Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
Melvin Carvalho <melvincarvalho@gmail.com> Thu, 19 April 2012 21:12 UTC
Return-Path: <melvincarvalho@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0DCF21F858B; Thu, 19 Apr 2012 14:12:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level:
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2R5X0DUdv5R; Thu, 19 Apr 2012 14:12:24 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 47DD621F84C4; Thu, 19 Apr 2012 14:12:24 -0700 (PDT)
Received: by vcbfo1 with SMTP id fo1so2432117vcb.31 for <multiple recipients>; Thu, 19 Apr 2012 14:12:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tk1+OiwgYZwl+p4Q2V5c4YufcGFTH2syCwDftsiR2c0=; b=l9Z5VSaY/C+m9Oph/MV1AR4A4eP5s9LjxJXa/EsOLN1N0sbzevTcPLbIUkim8VBGPU pAIj8BJuhDJUzy2auwrHA75qAU+s9aNNwq46P3QiUE76hRXzYTmV4p5GuMQ9R4C5MjoB fCCEB02qarIyJFEFEXxcvEGPmqDM0x79a0lfRo2gpvrferU6COwFGe+JMBgcjtlVd20w JwLk6vc4OtOAzYnWwqU/59BQ5eX52qvgY7L2QPtiIRvjpyvSDxCmVDwvHuokYeLIQmQz 3wZYTGVgInEn/WomeC5OCzw5lWO4w9FtVaayD4gjpX14rL5lIGHW3X9fDV4EpFZUJZFu UQrw==
MIME-Version: 1.0
Received: by 10.220.150.134 with SMTP id y6mr1952997vcv.43.1334869943741; Thu, 19 Apr 2012 14:12:23 -0700 (PDT)
Received: by 10.52.70.98 with HTTP; Thu, 19 Apr 2012 14:12:23 -0700 (PDT)
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2FF1C6A@P3PWEX2MB008.ex2.secureserver.net>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2FF1C6A@P3PWEX2MB008.ex2.secureserver.net>
Date: Thu, 19 Apr 2012 23:12:23 +0200
Message-ID: <CAKaEYhL35F7c5_DRzjKv1xFhU452DqNZFQeigMqtYXAUMb=H0A@mail.gmail.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Eran Hammer <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="f46d04389363d16d1604be0ea0a8"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 21:12:26 -0000
On 19 April 2012 20:26, Eran Hammer <eran@hueniverse.com> wrote: > #1 as John Panzer identified, allowing the server to control its > deployment and supporting HTTP redirects is critical. > +1 > #2 JSON is better, which one is required is less of on issue but more of a > best practices item. > Happy with this comment, and a +1 for JSON only > > I'll add: > > * Highly cachable > +1 tho I think most CSN dont cache a 303 redirect > * Optimize for large providers, reducing the need to make repeated > requests when the information is mostly following a template on the server > side > +1 > * Ability to provide discovery on resources, not users or any other subset > (emails, etc.) > There's a subtlety here and that's the difference in HTML between "rel" and "rev". A forward or reverse lookup. Forward is a natural way to look things up, eg you give a URL and you get a document. But something like google search is actually a reverse index, you give it words and you get back URLs for documents. Initially hard to get your head round, but in practice can be incredibly practical and useful. Given a triple such as (subject verb object) <acct:user@host> email <mailto:user@host> Is your lookup based on the subject (WF) or the object (SWF)? If subject then you need something there. However, it need not be an acct: URI It could be a URN eg urn:acct:user@host (no new uri scheme needed) it could be a relative URI such as <#> (which facebook do) This indicates a pointer to the top of the document It can even be blank <> The so-called 'blank node' in the linked data world, but then you're more reliant on a query language, such as SPARQL. I'm sure I havent covered every possibility. OR you can key off the Object <anything> email <mailto:user@host> then return all key values assoicated with <anything> which would be in the @subject position in the case of XRD/JRD or the @id position in the case of something like JSON LD It's quite confusing but essentially you are asking two very different things: 1) Give me all information where the subject is acct:user@host Which also means having to create a mapping, and educating every system what the subject of their email (or xmpp/sip/tel/twitter account) should be. A potentially big task. Im not saying it's wrong, but IMHO this is potentially big enough to fill a whole other standards document in itself. or 2) Give me all information for the user with email mailto:user@host Non disruptive I'm sorry If i have not explained this very well, but the difference between rev and rel confuses a lot of confusion in HTML, and that's essentially the subtlety here (forward vs reverse lookup) > * Security agnostic - leave it to HTTP, TLS, OAuth, etc. > +1 > * HTTP compliant - doesn't invent it's own rediretion menthods or custom > headers, etc. > +1 > > EH > > > -----Original Message----- > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > > Of Mike Jones > > Sent: Thursday, April 19, 2012 9:49 AM > > To: Murray S. Kucherawy; oauth@ietf.org WG; Apps Discuss > > Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web > > Discovery (SWD) > > > > There are two criteria that I would consider to be essential > requirements for > > any resulting general-purpose discovery specification: > > > > 1. Being able to always discover per-user information with a single GET > > (minimizing user interface latency for mobile devices, etc.) > > > > 2. JSON should be required and it should be the only format required > > (simplicity and ease of deployment/adoption) > > > > SWD already meets those requirements. If the resulting spec meets those > > requirements, it doesn't matter a lot whether we call it WebFinger or > Simple > > Web Discovery, but I believe that the requirements discussion is probably > > the most productive one to be having at this point - not the starting > point > > document. > > > > -- Mike > > > > -----Original Message----- > > From: apps-discuss-bounces@ietf.org [mailto:apps-discuss- > > bounces@ietf.org] On Behalf Of Murray S. Kucherawy > > Sent: Thursday, April 19, 2012 9:32 AM > > To: oauth@ietf.org WG; Apps Discuss > > Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web > > Discovery (SWD) > > > > By all means people should correct me if they think I'm wrong about > this, but > > so far from monitoring the discussion there seems to be general support > for > > focusing on WebFinger and developing it to meet the needs of those who > > have deployed SWD, versus the opposite. > > > > Does anyone want to argue the opposite? > > > > -MSK, appsawg co-chair > > > > _______________________________________________ > > apps-discuss mailing list > > apps-discuss@ietf.org > > https://www.ietf.org/mailman/listinfo/apps-discuss > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss >
- [OAUTH-WG] Web Finger vs. Simple Web Discovery (S… Hannes Tschofenig
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Michiel de Jong
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Igor Faynberg
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Stephen Farrell
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Blaine Cook
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Mike Jones
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Eran Hammer
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Melvin Carvalho
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… John Bradley
- Re: [OAUTH-WG] Web Finger vs. Simple Web Discover… Pelle Wessman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Blaine Cook
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Dick Hardt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Panzer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Murray S. Kucherawy
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Igor Faynberg
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Eran Hammer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Torsten Lodderstedt
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- [OAUTH-WG] R: [apps-discuss] Web Finger vs. Simpl… Goix Laurent Walter
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… George Fletcher
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Melvin Carvalho
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… William Mills
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Julian Reschke
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Gonzalo Salgueiro
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… John Bradley
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Stephen Farrell
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Tim Bray
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… SM
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Daniel Renfer
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Mike Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Bob Wyman
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Martin J. Dürst
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Derek Atkins
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Paul E. Jones
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Kevin Marks
- Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simp… Michael Thomas