Re: [apps-discuss] Looking at Webfinger
"Paul E. Jones" <paulej@packetizer.com> Tue, 28 August 2012 19:17 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECE421F8621 for <apps-discuss@ietfa.amsl.com>; Tue, 28 Aug 2012 12:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.501
X-Spam-Level:
X-Spam-Status: No, score=-2.501 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixS6rZ2ANntK for <apps-discuss@ietfa.amsl.com>; Tue, 28 Aug 2012 12:17:05 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id E0BDA21F8615 for <apps-discuss@ietf.org>; Tue, 28 Aug 2012 12:17:04 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q7SJGxFp010113 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 28 Aug 2012 15:17:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1346181420; bh=TgZvAA+U1Lsvm55nKjUHA6Zo3C66CHqhKzqzVt/sTT8=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=Lvr7FT+u6FKrJyZ10TvlMUafld6vkncDOoKr8kTJdE+HQcmPg7qwqe8rZdJLUSTIq 6Sn0JeQpVfeQkF3bTizqqiZSsAlBQp8PPVvR+9Sblqtz61JEQlF0LZ/3ZWj3HClofP xOFd74/8/JoNsW2DTKOSsLEdRl7SeN0tE0CeWVKc=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'George Fletcher' <gffletch@aol.com>, 'Mark Nottingham' <mnot@mnot.net>
References: <F80C8C9C-7AB8-4B7E-BFD2-4D69499D21A1@mnot.net> <4E1F6AAD24975D4BA5B168042967394366574F93@TK5EX14MBXC283.redmond.corp.microsoft.com> <CABP7RbfNXx8HtsRBcVf=AVaDTyg=xQYHWAyCkHWx1n+JBQ8=Zw@mail.gmail.com> <CAMm+Lwg20rfr=P66=vZadL8Ga5KDXmfizZE5v6dXiZMTvZKY=Q@mail.gmail.com> <44C43601-A355-44B7-8C8E-1F435E4E567A@ve7jtb.com> <CAMm+LwgM57++oqE-5meECxE0S=kU2kVHJLumyDSBciJ13QvuoA@mail.gmail.com> <CABP7RbctkibSKr6r_Ay34z4Wr67tU6qG5G5gLCZovGx_hWYHYQ@mail.gmail.com> <DF4591C5-A5AE-4D2A-BB3A-FF4DAFBBD98A@ve7jtb.com> <CABP7RbefS9Sy2m0GsiSx2VZopf78DhqU1fjfsDn5z926Q_--GA@mail.gmail.com> <CAJu8rwUeAKEtAS-g6X3xJqyu-Xy6yQnfdeNj3mGC__D3zijwzA@mail.gmail.com> <35550AA9-E003-4917-B08C-93CB6CC2CB07@mnot.net> <CAJu8rwWKa7ehr+k=zDWD=OMzPTEt56inPW0tvZaNUmdcL3ygoQ@mail.gmail.com> <503CDF26.8050000@aol.com>
In-Reply-To: <503CDF26.8050000@aol.com>
Date: Tue, 28 Aug 2012 15:17:19 -0400
Message-ID: <02a301cd8551$be7ab390$3b701ab0$@packetizer.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02A4_01CD8530.376A2500"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFb3Wt68HpLZ7ZyHnoKMrZHlzcyBQH14U4xAZ6Br/cCWNrQtwIOUYf2AgMXr+8B4HmqlgGhGIVxAUAhVLECgOqLOADUaqV0Ain7f7cBffnLSZek+Euw
Content-Language: en-us
Cc: 'IETF Apps Discuss' <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Looking at Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 19:17:08 -0000
George, I believe it might be useful to introduce those who break your WebFinger server to Louisville Slugger. :) Your pain is understood, but I do not see a way to avoid it. We could introduce something in DNS, but that would also present challenges. No matter where we "root" the discovery process, there is a potential somebody could break it. It could be rooted somewhere other than the root of the domain (e.g., webfinger.example.com), but we either need to decide in advance of such a location or introduce a way to discovery the discovery resources. Do you have a suggestion that would make this less likely to be broken? Paul From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of George Fletcher Sent: Tuesday, August 28, 2012 11:09 AM To: Mark Nottingham Cc: IETF Apps Discuss Subject: Re: [apps-discuss] Looking at Webfinger Way "late to the party" but I can speak from experience that deployment can be a real issue in some environments. It's all really straight forward in a small company or an environment where the identity team "owns" the root domain (e.g. example.com). However, if an entire other group in a large organization "owns" the root domain (home page for the site) and the identity team then needs to get them to make changes, the deployment solution gets brittle pretty quick. I've had our webfinger support broken at least twice because the "other" team didn't know that certain configs were required:) Also, installing the "dynamic pluming" can be more problematic is these cases. It is possible to get apache rewrite rules or netscaler magic in place to make it work, it's just a more brittle deployment architecture. Thanks, George On 7/4/12 6:58 PM, John Panzer wrote: Mark -- Of course I was speaking about practical realities of typical web server administration and deployment. In practical terms, adding a new mod_rewrite rule or moral equivalent is going to be easier than adding a new PHP script that connects to a database. The latter is just always going to be a much higher bar. And, something that returns per-user data is generally going to need a dynamic service of some kind, unless your site has just a handful of users and you don't mind going through a publishing exercise each time you add or change a user... None of this has anything to do with the interface, just deployment realities. And in reality all of this is going to need a dynamic service somewhere for each non-trivial site, this is all just a question of how to hook it up. -- John Panzer / Google jpanzer@google.com / abstractioneer.org <http://www.abstractioneer.org/> / @jpanzer On Wed, Jul 4, 2012 at 