IETF Logo Mail Archive

Re: [art] Auto-configuring Email Clients via WebFinger

Marten Gajda <marten@dmfs.org> Thu, 18 July 2019 22:16 UTC

Return-Path: <marten@dmfs.org>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10597120130 for <art@ietfa.amsl.com>; Thu, 18 Jul 2019 15:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.496
X-Spam-Level:
X-Spam-Status: No, score=-0.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dmfs.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4omYQpUqHTj for <art@ietfa.amsl.com>; Thu, 18 Jul 2019 15:16:41 -0700 (PDT)
Received: from mailrelay2-1.pub.mailoutpod1-cph3.one.com (mailrelay2-1.pub.mailoutpod1-cph3.one.com [46.30.210.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0101612012B for <art@ietf.org>; Thu, 18 Jul 2019 15:16:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dmfs.org; s=20140924; h=content-type:in-reply-to:mime-version:date:message-id:from:references:to: subject:from; bh=HZCZgwlhIJQDHHZj5zBSQI4QcSJ8fi1c0vTTZQelJU8=; b=D4ysYWYuijskgLoSLQXl4d1TcZtUBciVjeE4HjHOwInT8h9VRzOYxOd4aWcfV9hzEKus0G1HVUUHa fPO5AqIcAnvKtUynNyKqMKh363biO+0lOSTq+SL4RAqptmYO6MMNkdh2Pzm7gPRDQLCfpOxWaaNmT9 HP0RgW/3DyKc36AU=
X-HalOne-Cookie: dcb94853b26ccafa761a9c2e31419fd6f074eb44
X-HalOne-ID: b527c630-a9a9-11e9-b9fd-d0431ea8a290
Received: from smtp.dmfs.org (unknown [2003:f6:af3f:af00:201:2eff:fe40:2624]) by mailrelay2.pub.mailoutpod1-cph3.one.com (Halon) with ESMTPSA id b527c630-a9a9-11e9-b9fd-d0431ea8a290; Thu, 18 Jul 2019 22:16:36 +0000 (UTC)
Received: from boss.localdomain (89-64-62-85.dynamic.chello.pl [89.64.62.85]) by smtp.dmfs.org (Postfix) with ESMTPSA id 38E8C1C5 for <art@ietf.org>; Fri, 19 Jul 2019 00:16:36 +0200 (CEST)
To: "art@ietf.org" <art@ietf.org>
References: <eme8317959-26f9-4a9d-b2be-d2f8cb0961f6@sydney> <1b042605-4b3a-40b7-a792-2390c924282f@www.fastmail.com>
From: Marten Gajda <marten@dmfs.org>
Message-ID: <cdc61ea9-0607-e5e9-8af8-6ac488f5e56b@dmfs.org>
Date: Fri, 19 Jul 2019 00:16:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <1b042605-4b3a-40b7-a792-2390c924282f@www.fastmail.com>
Content-Type: multipart/mixed; boundary="------------AF47F3D3ABA55F26AA0042A4"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/SN7tEYacJMOQdcYaj5wYN3C99Y0>
Subject: Re: [art] Auto-configuring Email Clients via WebFinger
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 22:16:44 -0000

As a client developer, I want to provide a smooth UX to our users. This
means I need much more information than just a server URL.

For instance, I also want to

* present the name or logo of the provider which hosts the user's
account, ideally before they enter their credentials,
* provide links to support channels, reset password pages, account
management,
* know the OAuth endpoints, if available,
* know the OpenID Connect endpoints, so I can register my OAuth client
dynamically,
* know the OAuth scope tokens I need in order to access a service,
* know which endpoints serve the same data via different protocols,
* know *all* the available services (not just the ones I know about), so
I can suggest other clients which may be useful.

We had a few more discussion items at
https://github.com/CalConnect/AUTODISCOVERY/issues

One of the initial ideas was to have the accounts managed by the
operating system and data access/synchronization handled by individual
applications. In this scenario, the operating system would provide the
UI to configure an account and perform the service discovery. Afterwards
it would delegate the service configuration along with the account
identifier to the applications which can handle the services found. If
the provider offers services for which no application is present on the
system, it could suggest suitable applications from the app store or
software repository. The operating system could rerun the service
discovery from time to time and notify the user about changes (e.g.
"Your provider XYZ now supports chatting, here are the applications you
can use: ...").

I don't see this as a use case for WebFinger though. The services
offered by a provider is not user data (although they may vary for each
users), it's primarily provider data. As such, I'd prefer to provide a
single JSON document at a well-known URL under the provider's domain,
e.g. at "/.well-known/services". This would make it trivial to host a
static document, which would do the trick in most setups. More complex
providers could still return per-user configurations (after authentication).

The attached example shows how a document might look like as per the
current status.

Cheers,

Marten



Am 16.07.19 um 07:22 schrieb Bron Gondwana:
> On Tue, Jul 16, 2019, at 05:31, Paul E. Jones wrote:
>> ART folks,
>>
>> Several years ago when I was working on WebFinger, one of the use
>> cases I presented was using WebFinger to facilitate auto-configuring
>> email clients.  It was and still is a problem I deal with today.
>>
>> For my own family, I have to manually configure several different
>> clients on several different platforms for each member of the family.
>>  It's time consuming and really needs to be made simpler.
>>
>> My wife also has to deal with this issue where she works, because her
>> company, while just 100 or so employees, has offices in two different
>> countries and the mail server settings an employee uses depends on
>> his or her geographic location.  To use standard IETF protocols, it
>> means a lot of manual provisioning.
>>
>> I see the same sort of challenges with service providers. If one
>> wants to have his or her own domain, but isn't technically savvy,
>> they're in for a lot of "fun" trying to figure out the various
>> settings. Seriously, no normal person should have to understand what
>> SMTP or IMAP means, and definitely what port numbers or security
>> settings to fill in.
>>
>> While there has been a generic DNS-based method for email provision
>> for a while, it doesn't work for me. It doesn't work for my wife's
>> company, either. It also doesn't define everything one might need to
>> define (e.g., required security settings or policies).
>>
>> So we put together a very simple example to show how this might be
>> done with WebFinger.  See the draft here:
>> https://tools.ietf.org/html/draft-jones-webfinger-email-autoconfig-00
>
> There's also been discussion about doing the same thing for caldav and
> carddav in CalConnect, which was led by Marten. It would be good to
> combine this work!
>
> Cheers,
>
> Bron.
>
> -- 
>   Bron Gondwana
>   brong@fastmail.fm
>
>
-- 
Marten Gajda
CEO

dmfs GmbH
Schandauer Straße 34
01309 Dresden
GERMANY

phone: +49 177 4427167
email: marten@dmfs.org

Managing Director: Marten Gajda
Registered address: Dresden
Registered No.: AG Dresden HRB 34881
VAT Reg. No.: DE303248743

v2.23.0 | Report a Bug | By Email