IETF Logo Mail Archive

Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

Gonzalo Salgueiro <gsalguei@cisco.com> Fri, 20 April 2012 17:09 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 326AC21F86F0 for <oauth@ietfa.amsl.com>; Fri, 20 Apr 2012 10:09:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.549
X-Spam-Level:
X-Spam-Status: No, score=-10.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fueeFK0X4mDa for <oauth@ietfa.amsl.com>; Fri, 20 Apr 2012 10:09:50 -0700 (PDT)
Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by ietfa.amsl.com (Postfix) with ESMTP id 23F9D21F86EA for <oauth@ietf.org>; Fri, 20 Apr 2012 10:09:50 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from chook.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q3KH9mxK018509 for <oauth@ietf.org>; Fri, 20 Apr 2012 13:09:48 -0400 (EDT)
Received: from dhcp-64-102-154-162.cisco.com (dhcp-64-102-154-162.cisco.com [64.102.154.162]) by chook.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q3KH9mLD004542; Fri, 20 Apr 2012 13:09:48 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: Gonzalo Salgueiro <gsalguei@cisco.com>
In-Reply-To: <sjmbommzdv4.fsf@mocana.ihtfp.org>
Date: Fri, 20 Apr 2012 13:09:48 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F48DDA5-EA3C-45B0-90E0-C39F06748B35@cisco.com>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <091401cd1ea3$e159be70$a40d3b50$@packetizer.com> <CAHBU6it3ZmTdK-mTwydXSRvGvZAYuv0FFR2EWLwdfTxQh4XV5g@mail.gmail.com> <091901cd1eb0$167a8ce0$436fa6a0$@packetizer.com> <sjmbommzdv4.fsf@mocana.ihtfp.org>
To: Derek Atkins <derek@ihtfp.com>
X-Mailer: Apple Mail (2.1257)
Cc: oauth@ietf.org, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 17:09:51 -0000

Derek - 

On Apr 20, 2012, at 10:17 AM, Derek Atkins wrote:

> Paul,
> 
> "Paul E. Jones" <paulej@packetizer.com> writes:
> 
>> Tim,
>> 
>> I do not agree that it's harmful. If I removed the WF discussion off the
>> table, I'm still having a hard time buying into everything you said in the
>> blog post.
>> 
>> I implement various web services, largely for my own use.  Usually, I
>> implement all of them in XML, JSON, plain text (attribute/value pairs), AND
>> JavaScript (for JSONP).  For simple services, it's not hard.  I do it
>> because I sometimes have different wants/desires on the client side.  (For
>> more complex ones, I use XML.)
> 
> As an individual (and not the chair of OAUTH) I believe that the server
> should be allowed, no encouraged, to support multiple formats for data
> retrieval.  I also believe that clients should be allowed to choose only
> one.  I am fine with JSON being Mandatory to Implement.  I am NOT okay
> with making it the only one, and I am even less okay with mandating it
> is the ONLY one.  I would say MUST JSON, MUST (or possibly SHOULD -- you
> can convince me either way) XML, and MAY for anything else that people
> feel stronly about (although I feel in 2012 XML and JSON are the two
> best).  I also feel it is okay to say that a client MUST implement one
> of JSON or XML, and MAY implement more.
> 
> <OAUTH Chair Hat>
> 
> Note that this is a replay of the historical "MUST Implement" versus
> "MUST Use" arguments.  Just because the server MUST IMPLEMENT JSON and
> XML does not mean that a Client must use both (or even that a client
> must implement both).  It is perfectly reasonable and generally
> acceptable to have a server that provides data in multiple formats
> whereas the client only supports a subset and specifies which format(s)
> are acceptable.
> 
> </OAUTH Char Hat>
> 

This is the most sensible path forward.  A MUST for JSON and XML (I'm going with a MUST for XML to maintain backwards compatibility with RFC 6415) on the server side and a client can choose whatever format it wants. This is the approach taken in the current WebFinger draft. If we reach consensus that we must mandate a client format (Note: I don't personally think we need to), then so be it.

Cheers,

Gonzalo

> -derek
> 
> -- 
>       Derek Atkins                 617-623-3745
>       derek@ihtfp.com             www.ihtfp.com
>       Computer and Internet Security Consultant
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>

v2.23.0 | Report a Bug | By Email