IETF Logo Mail Archive

Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)

William Mills <wmills@yahoo-inc.com> Fri, 13 April 2012 17:15 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE0621F8797 for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2012 10:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.123
X-Spam-Level:
X-Spam-Status: No, score=-17.123 tagged_above=-999 required=5 tests=[AWL=0.475, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DVVH2Ml-1kOO for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2012 10:15:46 -0700 (PDT)
Received: from nm12-vm0.bullet.mail.bf1.yahoo.com (nm12-vm0.bullet.mail.bf1.yahoo.com [98.139.213.140]) by ietfa.amsl.com (Postfix) with SMTP id 440FA21F877D for <oauth@ietf.org>; Fri, 13 Apr 2012 10:15:46 -0700 (PDT)
Received: from [98.139.212.147] by nm12.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
Received: from [98.139.212.193] by tm4.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
Received: from [127.0.0.1] by omp1002.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 713520.94139.bm@omp1002.mail.bf1.yahoo.com
Received: (qmail 63020 invoked by uid 60001); 13 Apr 2012 17:15:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1334337345; bh=YwmNJjH0PwbzYPkAG5e/+78U5vZV30IJhg5Sf0IrXcU=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=eWlTG68GFj3WvjrUMkxYFWc56usl3avpHXjcctTMWLA8XoB9Sj+91FCblQJ6kpCwPuDzHBE4R8jMZJjKthVb1/PHaaoWNARVR4KCqfCMkb5STQKZoXrSepW6PSTPDF+nyxGgHWWqtVozbQUT3nZ/YG7e8gyOuyuUHa+EEy2xI+k=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=q+E+m8gLGYec/EsixozGhzbPzWhTHlcPGBj031aUQ2lC6tWrYf9oyqUDmM58WZVUwLAOQMSczjtYo1Eidj43eHu2uik53C1kRa0cay/jIkp6seL+3zinzREHkzJfIx+ZQcza88/swR+nyTlBXK94VLsdI6uzsvMbgLKLZTuU5tM=;
X-YMail-OSG: Xb5wVHIVM1mlmRLoFbOdzR1X2FTgwDpLKM6dju8MU1.FpPT 9o5TxAtmo_MbwIkY50bb37pCoQG8BEQr9c06Zhb6LNhFQ9u8yH4Yj4JtTZIi CSk3CXQLK1wQzFM0Gtg9L8tcZN_UCsEA53Byf_Me2GMkyVLInsVgEkTco_qn dxEg3QBoxUKZs1cSsk7IpoldqK5dPAn.mxy2J1K6CjyPVeaLt_E9M6S.YuYB C3t14p_cW_TV6tTOQQOdLgkSgXuFZaB6nOaws4KLNKbCk_TeQwuk0UGHlF7W RmRQ3fhwN1cqllGB_dkUmUpgZos_Y_hj4wunoAWUrR6zGGMh7RTV.ksaD9ZV oJ2t1qW8Pyi5arE.vqGzty.a1h9SlLPkfQPXWnp5EWkLBlsH9u_1VnVGD4IG OLVNuPJIXM2BuA1ziYhOXpkKztKSNWukCZDPmCIUD
Received: from [99.31.212.42] by web31808.mail.mud.yahoo.com via HTTP; Fri, 13 Apr 2012 10:15:44 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F86C437.3000006@cs.tcd.ie> <4F871201.1000103@alcatel-lucent.com> <C87D8EE8-BBBA-4ACF-891B-3B1A2285469E@ve7jtb.com> <4F871EFB.6000807@alcatel-lucent.com>
Message-ID: <1334337344.85710.YahooMailNeo@web31808.mail.mud.yahoo.com>
Date: Fri, 13 Apr 2012 10:15:44 -0700
From: William Mills <wmills@yahoo-inc.com>
To: "igor.faynberg@alcatel-lucent.com" <igor.faynberg@alcatel-lucent.com>, John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4F871EFB.6000807@alcatel-lucent.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="258328648-1123531420-1334337344=:85710"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 17:15:47 -0000

Or perhaps update/extend the existing spec to do what is needed?  Is there anything that is fundamentally in conflict?

