IETF Logo Mail Archive

Re: [apps-discuss] Webfinger

"Paul E. Jones" <paulej@packetizer.com> Mon, 21 November 2011 15:49 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DA3211E80B6 for <apps-discuss@ietfa.amsl.com>; Mon, 21 Nov 2011 07:49:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.515
X-Spam-Level:
X-Spam-Status: No, score=-2.515 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DG1yIERGqSkU for <apps-discuss@ietfa.amsl.com>; Mon, 21 Nov 2011 07:49:20 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE0611E80B0 for <apps-discuss@ietf.org>; Mon, 21 Nov 2011 07:49:20 -0800 (PST)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id pALFnCT9027400 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 21 Nov 2011 10:49:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1321890555; bh=X25JpWQiW7Pzd/ID4H+IUPGFMIFfMB/RZ2UMkFuArZ4=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=gUi0oZ8ldiv8PL46J0hCXGAMvz4PDRKkOiJY4ADMMpGjwYZnGGBDK63ed2ZzJZ+Ie IqmJZU4VlyyECMRgF3N4o28LUdRJ/zx8IqLOD0GMQLEGvXTO+hE64cLJkJoAxoYA9e IGBp4ZqX5VahfUp0ADiR3SbFe8jmsbHNor+3vh6A=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Eran Hammer-Lahav' <eran@hueniverse.com>, apps-discuss@ietf.org
References: <032101cc9288$e3a06910$aae13b30$@packetizer.com> <90C41DD21FB7C64BB94121FBBC2E7234526735EDED@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E7234526735EDED@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 21 Nov 2011 10:49:10 -0500
Message-ID: <06b001cca865$1d9ccb80$58d66280$@packetizer.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_06B1_01CCA83B.34C9D0C0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/v0XgjFwdy9sXrXmTVWBMa/eIuQJBqnyslL87CjA=
Content-Language: en-us
Cc: 'Joseph Smarr' <jsmarr@google.com>
Subject: Re: [apps-discuss] Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2011 15:49:25 -0000

Eran,

 

Thanks for your feedback.  The editorial, structural, and behavioral items
we'll addressed (including adhering to host-meta section 4.2).

 

Let me ask about specific comments:

 

1)      You want to mandate use of JSON, which we also indicated in the
draft.  However, I would personally prefer to give both XML and JSON equal
weight and require both.

2)      You wanted to mandate HTTPS. I'm not opposed, but host-meta does not
mandate it.  Shouldn't we Webfinger requirements on what is there?

3)      Regarding "resource" extension: if I query host-meta, there may be
any number of templates.  Would we want the server to automatically expand
every template it finds?  Or would we only expand the 'lrdd' template?  (And
how many levels of recursion might be possible?)

 

Paul

 

From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] 
Sent: Saturday, November 19, 2011 10:03 AM
To: Paul E. Jones; apps-discuss@ietf.org
Cc: Joseph Smarr; Gonzalo Salgueiro; Blaine Cook
Subject: RE: [apps-discuss] Webfinger

 

This is a good start. Some feedback and nits:

 

1.       The protocol flow is incorrect and needs to be adjusted based on
the final host-meta specification (RFC 6415). Namely, WebFinger must follow
section 4.2 exactly as specified.

2.       WebFinger should focus exclusively on JSON and mandate WebFinger
providers to support the JRD format. This does not preclude using XRD (XML)
but it will ensure that every compliant WebFinger implementation provides
full JSON support which is much more likely to be adopted. This is something
we could not do in host-meta due to the late stage it was in, but this is
the right time to make the switch (without taking away any existing
functionality).

3.       Are there reasons not to mandate HTTPS?

4.       Section 3 should be a sub-section of the introduction and each
example needs actual JRD code.

 

In addition, I would very much like to see WebFinger extend the host-meta
endpoint by defining a 'resource' query parameter. Using the example in RFC
6415 section 1.1.1 (example not properly encoded to make it easier to read):

 

> GET /.well-known/host-meta?resource=http://example.com/xy HTTP/1.1

 

   {

      "subject":"http://example.com/xy",

 

      "properties":{

        "http://spec.example.net/color":"red"

      },

 

      "links":[

        {

          "rel":"hub",

          "href":"http://example.com/hub",

        },

        {

          "rel":"hub",

          "href":"http://example.com/another/hub",

        },

        {

          "rel":"author",

          "href":"http://example.com/john",

        },

        {

          "rel":"author",

 
"template":"http://example.com/author?q=http%3A%2F%2Fexample.com%2Fxy"

        }

      ]

    }

 

The rules for this extension parameter are pretty simple:

 

1.       JSON is implied. If the server understands '?resource' it MUST
return a JRD document.

2.       The subject must be set to the value of the 'resource' parameter.

3.       If the server does not support that resource (wrong domain, etc.)
it must return an empty JRD with the right subject.

4.       The client MUST verify the server supports '?resource' by making
sure the response is both JRD and has the requested subject (this will
ensure full compatibility with any other host-meta endpoint).

 

I would like to see such endpoint extension required for WebFinger so that
clients can make a single call and get the full WebFinger result in JSON.
This would significantly improve adoption and usability, and adds very
little work to providers.

 

EHL

 

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Paul E. Jones
Sent: Monday, October 24, 2011 1:10 PM
To: apps-discuss@ietf.org
Cc: Joseph Smarr; Gonzalo Salgueiro
Subject: [apps-discuss] Webfinger

 

Folks,

 

We just submitted this:

http://www.ietf.org/internet-drafts/draft-jones-appsawg-webfinger-00.txt

 

The tools for Webfinger are now defined, but the procedures need to be
clearer with respect to what most of us understand as "webfinger".  This is
just a first stab at making that happen and we hope to progress this to
publish an RFC in the application area.

 

We welcome any comments you have on the topic, either privately or publicly.

 

Paul

v2.23.0 | Report a Bug | By Email