IETF Logo Mail Archive

Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)

"Paul E. Jones" <paulej@packetizer.com> Sun, 22 April 2012 03:51 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F07D11E8097 for <apps-discuss@ietfa.amsl.com>; Sat, 21 Apr 2012 20:51:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.715
X-Spam-Level:
X-Spam-Status: No, score=-1.715 tagged_above=-999 required=5 tests=[AWL=-0.451, BAYES_00=-2.599, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_HEAD=1.334]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4VgkPQTQffH for <apps-discuss@ietfa.amsl.com>; Sat, 21 Apr 2012 20:51:11 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id A49DA21F851D for <apps-discuss@ietf.org>; Sat, 21 Apr 2012 20:51:11 -0700 (PDT)
Received: from dyn-129.arid.us (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q3M3p7RM011527 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sat, 21 Apr 2012 23:51:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1335066670; bh=iD+/wuBQD8sQO+1jSwtkQSMZYDab+Cb5yomd14Ly/54=; h=In-Reply-To:References:MIME-Version:Content-Type:Subject:From: Date:To:CC:Message-ID; b=guYmf03pRb/TU4CMqGi5DRvMLM15i3nRG2/0scNEcrm6HAbUUNIavdkV51JRzf3WY JSAV/REAXOb+vjFXrCk+aM+TxUq20BFD9MUzodJk9bxHGJb4pyaov2g3sYFvom9eRR RR3PiKkJOzBhTVYqbv2eE3VTBNP5HjTIJNmu7XMU=
User-Agent: Kaiten Mail
In-Reply-To: <CAKaEYh+S8+_-4EsjAa36XVN8HvgWW4phKMyg64zhqXQueMjOdg@mail.gmail.com>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <091401cd1ea3$e159be70$a40d3b50$@packetizer.com> <CAHBU6it3ZmTdK-mTwydXSRvGvZAYuv0FFR2EWLwdfTxQh4XV5g@mail.gmail.com> <091901cd1eb0$167a8ce0$436fa6a0$@packetizer.com> <sjmbommzdv4.fsf@mocana.ihtfp.org> <4F917CE6.2060904@mtcc.com> <0a7601cd1f74$cc5a26a0$650e73e0$@packetizer.com> <4E1F6AAD24975D4BA5B1680429673943664920DE@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAKaEYh+S8+_-4EsjAa36XVN8HvgWW4phKMyg64zhqXQueMjOdg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----JWII7ZD6XR2ECNEZ1AZPSEHB51NJPN"
From: "Paul E. Jones" <paulej@packetizer.com>
Date: Sat, 21 Apr 2012 23:51:06 -0400
To: Melvin Carvalho <melvincarvalho@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>
Message-ID: <f3112e24-e3fb-4465-b8e9-d9e8be80b217@email.android.com>
Cc: Michael Thomas <mike@mtcc.com>, Derek Atkins <derek@ihtfp.com>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2012 03:51:13 -0000

Melvin,

The acct: URI scheme is not a new protocol, but just a scheme that refers to user accounts. It is documented in the WebFinger draft.

Paul


-------- Original Message --------
From: Melvin Carvalho <melvincarvalho@gmail.com>
Sent: Sat Apr 21 23:09:54 EDT 2012
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: "Paul E. Jones" <paulej@packetizer.com>, Michael Thomas <mike@mtcc.com>, Derek Atkins <derek@ihtfp.com>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)

On 21 April 2012 18:37, Mike Jones <Michael.Jones@microsoft.com> wrote:

> I want to completely agree with what Paul wrote: "What is a pain on the
> client side is conditional code that has to be followed in order to consume
> whatever the server wants to send.  The client should have a single code
> path knowing it will get what it wants".
>
> BTW, this is also part of the argument for making the resource parameter
> required.  Paul's example of:
>        curl -v
> https://packetizer.com/.well-known/host-meta.json?resource=acct:paulej@packetizer.com
> should work on all deployments - not just packetizer.com, so clients can
> rely on it working (and not have to have conditional code to try again in a
> different way when it doesn't).
>
> As a design principle, to the extent there's any complexity, it should be
> pushed to the servers, rather than the clients, as clients will vastly
> outnumber servers.    The solution should be as simple for clients to use
> as possible, to facilitate adoption.
>

if acct: is to become a new protocol for the internet , I request that it
should be fully documented, and available for review