-bill




>________________________________
> From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
>To: John Bradley <ve7jtb@ve7jtb.com> 
>Cc: oauth@ietf.org 
>Sent: Thursday, April 12, 2012 11:29 AM
>Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
> 
>John,
>
>  I agree with you on everything you said about the differences.  My 
>question: Are these not about API rather than the protocol?
>
>(I was just trying to see if I can find a common fixed point to start with.)
>
>Igor
>
>On 4/12/2012 2:00 PM, John Bradley wrote:
>> There are important deployment and privacy issues that caused openID Connect to use SWD.
>>
>> I was part of the OASIS XRI/XRD work that Web Finger has been based on.
>>
>> The main differences are around allowing all of the users information to be publicly discoverable, vs providing for access control.
>>
>> They are similar, but have real design differences.
>>
>> Web Finger without XML is not horrible by any means,  but nether is SWD.
>>
>> SWD is more about users while host-meta is more about server resources.
>>
>> John B.
>>
>>
>> On 2012-04-12, at 7:33 PM, Igor Faynberg wrote:
>>
>>> To me this looks like more than the same problem being solved--it appears to be the same protocol... I wonder if, the representation issues were put aside (i.e., left to the API specification), the common part is what can be adopted.
>>>
>>> Igor
>>>
>>> On 4/12/2012 8:01 AM, Stephen Farrell wrote:
>>>>
>>>> On 04/12/2012 12:00 PM, Hannes Tschofenig wrote:
>>>>> Hi all,
>>>>>
>>>>> those who had attended the last IETF meeting may have noticed the ongoing activity in the 'Applications Area Working Group' regarding Web Finger.
>>>>> We had our discussion regarding Simple Web Discovery (SWD) as part of the re-chartering process.
>>>>>
>>>>> Here are the two specifications:
>>>>> http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03
>>>>> http://tools.ietf.org/html/draft-jones-simple-web-discovery-02
>>>>>
>>>>> Now, the questions that seems to be hanging around are
>>>>>
>>>>>    1) Aren't these two mechanisms solving pretty much the same problem?
>>>>>    2) Do we need to have two standards for the same functionality?
>>>>>    3) Do you guys have a position or comments regarding either one of them?
>>>>>
>>>>> Ciao
>>>>> Hannes
>>>>>
>>>>> PS: Please also let me know if your view is: "I don't really know what all this is about and the documents actually don't provide enough requirements to make a reasonable judgement about the solution space."
>>>>>
>>>> So just as a data-point. We (the IETF, but including
>>>> me personally;-) mucked up badly on this some years
>>>> ago in the PKI space - we standardised both CMP (rfc
>>>> 2510) and CMC (rfc 2797) as two ways to do the same
>>>> thing, after a protracted battle between factions
>>>> supporting one or the other. We even made sure they
>>>> had as much common syntax as possible. (CRMF, rfc
>>>> 2511)
>>>>
>>>> Result: neither fully adopted, lots of people still
>>>> do proprietary stuff, neither can be killed off
>>>> (despite attempts), both need to be maintained (CMP
>>>> is now RFC 4210, CMC, 5272, CRMF, 4211), and IMO
>>>> partly as a result of us screwing up for what seemed
>>>> like good reasons at the time, PKI administration
>>>> stuff has never gotten beyond horrible-to-do.
>>>>
>>>> All-in-all, a really bad outcome which is still
>>>> a PITA a dozen years later.
>>>>
>>>> As OAuth AD I will need *serious* convincing that
>>>> there is a need to provide two ways to do the same
>>>> thing. I doubt it'll be possible to convince me,
>>>> in fact, so if you wanna try, you'll need to start
>>>> by saying that they are not in fact two ways to do
>>>> the same thing:-)
>>>>
>>>> S.
>>>>
>>>> PS: This discussion needs to also involve the Apps
>>>> area, so I've cc'd that list.
>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email