Re: [apps-discuss] Revised webfinger draft (-02)

["Paul E. Jones" <paulej@packetizer.com>]

Murray,

 

WebFinger is a concept that has been under discussion for a long time, both
inside and outside the IETF.  The core foundation of WebFinger is documented
in RFC 6415, which defines how to query for host metadata and to build a
resource descriptor document for a given resource.  This is what we need to
discover information about people and objects, though it does not say
explicitly how one should discover information about a person.  It stops
just short of that, leaving open the options of using an email address,
something like an email address, etc.  Discussion continued on that and
folks converged on the "acct" URI scheme.

 

There was also discussion that we needed to mandate JSON to appeal to most
developers.  RFC 6415 specifies both and recommends that servers support
JSON, but only requires XML.  Numerous people wanted to see that changed,
some arguing for JSON only.  We took the compromising position of requiring
the server to provide both.  (It's trivial to implement on the server side
and allows the client to use what it prefers.)   There were also requests on
the Webfinger (external) list to support CORS.

 

So with those points of convergence, we drafted the WebFinger spec to build
on RFC 6415, adding the things people wanted in WebFinger.  The draft:

.         Introduces the acct URI scheme for use with RFC 6415

.         Introduces the acct link relation for the same (as per RFC 5988)

.         Mandates server-side support for JRD (defined in RFC 6415)

.         Mandates server-side use of CORS

.         Introduces a "resource" parameter to be used with RFC 6415

 

What I have observed is that there are a number of people who have been
following and participating in the work on WebFinger.  Those people see this
draft as "completing the work" by registering the "acct" (user account)
related URI scheme and link relation and specifying those other few things.

 

Then there is the group of people who I believe were largely unaware of RFC
6415's existence.  That may not be correct, but I got the impression that
some believed we were creating everything from scratch in this draft, while
were actually just building on RFC 6415.  As an example, one person
commented that "LRDD" was not defined.  Indeed, our draft does not define
it, since it was defined in RFC 6415.  One person stated that JRD is only
documented on a blog, apparently unaware that JRD is defined and documented
in RFC 6415.

 

So, I submit that the draft is not using grand language and makes no attempt
to appear bigger than it is.  What I believe we have is two camps: those who
have been following the work and see it for what it is and those who have
not and are seeing this for the first time.  This is not unexpected, though
I do not want people to be left with the impression that this is all new.  I
think that's the most important misconception to address.

 

I hope this message clarifies the situation.  I, too, would like to see work
on this document go forward.  This is the WG where discussion took place on
RFC 6415, so I assume it is the right venue for these extensions to that
document.  It's certainly not a significant amount of work and not "foreign"
work to this group.  (I believe my email might actually be approaching then
length of the draft now, so I should stop.)

 

Paul

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Murray S. Kucherawy
Sent: Wednesday, April 04, 2012 5:07 PM
To: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Revised webfinger draft (-02)

 

Since you pointed out that it could be the case that this is a small task
that uses grand language, could the authors consider adjusting the latter
condition to highlight the former?  That might make adopting it here easier
to do.

 

-MSK

 

From: Eran Hammer [mailto:eran@hueniverse.com] 
Sent: Thursday, March 29, 2012 7:27 PM
To: Murray S. Kucherawy; apps-discuss@ietf.org
Subject: RE: [apps-discuss] Revised webfinger draft (-02)

 

And my answer is that right now it is a small task, but the responses
indicated that some people might want it to be bigger.

 

EH

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Murray S. Kucherawy
Sent: Thursday, March 29, 2012 10:12 AM
To: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Revised webfinger draft (-02)

 

I'm not advocating throwing anything away.  I'm proposing figuring out what
path would be most appropriate, regardless of whether it's a new innovation
or a derivative innovation.

 

Our charter constrains us to small tasks.  If webfinger can legitimately be
characterized as a small task, then we can do a call for adoption.  If not,
which seems to be the case, then this isn't the right place for it, and we
have other procedures for advancing such work.  That's the question I'm
posing here.

 

-MSK

 

From: Eran Hammer [mailto:eran@hueniverse.com] 
Sent: Thursday, March 29, 2012 9:47 AM
To: Murray S. Kucherawy; apps-discuss@ietf.org
Subject: RE: [apps-discuss] Revised webfinger draft (-02)

 

It would be appropriate for APPSAWG if the scope is narrowly defined as
adding a few enhancements to RFC 6415 (which *is* what the current draft
attempts to do, even though its prose might sounds grander). But in the
context of the recent OAuth WG meeting discussing a competing foundation
(SWD), a new WG seems to be in order.

 

My concern is that we are reaching a point (or maybe pass it) where
progressing a work to standards track RFC status no longer translate into
requiring new work to explain why it cannot build on top of the published
standard. If this body throws away work as recent as October 2011 just
because it's more convenient for some to start from scratch, I don't see why
anyone would bother go through the significant cost and effort of getting it
published here in the first place.

 

EH

 

 

 

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Murray S. Kucherawy
Sent: Thursday, March 29, 2012 9:18 AM
To: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Revised webfinger draft (-02)

 

That sounds like a mighty strong statement that, in any case, it's not
appropriate for APPSAWG.

 

Perhaps the proponents should request a non-WG list to talk about it for a
while to let the problem definition congeal for a while, and then request a
working group when a charter falls out of that.

 

-MSK

 

From: Eran Hammer [mailto:eran@hueniverse.com] 
Sent: Thursday, March 29, 2012 9:03 AM
To: Murray S. Kucherawy; apps-discuss@ietf.org
Subject: RE: [apps-discuss] Revised webfinger draft (-02)

 

This clearly does not belong in the Security area or the OAuth working
group.

 

I would strongly warn that moving this effort into any WG requires very
careful work on the charter as historically there has been very little
consensus and success in agreeing on what problems we are trying to solve.
RFC 6415 was the end of a 5+ years process across multiple standard bodies
including the IETF, W3C, OASIS, and the OpenID Foundation. This has proved a
really hard problem to *define*.

 

EH

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Murray S. Kucherawy
Sent: Thursday, March 29, 2012 6:57 AM
To: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Revised webfinger draft (-02)

 

Having talked with Barry now, an amended question:

Would this work better fit in another working group like OAuth (which has
its own interest and concerns in webfinger), or perhaps in its own working
group?  It may well be that it's too big to fit in APPSAWG's charter for
smaller work items.

 

-MSK

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Murray S. Kucherawy
Sent: Thursday, March 29, 2012 4:35 AM
To: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Revised webfinger draft (-02)

 

To the working group,

 

This has been hovering outside APPSAWG for two meetings now.  Is APPSAWG the
right place to process it?  That is, should we bring it in as a working
group document?  Or would it be better done through the ISE, or perhaps in
some other working group?

 

-MSK

 

From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
On Behalf Of Paul E. Jones
Sent: Wednesday, March 28, 2012 6:50 PM
To: apps-discuss@ietf.org
Subject: [apps-discuss] Revised webfinger draft (-02)

 

Folks,

 

I published a revised version of the Webfinger specification based on
feedback I've received so far that seems to  have general agreement.  As
requested, I added a change log at the end of the document that I hope will
help.  The draft is here:

http://tools.ietf.org/html/draft-jones-appsawg-webfinger-02

 

The "diff" tool on that page allows you to quickly see exactly what changed.

 

Paul