>                                Best wishes,
>                                -- Mike
>
> (moved OAuth to bcc)
>
> -----Original Message-----
> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
> On Behalf Of Paul E. Jones
> Sent: Friday, April 20, 2012 9:11 PM
> To: 'Michael Thomas'; 'Derek Atkins'
> Cc: oauth@ietf.org; 'Apps Discuss'
> Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery
> (SWD)
>
> Mike,
>
> > On 04/20/2012 07:17 AM, Derek Atkins wrote:
> > > <OAUTH Chair Hat> Note that this is a replay of the historical "MUST
> > > Implement" versus "MUST Use" arguments. Just because the server MUST
> > > IMPLEMENT JSON and XML does not mean that a Client must use both (or
> > > even that a client must implement both). It is perfectly reasonable
> > > and generally acceptable to have a server that provides data in
> > > multiple formats whereas the client only supports a subset and
> > > specifies which format(s) are acceptable. </OAUTH Char Hat> -derek
> >
> > To Paul's point about how easy it is for a server to support both, I'd
> > retort that it's equally easy for a client to gin up JSON instead of XML.
>
> I don't follow.
>
> I agree I could write a client that could do JSON easily.
> I agree I could write a client that could do XML easily.
>
> What is a pain on the client side is conditional code that has to be
> followed in order to consume whatever the server wants to send.  The client
> should have a single code path knowing it will get what it wants, ether XML
> or JSON.
>
> Granted, the server has to have a conditional statement and generate XML
> or JSON as requested.  However, generating either is trivial.  Really, I
> did it in minutes.  We're not talking about huge complex data structures
> here with WebFinger.
>
> > Pity the poor programmer who can't get their head around that gigantic
> > change. On the other hand, having to support XML and JSON is an
> > ongoing maintenance headache server-side. Why do it?
>
> Would we expect to see a lot of changes to the data structures used by
> WebFinger?  That's really the only ongoing maintenance issue.  Don't touch
> the code that produces the XML or JSON and there is no ongoing maintenance.
>
> > There isn't even the dubious
> > religious war like back in the day saying that binary encoded ASN.1
> > was "better/faster/stacks and cleans dishes" than "human readable"
> > XML.  XML is just a clunky and past its prime text encoding at this
> > point. Requiring it smacks of nostalgia to me.
>
> I disagree with you on that one.  First, ASN.1 is better for defining
> protocols, so long as you stay away from the complex stuff. Basic ASN.1
> looks a lot like C and produces C data structures that can be readily read,
> decoded, and consumed in C code.  Rarely, rarely do I see decoding issues
> when using ASN.1, whereas issues pop up quite often with text protocols,
> especially things like SIP where a semi-colon in the wrong place breaks
> things.  But, let's not start that debate again ;-)
>
> XML *can* be big and clunky.  As you've well noticed, I can also write
> lengthy emails that seem to have more typos as the evening progresses. :-)
>
> However, XML can be a very compact encoding and it's extremely readable.
>
> I just did a query on my server to see the XML vs. JSON output.  The XRD
> document provided was 1032 octets.  The JRD document was 1077 octets.
> Removing every possible space and making both formats hard as heck to
> read, JSON was 837 and XML was 940.  I'm hard pressed to say that's makes
> much difference.  Further, I can't read either of them now without some
> effort.
>
> Considering that a lot of WebFinger use (I suspect) is going to be
> server-to-server interaction, XML seems like a reasonable format to retain.
> That, and the fact it is already mandatory in RFC 6415 and deployed out
> there.
>
> It's not nostalgia for me.  XML is a very well-structured, readable format.
> No objection to JSON, but I really don't understand the clamoring for JSON.
> I guess more precisely, I don't understand the disdain for XML.  Is it
> because people created hideously complex XML data structures and feel pain
> for having done that?  XRD is not that kind of document.
>
> Paul
>
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>

v2.23.0 | Report a Bug | By Email