IETF Logo Mail Archive

Re: [apps-discuss] The acct: scheme question

Peter Saint-Andre <stpeter@stpeter.im> Mon, 02 July 2012 15:46 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC88321F850B for <apps-discuss@ietfa.amsl.com>; Mon, 2 Jul 2012 08:46:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.97
X-Spam-Level:
X-Spam-Status: No, score=-101.97 tagged_above=-999 required=5 tests=[AWL=-0.421, BAYES_00=-2.599, SARE_TOWRITE=1.05, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22Bbs5UiTPQ6 for <apps-discuss@ietfa.amsl.com>; Mon, 2 Jul 2012 08:46:07 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 353B621F8704 for <apps-discuss@ietf.org>; Mon, 2 Jul 2012 08:46:07 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 576844005A; Mon, 2 Jul 2012 10:04:25 -0600 (MDT)
Message-ID: <4FF1C243.2000008@stpeter.im>
Date: Mon, 02 Jul 2012 09:46:11 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Graham Klyne <GK@ninebynine.org>
References: <9452079D1A51524AA5749AD23E00392812B6B6@exch-mbx901.corp.cloudmark.com> <CAKaEYhKpeayOw4sN4=NYaoXKJQ2e5P+pP8SqJqnt-=Barb=WqA@mail.gmail.com> <4E1F6AAD24975D4BA5B168042967394366568E4F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1340723227.60315.YahooMailNeo@web31801.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366568FF8@TK5EX14MBXC283.redmond.corp.microsoft.com> <043201cd54a5$79f2e170$6dd8a450$@packetizer.com> <CAKaEYhL0NS=RZXTdyOMBM_q15P7D1KZ9kgUyMYYB06kA9f0w8Q@mail.gmail.com> <4FEC3B4F.80607@ninebynine.org> <4FEC8BF0.6070605@stpeter.im> <4FEFBF51.5000905@stpeter.im> <4FF18B9C.4010102@ninebynine.org>
In-Reply-To: <4FF18B9C.4010102@ninebynine.org>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] The acct: scheme question
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2012 15:46:08 -0000

Graham, thank you for the review. Comments inline.

On 7/2/12 5:53 AM, Graham Klyne wrote:
> Pater,
> 
> (comments below)
> 
> On 01/07/2012 04:09, Peter Saint-Andre wrote:
>> On 6/28/12 10:53 AM, Peter Saint-Andre wrote:
>>> On 6/28/12 5:09 AM, Graham Klyne wrote:
>>>> On 28/06/2012 08:28, Melvin Carvalho wrote:
>>>>> Should acct: be rejected, we can simply use mailto: as per SWD.
>>>>> Similarly
>>>>> you could simply use ?acct=user@host as has been suggested.
>>>>
>>>> Since my comments with reviewer hat on have been cited, I feel I should
>>>> summarize my personal feelings about the specification of the acct:
>>>> scheme.
>>>>
>>>> *Reviewer hat OFF*
>>>>
>>>> Roughly, I think the acct: scheme does provide a useful, possibly
>>>> minor,
>>>> purpose that is not served by other URI schemes, and as such it has
>>>> reasonable claim to meet the bar for registering a new scheme.  But I
>>>> think the description of the acct: scheme in the WebFinger document
>>>> does
>>>> a poor job of explaining this; i.e. I think there is a document quality
>>>> issue here around the acct: scheme registration/specification.
>>>>
>>>> I've had private exchanges with one of the document editors, but I
>>>> don't
>>>> think my suggestions have been reflected in the current draft.  In
>>>> summary, what I think is not as clear as it should be in the scheme
>>>> registration includes:
>>>> * what does an acct URI identify
>>>> * how are acct URIs allocated; what's the assignment delegation
>>>> structure?
>>>> * how should an acct: URI be dereferenced?  (e.g. if one were used as a
>>>> link in a web page, how should it be handled?).
>>>>
>>>> I suspect that most of this information can be inferred if one has a
>>>> detailed knowledge of WebFinger protocol, but for an average Joe web
>>>> developer I don't think that's really helpful.
>>>>
>>>> I don't think this is a sufficiently important issue for me to engage
>>>> more actively with the discussion.
>>>
>>> Graham, I think you're right about the fact that these matters are
>>> underspecified. I hereby offer to propose some text, and will do that in
>>> the next few days.
>>
>> I went beyond proposing text and decided to write a standalone I-D:
>>
>> http://datatracker.ietf.org/doc/draft-saintandre-acct-uri/
>>
>> Graham, I think that text answers the questions you posed, hopefully in
>> an accurate way.
> 
> Generally, this is in line with my understanding of the intent of acct:
> scheme.  Paul and/or the WebFinger folks will be better placed to judge.

Indeed. I expect a bit of back-and-forth to harmonize the two documents.

> Some comments:
> 
> 
> == Section 3 ==
> 
> [[
> For example, if a user has an account name of
>    "foobar" on a microblogging service "status.example.net", it can be
>    inferred that the user's 'acct' URI at that provider is
>    acct:foobar@status.example.net even if the provider has not
>    explicitly assigned such a URI.
> ]]
> 
> I might say thus:
> [[
> For example, if a user has an account name of
>    "foobar" on a microblogging service "status.example.net", it
>    is taken as convention that the string "foobar@status.example.net"
>    designates that account.  This is expressed as a URI using the
>    acct: scheme as "acct:foobar@status.example.net".
> ]]
> 
> (The phrasing is intended to take account of the fact that WebFinger
> clients are expected to accept the "foobar@status.example.net" without
> the acct: prefix.)

Yes, I prefer your phrasing. Thank you for proposing text.

> == Section 4.4 ==
> 
> My understanding is that an acct: URI is intended to be dereferenced
> using the WebFinger protocol. 

My understanding is that the WebFinger protocol defines one way for
'acct' URIs to be dereferenced, but that other protocols might also
define such ways in the future. If I am wrong about that and 'acct' is
tightly coupled with WebFinger, then we need to make that clear in the
'acct' URI spec.

> I'm not sure about associated MIME types:
> does WebFinger define any such?

WebFinger reuses the document formats for Extensible Resource Descriptor
(XRD) and JSON Resource Descriptor (JRD). Is it the place of the 'acct'
URI spec to define the media types associated with WebFinger, or only to
say that protocols using 'acct' URIs need to specify if they have
associated media types?

> == Section 4.6 ==
> 
> I'm a little unsure about the phrasing "only the WebFinger protocol uses
> the 'acct' URI scheme", but I can't put my finger on any problem or
> offer better phrasing at this time.

OK.

> == Section 5 ==
> 
> Maybe add:
> [[
> Dereferencing an acct: URI could reveal information about a user's
> account.  As such, care should be taken that personally identifying
> information is not released without appropriate permissions and/or
> credentials.
> ]]

Makes sense. Thanks.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email