Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
Eran Hammer <eran@hueniverse.com> Thu, 12 April 2012 18:18 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C463221F85F8 for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 11:18:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FcYkxTCTJvRX for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 11:18:10 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 074A621F85BD for <oauth@ietf.org>; Thu, 12 Apr 2012 11:18:10 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id x6J91i0020EuLVk016J9mF; Thu, 12 Apr 2012 11:18:09 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.115]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Thu, 12 Apr 2012 11:18:09 -0700
From: Eran Hammer <eran@hueniverse.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Thread-Topic: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
Thread-Index: AQHNGJt1/+q3DOFEzk6CK4fFAhsGypaXjEKAgABcu4CAAAeOgP//j3cH
Date: Thu, 12 Apr 2012 18:18:08 +0000
Message-ID: <BE1853F9-BE4C-47C2-9D57-BDFA2037CEEC@hueniverse.com>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F86C437.3000006@cs.tcd.ie> <4F871201.1000103@alcatel-lucent.com>, <C87D8EE8-BBBA-4ACF-891B-3B1A2285469E@ve7jtb.com>
In-Reply-To: <C87D8EE8-BBBA-4ACF-891B-3B1A2285469E@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 18:18:10 -0000
Where is this access control and user centric architecture described? I could not find it. EH On Apr 12, 2012, at 14:01, "John Bradley" <ve7jtb@ve7jtb.com> wrote: > There are important deployment and privacy issues that caused openID Connect to use SWD. > > I was part of the OASIS XRI/XRD work that Web Finger has been based on. > > The main differences are around allowing all of the users information to be publicly discoverable, vs providing for access control. > > They are similar, but have real design differences. > > Web Finger without XML is not horrible by any means, but nether is SWD. > > SWD is more about users while host-meta is more about server resources. > > John B. > > > On 2012-04-12, at 7:33 PM, Igor Faynberg wrote: > >> To me this looks like more than the same problem being solved--it appears to be the same protocol... I wonder if, the representation issues were put aside (i.e., left to the API specification), the common part is what can be adopted. >> >> Igor >> >> On 4/12/2012 8:01 AM, Stephen Farrell wrote: >>> >>> >>> On 04/12/2012 12:00 PM, Hannes Tschofenig wrote: >>>> Hi all, >>>> >>>> those who had attended the last IETF meeting may have noticed the ongoing activity in the 'Applications Area Working Group' regarding Web Finger. >>>> We had our discussion regarding Simple Web Discovery (SWD) as part of the re-chartering process. >>>> >>>> Here are the two specifications: >>>> http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03 >>>> http://tools.ietf.org/html/draft-jones-simple-web-discovery-02 >>>> >>>> Now, the questions that seems to be hanging around are >>>> >>>> 1) Aren't these two mechanisms solving pretty much the same problem? >>>> 2) Do we need to have two standards for the same functionality? >>>> 3) Do you guys have a position or comments regarding either one of them? >>>> >>>> Ciao >>>> Hannes >>>> >>>> PS: Please also let me know if your view is: "I don't really know what all this is about and the documents actually don't provide enough requirements to make a reasonable judgement about the solution space." >>>> >>> >>> So just as a data-point. We (the IETF, but including >>> me personally;-) mucked up badly on this some years >>> ago in the PKI space - we standardised both CMP (rfc >>> 2510) and CMC (rfc 2797) as two ways to do the same >>> thing, after a protracted battle between factions >>> supporting one or the other. We even made sure they >>> had as much common syntax as possible. (CRMF, rfc >>> 2511) >>> >>> Result: neither fully adopted, lots of people still >>> do proprietary stuff, neither can be killed off >>> (despite attempts), both need to be maintained (CMP >>> is now RFC 4210, CMC, 5272, CRMF, 4211), and IMO >>> partly as a result of us screwing up for what seemed >>> like good reasons at the time, PKI administration >>> stuff has never gotten beyond horrible-to-do. >>> >>> All-in-all, a really bad outcome which is still >>> a PITA a dozen years later. >>> >>> As OAuth AD I will need *serious* convincing that >>> there is a need to provide two ways to do the same >>> thing. I doubt it'll be possible to convince me, >>> in fact, so if you wanna try, you'll need to start >>> by saying that they are not in fact two ways to do >>> the same thing:-) >>> >>> S. >>> >>> PS: This discussion needs to also involve the Apps >>> area, so I've cc'd that list. >>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Web Finger vs. Simple Web Discovery (S… Hannes Tschofenig
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Michiel de Jong
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Pelle Wessman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Blaine Cook
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Dick Hardt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Panzer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Igor Faynberg
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Eran Hammer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Torsten Lodderstedt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- [OAUTH-WG] R: [apps-discuss] Web Finger vs. Simpl… Goix Laurent Walter
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… George Fletcher
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Julian Reschke
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Stephen Farrell
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… SM
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Daniel Renfer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Bob Wyman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Martin J. Dürst
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas