IETF Logo Mail Archive

Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)

Michiel de Jong <michiel@unhosted.org> Thu, 12 April 2012 11:45 UTC

Return-Path: <michiel@unhosted.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA9021F8636 for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 04:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Opac3EySLu6R for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 04:45:34 -0700 (PDT)
Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by ietfa.amsl.com (Postfix) with ESMTP id ECA9921F8629 for <oauth@ietf.org>; Thu, 12 Apr 2012 04:45:33 -0700 (PDT)
Received: by dady13 with SMTP id y13so3322865dad.27 for <oauth@ietf.org>; Thu, 12 Apr 2012 04:45:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=RIpEXVDNZte4w7V6r1L803HqZQ13rH8PIZFazklD1z8=; b=UaWO3D9Jq+VvVPDl2vseCthIFVGS7JDmlm6W69tuwxfG0vSno+REWPrCuEUWo4OnyV e/kEP9pCbu9vovJGvCMeJvA5uIn79OvCd3WYjEyHaMwnyzj25piY7jhxKZCPmXR25pM/ 5EiRVXRzj1jQsFh3QgBxCHDJ5M4CBC5tNREx5q/277drkjF3UvAibV7uLmvTg09C/qag UImBMz2hSliOEjVgxvLCP+xbIKY/yjfpnE0lLTplYSFAbVam7KZ4FuOucPKu22vkYJiq 1vk+u8GgyjGAp5cu3O3Pjo8UHt40RKEczZjr1NSNNIC0K30BrzJLqsehkfN5T9aNLRFY hrJQ==
MIME-Version: 1.0
Received: by 10.68.200.162 with SMTP id jt2mr2449369pbc.54.1334231133738; Thu, 12 Apr 2012 04:45:33 -0700 (PDT)
Received: by 10.68.25.132 with HTTP; Thu, 12 Apr 2012 04:45:33 -0700 (PDT)
X-Originating-IP: [77.188.19.113]
In-Reply-To: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net>
Date: Thu, 12 Apr 2012 13:45:33 +0200
Message-ID: <CA+aD3u3AhvDkTHUW6NF9pZN9VvCsFsjC+J24TaryTRD+o7ncCA@mail.gmail.com>
From: Michiel de Jong <michiel@unhosted.org>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmQuvMl8EwFISyioOaT3F6EbmrWDkUxkkzKQGzl9HuVUceVouJIKN1qqScE6M5b/bREOt3H
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 11:45:34 -0000

Kudos for bringing this up!

imho, "speccers gonna spec" and it's impossible to stop overlapping
specs from showing up all the time. we'll have to live with the
existence of multiple standards.

Clients will just have to stand above whatever political reasons lie
behind them, and support both, just like DVD players often play like 8
different types of disc formats. We'll just have to query both, and
merge the information we find.

There are three important points regarding the differences between them, imho:
- webfinger mentions CORS, meaning that unlike swd it can be queried
by unhosted html5 apps, and not just server-to-server.
- swd mentions 401 responses, meaning that unlike webfinger, it can be
used to announce information to a limited audience, and not just
public data.
- webfinger starts at /.well-known/host-meta but swd starts at
/.well-known/simple-web-discovery, meaning a relying party will have
to choose which one to check first, and then check the other one in
case additional information lurks there. It would be nice if at least
that part could be reconciled. E.g. if swd requires providers to
(also) be discoverable through host-meta. That way there's one entry
point for both formats. Wouldn't that be nice?

My 2ct,
Michiel.


On Thu, Apr 12, 2012 at 1:00 PM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> Hi all,
>
> those who had attended the last IETF meeting may have noticed the ongoing activity in the 'Applications Area Working Group' regarding Web Finger.
> We had our discussion regarding Simple Web Discovery (SWD) as part of the re-chartering process.
>
> Here are the two specifications:
> http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03
> http://tools.ietf.org/html/draft-jones-simple-web-discovery-02
>
> Now, the questions that seems to be hanging around are
>
>  1) Aren't these two mechanisms solving pretty much the same problem?
>  2) Do we need to have two standards for the same functionality?
>  3) Do you guys have a position or comments regarding either one of them?
>
> Ciao
> Hannes
>
> PS: Please also let me know if your view is: "I don't really know what all this is about and the documents actually don't provide enough requirements to make a reasonable judgement about the solution space."
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email