Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
William Mills <wmills@yahoo-inc.com> Fri, 13 April 2012 17:15 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE0621F8797 for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2012 10:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.123
X-Spam-Level:
X-Spam-Status: No, score=-17.123 tagged_above=-999 required=5 tests=[AWL=0.475, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DVVH2Ml-1kOO for <oauth@ietfa.amsl.com>; Fri, 13 Apr 2012 10:15:46 -0700 (PDT)
Received: from nm12-vm0.bullet.mail.bf1.yahoo.com (nm12-vm0.bullet.mail.bf1.yahoo.com [98.139.213.140]) by ietfa.amsl.com (Postfix) with SMTP id 440FA21F877D for <oauth@ietf.org>; Fri, 13 Apr 2012 10:15:46 -0700 (PDT)
Received: from [98.139.212.147] by nm12.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
Received: from [98.139.212.193] by tm4.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
Received: from [127.0.0.1] by omp1002.mail.bf1.yahoo.com with NNFMP; 13 Apr 2012 17:15:45 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 713520.94139.bm@omp1002.mail.bf1.yahoo.com
Received: (qmail 63020 invoked by uid 60001); 13 Apr 2012 17:15:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1334337345; bh=YwmNJjH0PwbzYPkAG5e/+78U5vZV30IJhg5Sf0IrXcU=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=eWlTG68GFj3WvjrUMkxYFWc56usl3avpHXjcctTMWLA8XoB9Sj+91FCblQJ6kpCwPuDzHBE4R8jMZJjKthVb1/PHaaoWNARVR4KCqfCMkb5STQKZoXrSepW6PSTPDF+nyxGgHWWqtVozbQUT3nZ/YG7e8gyOuyuUHa+EEy2xI+k=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=q+E+m8gLGYec/EsixozGhzbPzWhTHlcPGBj031aUQ2lC6tWrYf9oyqUDmM58WZVUwLAOQMSczjtYo1Eidj43eHu2uik53C1kRa0cay/jIkp6seL+3zinzREHkzJfIx+ZQcza88/swR+nyTlBXK94VLsdI6uzsvMbgLKLZTuU5tM=;
X-YMail-OSG: Xb5wVHIVM1mlmRLoFbOdzR1X2FTgwDpLKM6dju8MU1.FpPT 9o5TxAtmo_MbwIkY50bb37pCoQG8BEQr9c06Zhb6LNhFQ9u8yH4Yj4JtTZIi CSk3CXQLK1wQzFM0Gtg9L8tcZN_UCsEA53Byf_Me2GMkyVLInsVgEkTco_qn dxEg3QBoxUKZs1cSsk7IpoldqK5dPAn.mxy2J1K6CjyPVeaLt_E9M6S.YuYB C3t14p_cW_TV6tTOQQOdLgkSgXuFZaB6nOaws4KLNKbCk_TeQwuk0UGHlF7W RmRQ3fhwN1cqllGB_dkUmUpgZos_Y_hj4wunoAWUrR6zGGMh7RTV.ksaD9ZV oJ2t1qW8Pyi5arE.vqGzty.a1h9SlLPkfQPXWnp5EWkLBlsH9u_1VnVGD4IG OLVNuPJIXM2BuA1ziYhOXpkKztKSNWukCZDPmCIUD
Received: from [99.31.212.42] by web31808.mail.mud.yahoo.com via HTTP; Fri, 13 Apr 2012 10:15:44 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F86C437.3000006@cs.tcd.ie> <4F871201.1000103@alcatel-lucent.com> <C87D8EE8-BBBA-4ACF-891B-3B1A2285469E@ve7jtb.com> <4F871EFB.6000807@alcatel-lucent.com>
Message-ID: <1334337344.85710.YahooMailNeo@web31808.mail.mud.yahoo.com>
Date: Fri, 13 Apr 2012 10:15:44 -0700
From: William Mills <wmills@yahoo-inc.com>
To: "igor.faynberg@alcatel-lucent.com" <igor.faynberg@alcatel-lucent.com>, John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4F871EFB.6000807@alcatel-lucent.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="258328648-1123531420-1334337344=:85710"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 17:15:47 -0000
Or perhaps update/extend the existing spec to do what is needed? Is there anything that is fundamentally in conflict? -bill >________________________________ > From: Igor Faynberg <igor.faynberg@alcatel-lucent.com> >To: John Bradley <ve7jtb@ve7jtb.com> >Cc: oauth@ietf.org >Sent: Thursday, April 12, 2012 11:29 AM >Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD) > >John, > > I agree with you on everything you said about the differences. My >question: Are these not about API rather than the protocol? > >(I was just trying to see if I can find a common fixed point to start with.) > >Igor > >On 4/12/2012 2:00 PM, John Bradley wrote: >> There are important deployment and privacy issues that caused openID Connect to use SWD. >> >> I was part of the OASIS XRI/XRD work that Web Finger has been based on. >> >> The main differences are around allowing all of the users information to be publicly discoverable, vs providing for access control. >> >> They are similar, but have real design differences. >> >> Web Finger without XML is not horrible by any means, but nether is SWD. >> >> SWD is more about users while host-meta is more about server resources. >> >> John B. >> >> >> On 2012-04-12, at 7:33 PM, Igor Faynberg wrote: >> >>> To me this looks like more than the same problem being solved--it appears to be the same protocol... I wonder if, the representation issues were put aside (i.e., left to the API specification), the common part is what can be adopted. >>> >>> Igor >>> >>> On 4/12/2012 8:01 AM, Stephen Farrell wrote: >>>> >>>> On 04/12/2012 12:00 PM, Hannes Tschofenig wrote: >>>>> Hi all, >>>>> >>>>> those who had attended the last IETF meeting may have noticed the ongoing activity in the 'Applications Area Working Group' regarding Web Finger. >>>>> We had our discussion regarding Simple Web Discovery (SWD) as part of the re-chartering process. >>>>> >>>>> Here are the two specifications: >>>>> http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03 >>>>> http://tools.ietf.org/html/draft-jones-simple-web-discovery-02 >>>>> >>>>> Now, the questions that seems to be hanging around are >>>>> >>>>> 1) Aren't these two mechanisms solving pretty much the same problem? >>>>> 2) Do we need to have two standards for the same functionality? >>>>> 3) Do you guys have a position or comments regarding either one of them? >>>>> >>>>> Ciao >>>>> Hannes >>>>> >>>>> PS: Please also let me know if your view is: "I don't really know what all this is about and the documents actually don't provide enough requirements to make a reasonable judgement about the solution space." >>>>> >>>> So just as a data-point. We (the IETF, but including >>>> me personally;-) mucked up badly on this some years >>>> ago in the PKI space - we standardised both CMP (rfc >>>> 2510) and CMC (rfc 2797) as two ways to do the same >>>> thing, after a protracted battle between factions >>>> supporting one or the other. We even made sure they >>>> had as much common syntax as possible. (CRMF, rfc >>>> 2511) >>>> >>>> Result: neither fully adopted, lots of people still >>>> do proprietary stuff, neither can be killed off >>>> (despite attempts), both need to be maintained (CMP >>>> is now RFC 4210, CMC, 5272, CRMF, 4211), and IMO >>>> partly as a result of us screwing up for what seemed >>>> like good reasons at the time, PKI administration >>>> stuff has never gotten beyond horrible-to-do. >>>> >>>> All-in-all, a really bad outcome which is still >>>> a PITA a dozen years later. >>>> >>>> As OAuth AD I will need *serious* convincing that >>>> there is a need to provide two ways to do the same >>>> thing. I doubt it'll be possible to convince me, >>>> in fact, so if you wanna try, you'll need to start >>>> by saying that they are not in fact two ways to do >>>> the same thing:-) >>>> >>>> S. >>>> >>>> PS: This discussion needs to also involve the Apps >>>> area, so I've cc'd that list. >>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >
- [OAUTH-WG] Web Finger vs. Simple Web Discovery (S… Hannes Tschofenig
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Michiel de Jong
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Pelle Wessman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Blaine Cook
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Dick Hardt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Panzer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Igor Faynberg
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Eran Hammer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Torsten Lodderstedt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- [OAUTH-WG] R: [apps-discuss] Web Finger vs. Simpl… Goix Laurent Walter
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… George Fletcher
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Julian Reschke
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Stephen Farrell
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… SM
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Daniel Renfer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Bob Wyman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Martin J. Dürst
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas