Re: [apps-discuss] An alteration to the WebFinger Spec
Brad Fitzpatrick <bradfitz@google.com> Thu, 01 November 2012 14:43 UTC
Return-Path: <bradfitz@google.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B040A21F8AC9 for <apps-discuss@ietfa.amsl.com>; Thu, 1 Nov 2012 07:43:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.29
X-Spam-Level:
X-Spam-Status: No, score=-102.29 tagged_above=-999 required=5 tests=[AWL=0.686, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9BbNr6rUCB5 for <apps-discuss@ietfa.amsl.com>; Thu, 1 Nov 2012 07:43:47 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9D42321F8AAF for <apps-discuss@ietf.org>; Thu, 1 Nov 2012 07:43:47 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id n5so2831619oag.31 for <apps-discuss@ietf.org>; Thu, 01 Nov 2012 07:43:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=dSjP5ATvBD979Ks8+i15YKAAOVgx+vkhmp5Ws/SkY5o=; b=Jomr6Jf86qCPYJYndDomxpo7Z9NX9M1z1/bhK/+Lx50fYYVAthkSib0DcIC+3KrPvY QX/GtM2Rtl2rDzSeLPVMEgz9Dq5v1jsNI98elPU1+Tu3LzhnNB+P655gSHdqsp6Hrt3e IxarvsEfsbrUn74CmZzq8OPq3Pt7hD+TsP1xgzzJ+MGjEdoafwwUTJ1+h5Vsr5txo+cC ecvJUe33kmlx6JJlwIXESOuwL9+yhwuhlnO52Anclf6E9rEZ9LHNHVkuilgvS3PqXxrv izXH6mLMksyaT+QxJoFgzlfNCOmAuLGZOvKjzIw2Y0O69AdkHQ8g1JP5qlas0VSuhfC4 jpiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=dSjP5ATvBD979Ks8+i15YKAAOVgx+vkhmp5Ws/SkY5o=; b=HK4p1KlRhgQtuyThWdpN3xlBYEBK41kIl+kZaj5AFAldDy6X1R5UW3CrNVn3NHuVAD 12FzX/R5kepK/OIhVN8aWyUrrXjX9j7EVlDYtr0jUTxRnB/AXCZPQe/S+/UkBufd9hWO IagLlagZvDADL1NVc5qYKaqA7SrouEyf8DnsSg4E/Y9zLy7777dybJsEqlw/7BCCeW9m 5z+H9nniwXgc+gkoa+WonPaCTjtGpSTJ99SOqZwNaVwI1QbOmp9C+Q/NIu7t+z45vVeJ CRyX1fw2WyNjfO1rxGhfpsCI9S/Ek3hVEWA7iH6CZaoNp7A+1La3esufMOf+UN/i8hak KSyA==
MIME-Version: 1.0
Received: by 10.60.169.20 with SMTP id aa20mr35369969oec.105.1351781027076; Thu, 01 Nov 2012 07:43:47 -0700 (PDT)
Received: by 10.60.31.41 with HTTP; Thu, 1 Nov 2012 07:43:47 -0700 (PDT)
In-Reply-To: <011a01cdb7fb$bca72f80$35f58e80$@packetizer.com>
References: <011a01cdb7fb$bca72f80$35f58e80$@packetizer.com>
Date: Thu, 01 Nov 2012 15:43:47 +0100
Message-ID: <CAAkTpCr3XxWE2Cm3usWksKEyZwxn9n6zDW90ELJMN4wpjcTphA@mail.gmail.com>
From: Brad Fitzpatrick <bradfitz@google.com>
To: webfinger@googlegroups.com
Content-Type: multipart/alternative; boundary="bcaec54d49a6eedb6904cd700bfa"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnKPXS3Ju3X04mTLe1ZoJZeb/xx4DikOwyZErTJgsRp4lgDhh57pCDLjdpIn9Wzi/EVugezPXBPH2K0LBgXT/bYHp2lzGF7rXfBQRLBnEHPCCrUCS6Hf86DOiEjY5DWMwo6JyqCbuIzM7Y1vfzLiKLYU0l+X0jriGi6MrhL9WL3mc2SZtuFtEMTwk48U++TGFh1DyUF
X-Mailman-Approved-At: Thu, 01 Nov 2012 08:02:20 -0700
Cc: public-fedsocweb@w3.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] An alteration to the WebFinger Spec
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 14:43:48 -0000
On Thu, Nov 1, 2012 at 7:40 AM, Paul E. Jones <paulej@packetizer.com> wrote: > Folks,**** > > ** ** > > Here’s a proposal that some might find acceptable and others will probably > love. It’s just a proposal, so no bazookas, please, from those who will > find it troubling ;-)**** > > ** ** > > > http://hive.packetizer.com/users/paulej/internet-drafts/draft-ietf-appsawg-webfinger-03-ALT.txt > Much nicer! > **** > > ** What I did with this text is the following: > > ** > > **· **Included all of the current -03 text (not yet published, > but text folks proposed on the list)**** > > **· **Removed every reference to XML and XRD**** > > **· **Stated that the default format for > /.well-known/host-meta.json is JRD**** > > **· **Stated that the default format for /.well-known/host-meta > is implementation-dependent, so clients MUST use the Accept header to > explicitly request the desired representation when using that resource > (this is key to backward/forward compatibility and proper use of HTTP and > Accept)**** > > **· **Removed the “account link relation” section**** > > **· **Removed the interop considerations section, since some feel > there is no need and I think requiring use of “Accept” on host-meta will > address any interop concerns**** > > **· **Removed the XML appendix that gave some people heartburn**** > > ** ** > > This shaved off 6 pages of text, I think will still give us > backward-compatibility for those who have asked for it, but more clearly > positions JSON / JRD as the only format developers need to worry with.**** > > ** ** > > Tell me what you think. > Some notes I took while reading: * Delete the whole section "4.2. Simplifying the Login Process". As much as I loves me some OpenID, it's out of place in this document. * WebFinger, being JSON-only, should only document /.well-known/host-meta.json as part of the client's discovery process, not /.well-known/host-meta. Status.net and whoever else can continue to serve webfinger for compatibility at /.well-known/host-meta if they'd like to support all of RFC 6415. But WebFinger doesn't need to include docs on supporting all of RFC 6415. It should be possible to write a server which is WebServer compliant without being 6415 compliant. * Section 5.2: ditch the rel=, resource= parameters from host-meta.json. It's a HOST meta, not a RESOURCE meta. It's being morphed into an all-encompassing endpoint. If you really want this, DO NOT REUSE host-meta and just use /.well-known/webfinger-query. But I am not proposing that. I'm just saying that would be more sane than tacking random crap onto host-meta. * Section 6. MUST support CORS, but MAY exclude the header. What? SHOULD probably. * Section 8.1: "When a query is issued host-meta" ... "pointing to the location of the hosted WebFinger service URL" host-meta is its own thing. You are assuming that host-meta means WebFinger. I might have more minor feedback later, but the above is most of it.
- [apps-discuss] An alteration to the WebFinger Spec Paul E. Jones
- Re: [apps-discuss] An alteration to the WebFinger… Brad Fitzpatrick
- Re: [apps-discuss] An alteration to the WebFinger… Mike Jones
- Re: [apps-discuss] An alteration to the WebFinger… Paul E. Jones