Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

[Derek Atkins <derek@ihtfp.com>]

Paul,

"Paul E. Jones" <paulej@packetizer.com> writes:

> Tim,
>
> I do not agree that it's harmful. If I removed the WF discussion off the
> table, I'm still having a hard time buying into everything you said in the
> blog post.
>
> I implement various web services, largely for my own use.  Usually, I
> implement all of them in XML, JSON, plain text (attribute/value pairs), AND
> JavaScript (for JSONP).  For simple services, it's not hard.  I do it
> because I sometimes have different wants/desires on the client side.  (For
> more complex ones, I use XML.)

As an individual (and not the chair of OAUTH) I believe that the server
should be allowed, no encouraged, to support multiple formats for data
retrieval.  I also believe that clients should be allowed to choose only
one.  I am fine with JSON being Mandatory to Implement.  I am NOT okay
with making it the only one, and I am even less okay with mandating it
is the ONLY one.  I would say MUST JSON, MUST (or possibly SHOULD -- you
can convince me either way) XML, and MAY for anything else that people
feel stronly about (although I feel in 2012 XML and JSON are the two
best).  I also feel it is okay to say that a client MUST implement one
of JSON or XML, and MAY implement more.

<OAUTH Chair Hat>

Note that this is a replay of the historical "MUST Implement" versus
"MUST Use" arguments.  Just because the server MUST IMPLEMENT JSON and
XML does not mean that a Client must use both (or even that a client
must implement both).  It is perfectly reasonable and generally
acceptable to have a server that provides data in multiple formats
whereas the client only supports a subset and specifies which format(s)
are acceptable.

</OAUTH Char Hat>

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant