Re: [apps-discuss] Webfinger
"Paul E. Jones" <paulej@packetizer.com> Tue, 22 November 2011 17:27 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1325F21F8C49 for <apps-discuss@ietfa.amsl.com>; Tue, 22 Nov 2011 09:27:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.52
X-Spam-Level:
X-Spam-Status: No, score=-2.52 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQPixiv6jZDQ for <apps-discuss@ietfa.amsl.com>; Tue, 22 Nov 2011 09:27:32 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 51F4D21F8C44 for <apps-discuss@ietf.org>; Tue, 22 Nov 2011 09:27:32 -0800 (PST)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id pAMHR7fF012200 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 22 Nov 2011 12:27:09 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1321982830; bh=sEZncZoCJvN2SFFPakGXW0G0BS25xCK4A2K6rIe4jDw=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=FjVWshPPm6NTdj6HZSw7PpM3rRUOQEh9al82TF7yVy5fREMJMglOIe24g/kHIxu3p bbMlyxez4Pb+XZtIlIDi4vyD0J1aHt+Ngq/Pbf0vtVz68E40vn/DKP2P3qqU7y4VMZ wdBT/UwXEiG4UiNWMA6AFzfaeaJAjiBBCQswT67g=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Eran Hammer-Lahav' <eran@hueniverse.com>, apps-discuss@ietf.org
References: <032101cc9288$e3a06910$aae13b30$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735EDED@P3PW5EX1MB01.EX1.SECURESERVER.NET> <06b001cca865$1d9ccb80$58d66280$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735F00B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E7234526735F00B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Tue, 22 Nov 2011 12:27:03 -0500
Message-ID: <086001cca93b$f455cc90$dd0165b0$@packetizer.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0861_01CCA912.0B843160"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/v0XgjFwdy9sXrXmTVWBMa/eIuQJBqnysAgBEW78CHWIk+ZSf7Bkw
Content-Language: en-us
Cc: 'Joseph Smarr' <jsmarr@google.com>
Subject: Re: [apps-discuss] Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2011 17:27:36 -0000
A couple more questions on (3): Why expand templates like this: { "rel":"author", "template":"http://example.com/author?q=http%3A%2F%2Fexample.com%2Fxy" } The requesting entity could expand the templates. I can appreciate the reasoning for having "?resource" query the LRDD URL and return back the ordered list of links, but why have the server modify the discovered templates like the one above? It's no longer a template, really. Should we change "template" to be "href"? If a server does not understand "?resource", it's likely to simply ignore it. But, if a client expects it to be processed, it will cause confusion. Would it be better to introduce /.well-known/host-meta-resource? If a 404 is returned, then that is a clear indicator to the client. Other suggestions? Paul From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] Sent: Monday, November 21, 2011 9:52 PM To: Paul E. Jones; apps-discuss@ietf.org Cc: 'Joseph Smarr'; 'Gonzalo Salgueiro'; 'Blaine Cook' Subject: RE: [apps-discuss] Webfinger 1. Require the server to offer JRD, leave it to the client to pick one flavor. 2. Host-meta dumps the decision on the applications. You need to decide if WebFinger is an application or just syntactic sugar on top of host-meta. 3. Expand every template in host-meta + level one LRDD links (excluding templates in LRDD). EHL From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: Monday, November 21, 2011 7:49 AM To: Eran Hammer-Lahav; apps-discuss@ietf.org Cc: 'Joseph Smarr'; 'Gonzalo Salgueiro'; 'Blaine Cook' Subject: RE: [apps-discuss] Webfinger Eran, Thanks for your feedback. The editorial, structural, and behavioral items we'll addressed (including adhering to host-meta section 4.2). Let me ask about specific comments: 1) You want to mandate use of JSON, which we also indicated in the draft. However, I would personally prefer to give both XML and JSON equal weight and require both. 2) You wanted to mandate HTTPS. I'm not opposed, but host-meta does not mandate it. Shouldn't we Webfinger requirements on what is there? 