be any number of templates. Would we want the server to automatically expand every template it finds? Or would we only expand the lrdd template? (And how many levels of recursion might be possible?) Paul From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] Sent: Saturday, November 19, 2011 10:03 AM To: Paul E. Jones; apps-discuss@ietf.org Cc: Joseph Smarr; Gonzalo Salgueiro; Blaine Cook Subject: RE: [apps-discuss] Webfinger This is a good start. Some feedback and nits: 1. The protocol flow is incorrect and needs to be adjusted based on the final host-meta specification (RFC 6415). Namely, WebFinger must follow section 4.2 exactly as specified. 2. WebFinger should focus exclusively on JSON and mandate WebFinger providers to support the JRD format. This does not preclude using XRD (XML) but it will ensure that every compliant WebFinger implementation provides full JSON support which is much more likely to be adopted. This is something we could not do in host-meta due to the late stage it was in, but this is the right time to make the switch (without taking away any existing functionality). 3. Are there reasons not to mandate HTTPS? 4. Section 3 should be a sub-section of the introduction and each example needs actual JRD code. In addition, I would very much like to see WebFinger extend the host-meta endpoint by defining a resource query parameter. Using the example in RFC 6415 section 1.1.1 (example not properly encoded to make it easier to read): > GET /.well-known/host-meta?resource=http://example.com/xy HTTP/1.1 { "subject":"http://example.com/xy", "properties":{ "http://spec.example.net/color":"red" }, "links":[ { "rel":"hub", "href":"http://example.com/hub", }, { "rel":"hub", "href":"http://example.com/another/hub", }, { "rel":"author", "href":"http://example.com/john", }, { "rel":"author", "template":"http://example.com/author?q=http%3A%2F%2Fexample.com%2Fxy" } ] } The rules for this extension parameter are pretty simple: 1. JSON is implied. If the server understands ?resource it MUST return a JRD document. 2. The subject must be set to the value of the resource parameter. 3. If the server does not support that resource (wrong domain, etc.) it must return an empty JRD with the right subject. 4. The client MUST verify the server supports ?resource by making sure the response is both JRD and has the requested subject (this will ensure full compatibility with any other host-meta endpoint). I would like to see such endpoint extension required for WebFinger so that clients can make a single call and get the full WebFinger result in JSON. This would significantly improve adoption and usability, and adds very little work to providers. EHL From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of Paul E. Jones Sent: Monday, October 24, 2011 1:10 PM To: apps-discuss@ietf.org Cc: Joseph Smarr; Gonzalo Salgueiro Subject: [apps-discuss] Webfinger Folks, We just submitted this: http://www.ietf.org/internet-drafts/draft-jones-appsawg-webfinger-00.txt The tools for Webfinger are now defined, but the procedures need to be clearer with respect to what most of us understand as webfinger. This is just a first stab at making that happen and we hope to progress this to publish an RFC in the application area. We welcome any comments you have on the topic, either privately or publicly. Paul Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. rispetta l'ambienteRispetta l'ambiente. Non stampare questa mail se non è necessario. Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. rispetta l'ambienteRispetta l'ambiente. Non stampare questa mail se non è necessario.
- [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Barry Leiba
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Peter Saint-Andre
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Martin J. Dürst
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Peter Saint-Andre
- Re: [apps-discuss] Webfinger Gonzalo Salgueiro
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Simon Perreault
- Re: [apps-discuss] Webfinger Gonzalo Salgueiro
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Bjoern Hoehrmann
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Paul E. Jones