Re: [apps-discuss] Aggregated service discovery
Michiel de Jong <michiel@unhosted.org> Wed, 23 May 2012 10:33 UTC
Return-Path: <michiel@unhosted.org>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BFC421F863F for <apps-discuss@ietfa.amsl.com>; Wed, 23 May 2012 03:33:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qgxs2whMM2x6 for <apps-discuss@ietfa.amsl.com>; Wed, 23 May 2012 03:33:35 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE3121F8613 for <apps-discuss@ietf.org>; Wed, 23 May 2012 03:33:35 -0700 (PDT)
Received: by dacx6 with SMTP id x6so9779345dac.31 for <apps-discuss@ietf.org>; Wed, 23 May 2012 03:33:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=JgMDogROquzav5WSz3ZaMKKGw8rn7NGS+mlLWezQQmY=; b=UwCFQTW/YYCjjKe/8bRDVUD6KBdtJJ15nlYg+m07RNGeOC3dB0wVLSamRRtDTS6bGL KpD5f2sEV4c/M4LGgkbAUEnsGwVMAnJXAYuwWM1HpiwOdY4Hi6FfZXsEP7Bs161ooQqW CVSEoO0FwjDufjbwnEJ4seQuhqAStiDXdbH3Ojz65vP4vPR4fPUJXQ2O+VhKlv8rkB4A 3eVtxLtz2JxHFWDpYlCjnWBReXpn17WzkzskRUF5tBF/PeIesg0ZaiT13CgYDlqbxhKG 6GXV9i7wgsElxsoChLd3DvzDmooO2meHp5Gu4TNVcNKdw7hAqBiX/4IiZoD1GcBXob7F tafA==
MIME-Version: 1.0
Received: by 10.68.217.233 with SMTP id pb9mr9120260pbc.59.1337769214767; Wed, 23 May 2012 03:33:34 -0700 (PDT)
Received: by 10.68.57.102 with HTTP; Wed, 23 May 2012 03:33:34 -0700 (PDT)
X-Originating-IP: [89.160.184.192]
In-Reply-To: <22873D37-8462-48AE-ABA0-49445776E4CC@mnot.net>
References: <64C6DF43A866F40437AF4CC3@cyrus.local> <22873D37-8462-48AE-ABA0-49445776E4CC@mnot.net>
Date: Wed, 23 May 2012 10:33:34 +0000
Message-ID: <CA+aD3u1x3_qVSFnxfV_iesruVy9xUi_t6kzCoAncr_kAuNkfZg@mail.gmail.com>
From: Michiel de Jong <michiel@unhosted.org>
To: Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQkPlY5RrxNZeAUCe/Whwk2mSK/qmynFpfGKYAjYQejAAVM3H3MxLPrroIczZLg7D6FSz98F
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Aggregated service discovery
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 10:33:35 -0000
IMO, webfinger/swd is the way to go. they are currently being merged into one. All discovery paths should use webfinger/swd as the first step, and then do other stuff (including requiring credentials) in documents linked from there. There are cases where a service is specific to a domain, but not to a user, but I think they should still also be announced from the same first starting point (which is /.well-known/host-meta). how to deal with private information (meant only for the user themselves), is not very well documented. the webfinger/swd spec basically leaves it out of scope. Basically what you would do IMO is, for a user "<user>@<host>", announce a first starting point at https://<host>/.well-known/host-meta, and then use "follow your nose" to discover everything else. That includes discovering the home-pages of any domain-specific APIs, as well as caldav, BrowserID, OpenID, ActivityStreams, foaf, PoCo, remoteStorage, email addresses, avatars, and everything else. The first starting point should be available without credentials, publicly, and with CORS headers on there. Then as you follow the links to all these services, you will find barriers where maybe a bearer token or a client-side certificate or something else is needed to retrieve the next bit of information. But the first starting point should always be public, on /.well-known/host-meta and with CORS headers on there. Even if it's just to say "nothing to see here unless you can give me credentials of type X" (IMO, OAuth end-point discovery can itself serve here as a syntax for expressing that, although i think announcing credentials-requirements is still a relatively under-explored part of discovery best practices). Cheers! Michiel
- [apps-discuss] Aggregated service discovery Cyrus Daboo
- Re: [apps-discuss] Aggregated service discovery Alessandro Vesely
- Re: [apps-discuss] Aggregated service discovery Mark Nottingham
- Re: [apps-discuss] Aggregated service discovery Michiel de Jong
- Re: [apps-discuss] Aggregated service discovery Cyrus Daboo
- Re: [apps-discuss] Aggregated service discovery Graham Klyne
- Re: [apps-discuss] Aggregated service discovery Cyrus Daboo
- Re: [apps-discuss] Aggregated service discovery Mark Nottingham
- Re: [apps-discuss] Aggregated service discovery Andrew McMillan
- Re: [apps-discuss] Aggregated service discovery Michiel de Jong
- Re: [apps-discuss] Aggregated service discovery Michiel de Jong
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- Re: [apps-discuss] Aggregated service discovery Peter Saint-Andre
- Re: [apps-discuss] Aggregated service discovery Andrew McMillan
- Re: [apps-discuss] Aggregated service discovery Michiel de Jong
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Peter Saint-Andre
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Peter Saint-Andre
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery John Bradley
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- Re: [apps-discuss] Aggregated service discovery John Bradley
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- Re: [apps-discuss] Aggregated service discovery John Bradley
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery John Bradley
- Re: [apps-discuss] Aggregated service discovery William Mills
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- Re: [apps-discuss] Aggregated service discovery Cyrus Daboo
- Re: [apps-discuss] Aggregated service discovery Paul E. Jones
- [apps-discuss] R: Aggregated service discovery Goix Laurent Walter
- Re: [apps-discuss] Aggregated service discovery John Bradley
- Re: [apps-discuss] R: Aggregated service discovery William Mills