3) Regarding "resource" extension: if I query host-meta, there may be any number of templates. Would we want the server to automatically expand every template it finds? Or would we only expand the 'lrdd' template? (And how many levels of recursion might be possible?) Paul From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] Sent: Saturday, November 19, 2011 10:03 AM To: Paul E. Jones; apps-discuss@ietf.org Cc: Joseph Smarr; Gonzalo Salgueiro; Blaine Cook Subject: RE: [apps-discuss] Webfinger This is a good start. Some feedback and nits: 1. The protocol flow is incorrect and needs to be adjusted based on the final host-meta specification (RFC 6415). Namely, WebFinger must follow section 4.2 exactly as specified. 2. WebFinger should focus exclusively on JSON and mandate WebFinger providers to support the JRD format. This does not preclude using XRD (XML) but it will ensure that every compliant WebFinger implementation provides full JSON support which is much more likely to be adopted. This is something we could not do in host-meta due to the late stage it was in, but this is the right time to make the switch (without taking away any existing functionality). 3. Are there reasons not to mandate HTTPS? 4. Section 3 should be a sub-section of the introduction and each example needs actual JRD code. In addition, I would very much like to see WebFinger extend the host-meta endpoint by defining a 'resource' query parameter. Using the example in RFC 6415 section 1.1.1 (example not properly encoded to make it easier to read): > GET /.well-known/host-meta?resource=http://example.com/xy HTTP/1.1 { "subject":"http://example.com/xy", "properties":{ "http://spec.example.net/color":"red" }, "links":[ { "rel":"hub", "href":"http://example.com/hub", }, { "rel":"hub", "href":"http://example.com/another/hub", }, { "rel":"author", "href":"http://example.com/john", }, { "rel":"author", "template":"http://example.com/author?q=http%3A%2F%2Fexample.com%2Fxy" } ] } The rules for this extension parameter are pretty simple: 1. JSON is implied. If the server understands '?resource' it MUST return a JRD document. 2. The subject must be set to the value of the 'resource' parameter. 3. If the server does not support that resource (wrong domain, etc.) it must return an empty JRD with the right subject. 4. The client MUST verify the server supports '?resource' by making sure the response is both JRD and has the requested subject (this will ensure full compatibility with any other host-meta endpoint). I would like to see such endpoint extension required for WebFinger so that clients can make a single call and get the full WebFinger result in JSON. This would significantly improve adoption and usability, and adds very little work to providers. EHL From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of Paul E. Jones Sent: Monday, October 24, 2011 1:10 PM To: apps-discuss@ietf.org Cc: Joseph Smarr; Gonzalo Salgueiro Subject: [apps-discuss] Webfinger Folks, We just submitted this: http://www.ietf.org/internet-drafts/draft-jones-appsawg-webfinger-00.txt The tools for Webfinger are now defined, but the procedures need to be clearer with respect to what most of us understand as "webfinger". This is just a first stab at making that happen and we hope to progress this to publish an RFC in the application area. We welcome any comments you have on the topic, either privately or publicly. Paul
- [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Barry Leiba
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Peter Saint-Andre
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Martin J. Dürst
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Peter Saint-Andre
- Re: [apps-discuss] Webfinger Gonzalo Salgueiro
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Blaine Cook
- Re: [apps-discuss] Webfinger Simon Perreault
- Re: [apps-discuss] Webfinger Gonzalo Salgueiro
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Paul E. Jones
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- Re: [apps-discuss] Webfinger Eran Hammer-Lahav
- [apps-discuss] R: Webfinger Goix Laurent Walter
- Re: [apps-discuss] Webfinger Bjoern Hoehrmann
- Re: [apps-discuss] Webfinger Mykyta Yevstifeyev (М. Євстіфеєв)
- Re: [apps-discuss] Webfinger Paul E. Jones