3:36 PM, Mark Nottingham <mnot@mnot.net> wrote: On 05/07/2012, at 8:16 AM, John Panzer wrote: > Just as a historical note. The envisioned usage of host-meta was originally to avoid a specification which mandated a particular dynamic URL API at a particular /.well-known endpoint (because it may not be feasible to do that across all organizations and deployments). The host-meta document itself would be highly cacheable and so wouldn't incur an additional network trip in the common case. > > Having a 3xx redirect is a reasonable alternative that allows a similar escape hatch via something like mod_rewrite, albeit at the cost of needing an additional network trip each time. Since a deployment can always avoid the 3xx redirect with additional dynamic plumbing behind the well-known endpoint, I don't think that's a horrible thing. > > An application-level redirect would be almost equivalent to an HTTP redirect, but then there are two ways to do the same thing. If _only_ an application-level redirect is allowed, then you have to have at least a minimal dynamic service at the well-known endpoint (no more mod_rewrite). But the whole reason for this is to avoid the requirement for a dynamic service behind well-known... "dynamic" and "static" are properties of the implementation, not the interface. HTTP doesn't require that any particular URL be "dynamic"; anything can, with the right metadata, be cached (and indeed, I've cached many, many things with the wrong metadata, because of silly site operators and their ideas about "dynamic"). Now, if people want to target a particular implementation that makes it easier to serve a particular style of URL without writing code, fine, but let's not confuse things. E.g., a URL like http://example.com/.well-known/user/bob is easy to serve in pretty much any way you like with Apache. I'm also going to push back on the "it may not be feasible to do that across all organizations and deployments" motivation. This is a race to the bottom. The trick is to make it accessible enough to get sufficient traction to pull everyone along, without pandering to *everyone*'s requirements. Regards, -- Mark Nottingham http://www.mnot.net/ _______________________________________________ apps-discuss mailing list apps-discuss@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss
- [apps-discuss] Looking at Webfinger Mark Nottingham
- Re: [apps-discuss] Looking at Webfinger Mike Jones
- Re: [apps-discuss] Looking at Webfinger Mark Nottingham
- Re: [apps-discuss] Looking at Webfinger William Mills
- Re: [apps-discuss] Looking at Webfinger Melvin Carvalho
- Re: [apps-discuss] Looking at Webfinger Michiel de Jong
- Re: [apps-discuss] Looking at Webfinger George Fletcher
- Re: [apps-discuss] Looking at Webfinger Phillip Hallam-Baker
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Peter Saint-Andre
- [apps-discuss] the need for acct (was: Re: Lookin… Peter Saint-Andre
- Re: [apps-discuss] Looking at Webfinger Julian Reschke
- Re: [apps-discuss] the need for acct (was: Re: Lo… Phillip Hallam-Baker
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] the need for acct (was: Re: Lo… William Mills
- Re: [apps-discuss] Looking at Webfinger Barry Leiba
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger James M Snell
- Re: [apps-discuss] Looking at Webfinger Phillip Hallam-Baker
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Phillip Hallam-Baker
- Re: [apps-discuss] Looking at Webfinger Murray S. Kucherawy
- Re: [apps-discuss] Looking at Webfinger Melvin Carvalho
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger James M Snell
- Re: [apps-discuss] Looking at Webfinger William Mills
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger James M Snell
- Re: [apps-discuss] Looking at Webfinger John Panzer
- Re: [apps-discuss] Looking at Webfinger Mark Nottingham
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger John Panzer
- Re: [apps-discuss] Looking at Webfinger Martin J. Dürst
- Re: [apps-discuss] the need for acct (was: Re: Lo… Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger Melvin Carvalho
- Re: [apps-discuss] Looking at Webfinger Phillip Hallam-Baker
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- [apps-discuss] R: the need for acct (was: Re: Loo… Goix Laurent Walter
- Re: [apps-discuss] Looking at Webfinger George Fletcher
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger George Fletcher
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger John Panzer
- Re: [apps-discuss] Looking at Webfinger William Mills
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger Patrik Fältström
- Re: [apps-discuss] Looking at Webfinger William Mills
- Re: [apps-discuss] Looking at Webfinger Patrik Fältström
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Patrik Fältström
- Re: [apps-discuss] Looking at Webfinger James M Snell
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Bob Wyman
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Nat Sakimura
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger John Bradley
- Re: [apps-discuss] Looking at Webfinger Paul E. Jones
- Re: [apps-discuss] Looking at Webfinger Salvatore Loreto