[Gen-art] /.well-known placed below the URI local-part root
Nico Williams <nico@cryptonector.com> Thu, 30 April 2020 19:42 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4AA43A0D64 for <gen-art@ietfa.amsl.com>; Thu, 30 Apr 2020 12:42:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.919
X-Spam-Level:
X-Spam-Status: No, score=-2.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFGVSJsIVzwe for <gen-art@ietfa.amsl.com>; Thu, 30 Apr 2020 12:42:13 -0700 (PDT)
Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C09173A11CD for <gen-art@ietf.org>; Thu, 30 Apr 2020 12:42:12 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9A0381E18BA; Thu, 30 Apr 2020 19:42:10 +0000 (UTC)
Received: from pdx1-sub0-mail-a9.g.dreamhost.com (100-96-6-14.trex.outbound.svc.cluster.local [100.96.6.14]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id E61D01E1D33; Thu, 30 Apr 2020 19:42:09 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a9.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.6); Thu, 30 Apr 2020 19:42:10 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Ski-Callous: 1cad5e486aedc7b5_1588275730381_4088183406
X-MC-Loop-Signature: 1588275730380:4055685992
X-MC-Ingress-Time: 1588275730380
Received: from pdx1-sub0-mail-a9.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a9.g.dreamhost.com (Postfix) with ESMTP id 7B9877ED05; Thu, 30 Apr 2020 12:42:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:mime-version:content-type; s= cryptonector.com; bh=YmRv/5aug5gtBxiLGMjzytNdyP4=; b=mdSTEwfQdBf OC0i5sX5lRpdmdYt5c4KMK9rGt5iA7ZIqjDzkyoQ+kYrhIgOBMq5A1BEnmKU4YF4 +OBl57yCG8ZkvCfbiJB+h6ioZzHq1YDl0zjN1DpNI4yrmJfIQrsarGVwTfH7PLNH M5nTng0y0yqoTfUryNT6SxW2nRowdZS0=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a9.g.dreamhost.com (Postfix) with ESMTPSA id B18B87F007; Thu, 30 Apr 2020 12:42:08 -0700 (PDT)
Date: Thu, 30 Apr 2020 14:42:05 -0500
X-DH-BACKEND: pdx1-sub0-mail-a9
From: Nico Williams <nico@cryptonector.com>
To: gen-art@ietf.org, Mark Nottinham <mnot@mnot.net>
Message-ID: <20200430194204.GE18021@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrieehgddufeelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfggtggufgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucggtffrrghtthgvrhhnpeffgfekudeffeejhfdttdevieegkeeggedviefhteevffevgeelvefhtdfgtdekvdenucffohhmrghinhepohhpvghnihgurdhnvghtnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/sOfvzujW7MW62LEr3AtWt2uM1kY>
Subject: [Gen-art] /.well-known placed below the URI local-part root
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2020 19:42:15 -0000
RFC 8615 (and RFC 5785 before it) says that .well-known should be at the
root of the URI local-part. Appendix A explains the rationale.
However, I'm seeing multi-tenancy in OpenID, with URI local-parts of the
form /${tenant}/.well-known/openid-configuration, which is not the
intended usage. /.well-known/openid-configuration/${tenant} would have
been better, given what the RFC says.
I suspect this happened because the registration for the
openid-configuration well-known URI [0] did not cover this use case.
Not sure that anything can or should be done about this, but it might be
worth reporting it here, thus this post.
If I had to propose anything at all to do about this, it might be to
update RFC 8615 to a) describe the use case, b) describe what has been
done, c) recommend or require /.well-known/thing/thang over
/thing/.well-known/thang, d) possibly grandfather some existing uses of
/thing/.well-known/thang, e) maybe update the registry to require that
registrants indicate whether they intend to have further structure below
their well-known URIs.
Nico
[0] https://openid.net/specs/openid-connect-discovery-1_0.html
- [Gen-art] /.well-known placed below the URI local… Nico Williams
- Re: [Gen-art] /.well-known placed below the URI l… Mark Nottingham
- Re: [Gen-art] /.well-known placed below the URI l… Nico Williams