IETF Logo Mail Archive

Re: [apps-discuss] WebFinger Draft Updated - draft-ietf-appsawg-webfinger-01

Melvin Carvalho <melvincarvalho@gmail.com> Sat, 20 October 2012 23:05 UTC

Return-Path: <melvincarvalho@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BBAB21F879E for <apps-discuss@ietfa.amsl.com>; Sat, 20 Oct 2012 16:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.182
X-Spam-Level:
X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[AWL=0.416, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQTgL8PZG8dh for <apps-discuss@ietfa.amsl.com>; Sat, 20 Oct 2012 16:05:54 -0700 (PDT)
Received: from mail-ia0-f172.google.com (mail-ia0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 278EE21F8674 for <apps-discuss@ietf.org>; Sat, 20 Oct 2012 16:05:54 -0700 (PDT)
Received: by mail-ia0-f172.google.com with SMTP id o25so1418694iad.31 for <apps-discuss@ietf.org>; Sat, 20 Oct 2012 16:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=VIe4xX4uEJo1nhYTtWexZlj24pnqKK5PnVyHyyYEhb0=; b=xCoxlblhwCoUiiznYZWHd/7Z8NP12fT9XKZ2TcCz1nCFB6aPl9Ihj8sc72HptpiFSu /4AgMotm2jDcjeoQDsZTqmrWwPsA9lLr+4RTKg45G+ahEOC7xqbdB5WfvBkRZA7ya2K9 W2q86DUyCl2fwnaMh/QsDPNVkXfX2tm2O9SDvOfUVCtt6CoFvLzbmK3mk9aXRD4G5qkk U8Qz3r93rvDLqPOU0NFq8EYcPD2wnspJpVuPWVmh0YaN8F+sNFYCDCvhA3tCbRb+8Uk5 A2cveQVNk3ETRItL7hElWT3iuhSnSKWXolW8RMqqrHpN5uQcrx/IcByfKhXGy3naA97f ZMtA==
MIME-Version: 1.0
Received: by 10.50.95.161 with SMTP id dl1mr5040181igb.0.1350774353715; Sat, 20 Oct 2012 16:05:53 -0700 (PDT)
Received: by 10.42.247.129 with HTTP; Sat, 20 Oct 2012 16:05:53 -0700 (PDT)
In-Reply-To: <5082C526.3050100@status.net>
References: <025b01cdae61$591e9690$0b5bc3b0$@packetizer.com> <5082C526.3050100@status.net>
Date: Sun, 21 Oct 2012 01:05:53 +0200
Message-ID: <CAKaEYhLKaksfVQKP8kTt5AhWTSrhfae_o3=L9B-KKF_+U3OS=Q@mail.gmail.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Evan Prodromou <evan@status.net>
Content-Type: multipart/alternative; boundary="e89a8f3b9c3f86621204cc85a9cd"
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] WebFinger Draft Updated - draft-ietf-appsawg-webfinger-01
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2012 23:05:55 -0000

On 20 October 2012 17:37, Evan Prodromou <evan@status.net> wrote:

>  Paul,
>
> Thanks for the update! I really like what I see; take the following notes
> as suggestions and not absolute rules.
>
>    - It's long. With RFC 6415 as a basis, the requirements of this
>    specification are actually quite small (add CORS, resource, and rel; JRD
>    required, XRD optional). It would be nice if the document length and
>    complexity reflected that.
>    - The introduction in section 1 would be better if it ignored "finger"
>    entirely. Just say what Webfinger does: lets a host define links and
>    properties for an URI.
>     - The first three paragraphs of section 3 are unnecessary and
>    confusing. This is what references are for. Starting at "Thus the
>    framework..." (without the "thus") is a lot clearer.
>     - Section 4 is unnecessary and confusing. Also, as applications are
>    built using Webfinger, it will probably become obsolete and incorrect. I
>    think it should be struck entirely out.
>    - Section 5.1 makes the order of queries (HTTPS, HTTP) a MUST on
>    behalf of clients. The client should determine the level of authenticity
>    they need from the server. I suggest a SHOULD here, with similar language
>    as RFC 6415 for
>     - Section 5.2 says that servers MUST support "resource" "as a means
>    of improving performance and reducing client complexity". I think the
>    performance improvement is debatable, and maybe even the reduction in
>    client complexity. So, maybe just strike this language? By which I mean:
>    leave the requirement, but don't try to justify it.
>     - Section 5.2 suggests that the server should literally make an HTTP
>    request to fetch the LRDD link. That is the hard way to do it. Can we just
>    assume that the server can figure out its own implementation details?
>    - Section 5.2 recommends using host-meta.json, which I think is
>    excellent.
>    - Section 5.3 uses space-separated "rel" parameters. There is some
>    precedent for using space separation for a single rel in HTML ("alternate
>    feed"), which makes this a little tricky. How about comma (",") instead?
>     - Section 5.4 should probably also call out the "tag" URI scheme.
>    - Section 5.4 should make special mention of "http" and "https" URIs.
>    There are other discovery methods that can be used with this kind of URI;
>    is there a recommended order for using Webfinger versus, say, doing a HEAD
>    request and looking at the Link: headers? Doing a GET request with Accept
>    set to "text/html" and parsing for <meta> and <link> elements?
>
>
HTTP GET is generally recommended to get more information from an HTTP
URI.  HEAD may not contain the information you need.  Of course, it may
become popular to deference an HTTP URI using webfinger.  Though there may
be issues with the correct response codes, consistency of information etc.


>
>    - I'm not convinced we need "acct" rels (section 6). At the very
>    least, the name is confusing w/r/t the acct: URI scheme.
>     - Section 7 makes support for CORS a MUST and then turns around and
>    said if you have a good reason not to support it, you SHOULD NOT. I suggest
>    that support for CORS should just be a SHOULD. I can figure out myself
>    whether I want to be the exception.
>     - Section 8 should recommend a base representation for host and
>    resource descriptors be available with no authentication, and enhanced
>    representations available with authentication. Host meta is the initial
>    introduction for clients and servers that don't otherwise know each other;
>    there should always be some information available - even if it's just the
>    information on how to authenticate to get more information.
>     - Section 9 is implementation detail that should probably be out of
>    scope. I realize that these configurations are why we support 3xx
>    redirects, but maybe figuring out the topology of those redirects is best
>    left as an exercise for implementers.
>    - Section A seems unnecessary, since it's already covered in RFC 6415.
>    Am I missing something?
>
> Overall I think the protocol itself is great, with some minor tweaks
> between MUSTs and SHOULDs. Shortening the document will make it clearer and
> easier to implement.
>
> -Evan
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>
>

v2.23.0 | Report a Bug | By Email