Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

Derek Atkins <derek@ihtfp.com> Mon, 23 April 2012 16:55 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 369EB21F867F; Mon, 23 Apr 2012 09:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.637
X-Spam-Level:
X-Spam-Status: No, score=-101.637 tagged_above=-999 required=5 tests=[AWL=-0.249, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_33=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6TICFkOByLTh; Mon, 23 Apr 2012 09:55:50 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB0A21F866D; Mon, 23 Apr 2012 09:55:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id D1513260299; Mon, 23 Apr 2012 12:55:49 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 30604-10; Mon, 23 Apr 2012 12:55:48 -0400 (EDT)
Received: from mocana.ihtfp.org (IHTFP-DHCP-158.IHTFP.ORG [192.168.248.158]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id BD8B52601D8; Mon, 23 Apr 2012 12:55:48 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q3NGtfvk027083; Mon, 23 Apr 2012 12:55:41 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Michael Thomas <mike@mtcc.com>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <091401cd1ea3$e159be70$a40d3b50$@packetizer.com> <CAHBU6it3ZmTdK-mTwydXSRvGvZAYuv0FFR2EWLwdfTxQh4XV5g@mail.gmail.com> <091901cd1eb0$167a8ce0$436fa6a0$@packetizer.com> <sjmbommzdv4.fsf@mocana.ihtfp.org> <4F917545.5080103@mtcc.com> <sjmvckqxzvm.fsf@mocana.ihtfp.org> <4F9573D6.9080603@mtcc.com>
Date: Mon, 23 Apr 2012 12:55:40 -0400
In-Reply-To: <4F9573D6.9080603@mtcc.com> (Michael Thomas's message of "Mon, 23 Apr 2012 08:23:02 -0700")
Message-ID: <sjmy5pmwfoz.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: 'Tim Bray' <tbray@textuality.com>, Derek Atkins <derek@ihtfp.com>, oauth@ietf.org, 'Apps Discuss' <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2012 16:55:51 -0000

Michael Thomas <mike@mtcc.com> writes:

> Derek Atkins wrote:
>> Michael Thomas <mike@mtcc.com> writes:
>>
>>> Why not MUST ASN.1 while you're at it? JSON has won in case
>>> you'all haven't noticed it.
>>
>> Well, now that you mention it...   ;-)
>>
>> But seriously, we're basing this work on an RFC that was just release
>> six months ago and it requires XML.  Why be so quick to drop something
>> we just published half a year ago?  So maybe in 6 months we drop JSON
>> and add the next big thing?  Come on, Mike.
>>
>> I agree, we should definitely support JSON.  But I also think we should
>> support XML.  The client can do what it wants, which is where want the
>> light weight implementation.
>
> I think you're probably misunderstanding me. I'm (I believe) with Tim
> in saying "pick one". Just one. For clients and servers. And I'm only

No, I'm not misunderstanding you, I know exactly what you are arguing
for.  And I'm agreeing with you that we must support JSON.  However, I
disagree that we should drop XML, especially considering 6415 requires
XML and it was just released 6 months ago.

I'm also saying that this is only a server-side requirement to support
both.  The client can choose to support only one based on its own
requirements.  If you already have an XML-based client, why force them
to add JSON support?  Similarly, if you already have a JSON-based
client, why force them to add XML support?

If you're writing a client, you can ignore XML and only play with JSON.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant