IETF Logo Mail Archive

Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

William Mills <wmills@yahoo-inc.com> Fri, 20 April 2012 14:45 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B1CF21F876D for <oauth@ietfa.amsl.com>; Fri, 20 Apr 2012 07:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.123
X-Spam-Level:
X-Spam-Status: No, score=-17.123 tagged_above=-999 required=5 tests=[AWL=0.475, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJy8zHt5dYVA for <oauth@ietfa.amsl.com>; Fri, 20 Apr 2012 07:45:24 -0700 (PDT)
Received: from nm2.bullet.mail.sp2.yahoo.com (nm2.bullet.mail.sp2.yahoo.com [98.139.91.72]) by ietfa.amsl.com (Postfix) with SMTP id 2227E21F872B for <oauth@ietf.org>; Fri, 20 Apr 2012 07:45:24 -0700 (PDT)
Received: from [98.139.91.66] by nm2.bullet.mail.sp2.yahoo.com with NNFMP; 20 Apr 2012 14:45:24 -0000
Received: from [98.139.91.10] by tm6.bullet.mail.sp2.yahoo.com with NNFMP; 20 Apr 2012 14:45:23 -0000
Received: from [127.0.0.1] by omp1010.mail.sp2.yahoo.com with NNFMP; 20 Apr 2012 14:45:23 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 909230.69380.bm@omp1010.mail.sp2.yahoo.com
Received: (qmail 66981 invoked by uid 60001); 20 Apr 2012 14:45:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1334933123; bh=5RHkXY/BmJVZ7JLRRHQGc7cRREIIW+Cg2HZAwEat2kU=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=tZMTVgnUv+RRzNcXCUmeUY/JYVys5WTXvWWV5q04plGBBCmGz8e77XlPCKBvXe6fbj7tIOSPedlWI8p5FTcTLWvOSAT60TZN+cXV6F2pzQUMeBKNE70+wQmUi2hLP6lvmEq+sEaabZqiPjWfdhjjV5IWOp4zfg5vIKLSoCwTujc=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=OovIvBJLbumVCatWVhVi0k8AEp1tpZYV1ye+EjCKDX/wNiy4qmpQyFGg+xs/M1+WbAAFwwHQc/uo5NyY0ytOCRLh9YslPtP480uZHKAa69rlNHrw8I46ckru28nQ45JpEf8AE72uFaieUt+ZA+VlXsop4Xt2boSl7B82vf4HJ5w=;
X-YMail-OSG: LOjKxvkVM1kqXD5BDqKzbH2e8IalOMyIzPEHK2KJmFuQF14 MukCJ1Z_KjgicGtiUDSnWwLIZ8mld5jVrb2iNyCPaGpwoiwKJrJEOKm1_d6g Vu2TxOTNhp3tdGGdkQV3KsHbF7uuMPn_i.KJQo2Jl_4qG8Ad_YYvBYLpi1Re rRm9A8ZvXiHM9K59W34pw7RBX9USNDV5J4pNn6muSnZN_1wN777a2k1AC6By 7IpZOg_m.G2SrkiNh6Ih1E0FHeJIuh8yiz1UVmqZiuTdApT5WM3BrjNnugvV vCCKTe5n.xXiTMgyTxXS7l2ISvOnQ_r0_iLYbl865jTaaAb5f4e9mgPY1BAw P5MHgWXDANlNAgKkKWM52QKBfi_WlLP2Woq_wKSIT.M0X5ahsuW1NP1gR0MY ZDf360UN_MDBFqYtwNmc5cA.wTXFKvA--
Received: from [99.31.212.42] by web31803.mail.mud.yahoo.com via HTTP; Fri, 20 Apr 2012 07:45:23 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <091401cd1ea3$e159be70$a40d3b50$@packetizer.com> <4E1F6AAD24975D4BA5B1680429673943664915EF@TK5EX14MBXC284.redmond.corp.microsoft.com> <091d01cd1eb7$da2c7ed0$8e857c70$@packetizer.com> <4E1F6AAD24975D4BA5B1680429673943664916A0@TK5EX14MBXC284.redmond.corp.microsoft.com>
Message-ID: <1334933123.53510.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Fri, 20 Apr 2012 07:45:23 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "Paul E. Jones" <paulej@packetizer.com>, "'Murray S. Kucherawy'" <msk@cloudmark.com>, "oauth@ietf.org" <oauth@ietf.org>, 'Apps Discuss' <apps-discuss@ietf.org>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664916A0@TK5EX14MBXC284.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-681895590-1334933123=:53510"
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 14:45:25 -0000

So you are guaranteeing that there are no clients using WF today?  




>________________________________
> From: Mike Jones <Michael.Jones@microsoft.com>
>To: Paul E. Jones <paulej@packetizer.com>; 'Murray S. Kucherawy' <msk@cloudmark.com>; "oauth@ietf.org" <oauth@ietf.org>; 'Apps Discuss' <apps-discuss@ietf.org> 
>Sent: Thursday, April 19, 2012 10:48 PM
>Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
> 
>To be clear, making this mandatory would break no clients.  It would require updating some servers, just as requiring JSON would.  This seems like a fair tradeoff when it makes an appreciable difference in user interface latency in some important scenarios.  If you and the other key WebFinger supporters can agree to making "resource" support mandatory and requiring JSON, I believe we may have a path forward.
>
>                Cheers,
>                -- Mike
>
>-----Original Message-----
>From: Paul E. Jones [mailto:paulej@packetizer.com] 
>Sent: Thursday, April 19, 2012 10:39 PM
>To: Mike Jones; 'Murray S. Kucherawy'; oauth@ietf.org; 'Apps Discuss'
>Subject: RE: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
>
>That's correct.  We could certainly make it mandatory, but the reason it isn't is to maintain backward compatibility with existing deployments.
>
>I think we should always think carefully when we decide to make a change that breaks backward-compatibility.  This is one change that would do that.
>
>Paul
>
>> -----Original Message-----
>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
>> Sent: Friday, April 20, 2012 1:10 AM
>> To: Paul E. Jones; 'Murray S. Kucherawy'; oauth@ietf.org; 'Apps Discuss'
>> Subject: RE: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web 
>> Discovery
>> (SWD)
>> 
>> Currently, support for the "resource" parameter is optional, as per 
>> the following (correct?):
>> 
>>    Note that support for the "resource" parameter is optional, but
>>    strongly RECOMMENDED for improved performance.  If a server does not
>>    implement the "resource" parameter, then the server's host metadata
>>    processing logic remains unchanged from RFC 6415.
>> 
>> To truly support 1, this would need to be changed to REQUIRED, correct?
>> 
>>                 -- Mike
>> 
>> -----Original Message-----
>> From: Paul E. Jones [mailto:paulej@packetizer.com]
>> Sent: Thursday, April 19, 2012 8:16 PM
>> To: Mike Jones; 'Murray S. Kucherawy'; oauth@ietf.org; 'Apps Discuss'
>> Subject: RE: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web 
>> Discovery
>> (SWD)
>> 
>> Mike,
>> 
>> > There are two criteria that I would consider to be essential 
>> > requirements for any resulting general-purpose discovery specification:
>> >
>> > 1.  Being able to always discover per-user information with a single 
>> > GET (minimizing user interface latency for mobile devices, etc.)
>> 
>> WF can do that.  See:
>> $ curl -v https://packetizer.com/.well-known/\
>>           host-meta.json?resource=acct:paulej@packetizer.com
>> 
>> > 2.  JSON should be required and it should be the only format 
>> > required (simplicity and ease of deployment/adoption)
>> 
>> See the above example.  However, I also support XML with my server.  
>> It took me less than 10 minutes to code up both XML and JSON representations.
>> Once the requested format is determined, the requested URI is 
>> determined, data is pulled from the database, spitting out the desired 
>> format is trivial.
>> 
>> Note, and very important note: supporting both XML and JSON would only 
>> be a server-side requirement.  The client is at liberty to use the 
>> format it prefers.  I would agree that forcing a client to support 
>> both would be unacceptable, but the server?  Nothing to it.
>> 
>> > SWD already meets those requirements.  If the resulting spec meets 
>> > those requirements, it doesn't matter a lot whether we call it 
>> > WebFinger or Simple Web Discovery, but I believe that the 
>> > requirements discussion is probably the most productive one to be 
>> > having at this point - not the starting point document.
>> 
>> I believe WebFinger meets those requirements.  We could debate whether 
>> XML should be supported, but I'll note (again) that it is there in RFC 6415.
>> That document isn't all that old and, frankly, it concerns me that we 
>> would have a strong preference for format A one week and then Format B 
>> the next.
>> We are where we are and I can see reason for asking for JSON, but no 
>> good reason to say we should not allow XML (on the server side).
>> 
>> Paul
>> 
>> 
>> 
>
>
>
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>

v2.23.0 | Report a Bug | By Email