IETF Logo Mail Archive

Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback

"William J. Mills" <wmills@yahoo-inc.com> Sun, 03 July 2011 18:02 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7E0B228013 for <ietf@ietfa.amsl.com>; Sun, 3 Jul 2011 11:02:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.548
X-Spam-Level:
X-Spam-Status: No, score=-14.548 tagged_above=-999 required=5 tests=[AWL=3.050, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8sSjazha24EY for <ietf@ietfa.amsl.com>; Sun, 3 Jul 2011 11:01:59 -0700 (PDT)
Received: from nm7-vm0.bullet.mail.ac4.yahoo.com (nm7-vm0.bullet.mail.ac4.yahoo.com [98.139.52.228]) by ietfa.amsl.com (Postfix) with SMTP id 597D021F86C0 for <ietf@ietf.org>; Sun, 3 Jul 2011 11:01:59 -0700 (PDT)
Received: from [98.139.52.192] by nm7.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jul 2011 18:01:56 -0000
Received: from [98.139.52.171] by tm5.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jul 2011 18:01:56 -0000
Received: from [127.0.0.1] by omp1054.mail.ac4.yahoo.com with NNFMP; 03 Jul 2011 18:01:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 60209.16784.bm@omp1054.mail.ac4.yahoo.com
Received: (qmail 74029 invoked by uid 60001); 3 Jul 2011 18:01:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1309716115; bh=3/SAPWdkOYBPRxqHxo9z8eWvP2so1RJBN+/47PMC4/g=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=U+CRuJQhCFVo1fTcqhPFLGf0x6XBWynipVJxtfRQ6q0QgoJwf+z/S/FQX+msQT4jnZrMweLJp/nrolYnIqlZHd+MOLQNlQe0861UmASpctpuDOrUL2pjBs8UY91FYOc0ttOE+UItrvwcEIZYu44pNqFNAxT1HKUCx8mTD/3A2Mg=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=ryq3Lvou6hXs5q/wNc6HL+KHr574UR6LpsohHGmA4oldKVXzOADarj8hs7sPVadkQQwK4FHwTDHw46uWnZ+NTAVwPvAHrEJbQpr55riPe+cmMPU/9nPAi9+ldxMb9JTewN4oXmMfuaCpCXcf4pzY7bbdvLy5x+W0HlqAiVsqzVk=;
X-YMail-OSG: _QQgX8kVM1lGy4EnbZtDfkquf0jCJMql29wwxhJFARansqd m.hR96Y3_mtUMeStFXtD4YQwKx7PogQCt0aNitYfih1mpWCraBseQtbt0vWu qK.w8C7c5hOjC98M.L9rzIzhUQsV4zGJvzxoNWpOvVvuGQz0XCr2ueewe7Ri CNaEyLKtRCr_FGEXzWR31trlSxj3.DoIfI6L97tFn6V9.XzVG0fgzTIli350 jppW6Q3OZBWJ9zA_iBJ.1D9SFA_nr4BJgsAdLd37_w8DQwFVBPFNqHIKuoXE 5z.SfQH3MhRLqs_xtU3ZgEM9JUFumtqXKeucNzdT.YBP22VBtElOiUvPOlUi ew5.aOUzsk6fQhTudTAoVv.hWubhWX5.wrjIp_EIK
Received: from [209.131.62.115] by web31813.mail.mud.yahoo.com via HTTP; Sun, 03 Jul 2011 11:01:55 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.112.310352
References: <623429C9-70E2-4442-8ECF-AB827FD95251@gmx.net> <CA35E63A.15F21%eran@hueniverse.com>
Message-ID: <1309716115.33071.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Sun, 03 Jul 2011 11:01:55 -0700
From: "William J. Mills" <wmills@yahoo-inc.com>
Subject: Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback
To: Eran Hammer-Lahav <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CA35E63A.15F21%eran@hueniverse.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-541410507-1309716115=:33071"
X-Mailman-Approved-At: Tue, 05 Jul 2011 07:45:25 -0700
Cc: "ietf@ietf.org IETF" <ietf@ietf.org>, oauth WG <oauth@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: "William J. Mills" <wmills@yahoo-inc.com>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jul 2011 18:02:00 -0000

FYI there is a form of discovery for OAuth defined in http://tools.ietf.org/html/draft-mills-kitten-sasl-oauth-02 which uses LINK headers.



________________________________
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>; Mark Nottingham <mnot@mnot.net>
Cc: "ietf@ietf.org IETF" <ietf@ietf.org>; oauth WG <oauth@ietf.org>
Sent: Sunday, July 3, 2011 9:50 AM
Subject: Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback


Hannes,

None of the current OAuth WG document address discovery in any way, so clearly there will be no use of XRD. But the OAuth community predating the IETF had multiple proposals for it. In addition, multiple times on the IETF OAuth WG list, people have suggested using host-meta and XRD for discovery purposes.

The idea that XRD was reused without merit is both misleading and mean-spirited. Personally, I'm sick of it, especially coming from standards professionals.

XRD was largely developed by the same people who worked on host-meta. XRD predated host-meta and was designed to cover the wider use case. Host-meta was an important use case when developing XRD in its final few months. It was done in OASIS out of respect to proper standards process in which the body that originated a work (XRDS) gets to keep it.

I challenge anyone to find any faults with the IPR policy or process used to develop host-meta in OASIS.

XRD is one of the simplest XML formats I have seen. I bet most of the people bashing it now have never bothered to read it. At least some of these people have been personally invited by me to comment on XRD while it was still in development and chose to dismiss it.

XRD was designed in a very open process with plenty of community feedback and it was significantly simplified based on that feedback. In addition, host-meta further simplifies it by profiling it down, removing some of the more complex elements like Subject and Alias (which are very useful in other contexts). XRD is nothing more than a cleaner version of HTML <LINK> elements with literally a handful of new elements based on well defined and widely supported requirements. It's entire semantic meaning is based on the IETF Link relation registry RFC.

There is something very disturbing going on these days in how people treat XML-based formats, especially form OASIS.

When host-meta's predecessor - side–meta – was originally proposed a few years ago, Mark Nottingham proposed an XML format not that different from XRD. There is nothing wrong with JSON taking over as a simpler alternative. I personally prefer JSON much better. But it would be reckless and counter productive to ignore a decade of work on XML formats just because it is no longer cool. Feels like we back in high school.

If you have technical arguments against host-meta, please share. But if your objections are based on changing trends, dislike of XML or anything OASIS, grow up.

EHL


From:  Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date:  Sun, 3 Jul 2011 00:36:29 -0700
To:  Mark Nottingham <mnot@mnot.net>
Cc:  Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ietf@ietf.org IETF" <ietf@ietf.org>, Eran Hammer-lahav <eran@hueniverse.com>, oauth WG <oauth@ietf.org>
Subject:  Re: Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback


I also never really understood why XRD was re-used. 
>
>
>Btw, XRD is not used by any of the current OAuth WG documents, see http://datatracker.ietf.org/wg/oauth/
>
>
>
>
>On Jun 22, 2011, at 8:08 AM, Mark Nottingham wrote:
>
>
>* XRD -- XRD is an OASIS spec that's used by OpenID and OAuth. Maybe I'm just scarred by WS-*, but it seems very over-engineered for what it does. I understand that the communities had reasons for using it to leverage an existing user base for their specific user cases, but I don't see any reason to generalise such a beast into a generic mechanism.
>
>
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email