IETF Logo Mail Archive

Re: [apps-discuss] An alteration to the WebFinger Spec

"Paul E. Jones" <paulej@packetizer.com> Thu, 01 November 2012 16:19 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 279B121F8E9F for <apps-discuss@ietfa.amsl.com>; Thu, 1 Nov 2012 09:19:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.171
X-Spam-Level:
X-Spam-Status: No, score=-2.171 tagged_above=-999 required=5 tests=[AWL=0.427, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNSD0WDM9TGt for <apps-discuss@ietfa.amsl.com>; Thu, 1 Nov 2012 09:19:27 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 09CBB21F8E89 for <apps-discuss@ietf.org>; Thu, 1 Nov 2012 09:19:26 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id qA1GJOaD013709 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 1 Nov 2012 12:19:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1351786765; bh=/Iporj8d05a3fleVn17MMaNJITBrPm9KNMtzcadm/t8=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=Npuc/y/Gh8MF0JX9ICQGofs6qeEjpzk47WUDW4dDuTkZkT2UXP7q3vhJSibRmKMRN y5cuV9JMA8azIEef5mb/8p8UxgYL6xbuQvBCy5gYdanpsy8bEedN4J7P0+gynq86Ly KuTOZ25oqe2Aj1sDZ6Y9xkzmSmSvTdRANpJqst5Q=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Brad Fitzpatrick' <bradfitz@google.com>, webfinger@googlegroups.com
References: <011a01cdb7fb$bca72f80$35f58e80$@packetizer.com> <CAAkTpCr3XxWE2Cm3usWksKEyZwxn9n6zDW90ELJMN4wpjcTphA@mail.gmail.com>
In-Reply-To: <CAAkTpCr3XxWE2Cm3usWksKEyZwxn9n6zDW90ELJMN4wpjcTphA@mail.gmail.com>
Date: Thu, 01 Nov 2012 12:19:31 -0400
Message-ID: <021b01cdb84c$acfd2930$06f77b90$@packetizer.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_021C_01CDB82B.25EB8930"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGOvx3J4VkqAJM7GNut5joo4XlPbAH+kVB6mEMdPvA=
Content-Language: en-us
Cc: public-fedsocweb@w3.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] An alteration to the WebFinger Spec
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 16:19:28 -0000

Comments below:

 

 

* Delete the whole section "4.2. Simplifying the Login Process".  As much as

  I loves me some OpenID, it's out of place in this document.

 

PEJ: OK.  It is only an example, so it can be removed. Is there a different example you would like to see, or are the other two sufficient? 

 

* WebFinger, being JSON-only, should only document /.well-known/host-meta.json

  as part of the client's discovery process, not /.well-known/host-meta.

  Status.net and whoever else can continue to serve webfinger for compatibility

  at /.well-known/host-meta if they'd like to support all of RFC 6415.  But

  WebFinger doesn't need to include docs on supporting all of RFC 6415.  It

  should be possible to write a server which is WebServer compliant without

  being 6415 compliant.

 

PEJ: Given we are not deprecating RFC 6415, that seems like a reasonable compromise.  A server could still support both, but anything that is officially “WebFinger” will use only the .json resource.  I’ll remove host-meta and post an updated “alt” spec shortly.

 

* Section 5.2: ditch the rel=, resource= parameters from host-meta.json.

  It's a HOST meta, not a RESOURCE meta.  It's being morphed into an

  all-encompassing endpoint.  If you really want this, DO NOT REUSE host-meta

  and just use /.well-known/webfinger-query.  But I am not proposing that.

  I'm just saying that would be more sane than tacking random crap onto

  host-meta.

 

PEJ: I think this one might be more challenging.  There is a camp that likes the RFC 6415-way of doing things with a host-meta document and then an LRDD resource.  Then there is the other camp who says “I want the simplest possible client and want to issue exactly one query, period.”  The “rel” parameter allows server-side filtering in the event the response might be voluminous; this reduces client-side processing work.  I let the camps battle this one, but I can see good arguments on both sides.

 

* Section 6. MUST support CORS, but MAY exclude the header. What? SHOULD probably.

 

PEJ: WebFinger servers that serve the public (Internet) MUST use CORS; enterprise WebFinger servers are not required to do so.  That was the consensus of the group thus far and there are several who have demanded CORS support.

 

* Section 8.1: "When a query is issued host-meta" ... "pointing to the location 

  of the hosted WebFinger service URL"  host-meta is its own thing.  You are

  assuming that host-meta means WebFinger.

 

PEJ: I’m not following what you’re saying.  The text says “When a query is issued to /.well-known/host-meta.json, the target domain’s web server MUST return a 301, 302, or 307 … pointing to…”.  I’m making no assumptions, just specifying how resources must be redirected to enable a service provider to provide the services on behalf the domain.  

 

I might have more minor feedback later, but the above is most of it.

 

PEJ: Hold that for -ALT-R1 :-)

 

Paul

v2.23.0 | Report a Bug | By Email