IETF Logo Mail Archive

Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

"Paul E. Jones" <paulej@packetizer.com> Fri, 20 April 2012 03:15 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CCBA11E80AA; Thu, 19 Apr 2012 20:15:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.328
X-Spam-Level:
X-Spam-Status: No, score=-2.328 tagged_above=-999 required=5 tests=[AWL=0.271, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AB5JhpJJUNTQ; Thu, 19 Apr 2012 20:15:49 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id BFB7111E8091; Thu, 19 Apr 2012 20:15:49 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q3K3FOei027893 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 19 Apr 2012 23:15:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1334891726; bh=rqC0GCbqmjz87DbVLUdMN3El0bP0BQKOr8kpRLDxfIQ=; h=From:To:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=FiLSoPbOrVLXkWG/mWfZIGkS0W21qFIyIrxyOiS3atUJHYR5/4ce2/it72pQoBQkW koS7ZfcSKVR7ZOjrurpFYZbSpEn4yAmwoZANbpbbhVWy1UgNVP7yd7ptKj53J3Nsqx DksdbXkT1/Zy/oUyU0CdV5TE/D+nz8jeQMUFoz9w=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, "'Murray S. Kucherawy'" <msk@cloudmark.com>, oauth@ietf.org, 'Apps Discuss' <apps-discuss@ietf.org>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Thu, 19 Apr 2012 23:15:45 -0400
Message-ID: <091401cd1ea3$e159be70$a40d3b50$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIAfr0IMYFP+Nqgkj5c4C1LFLKQ8QHu47mLATII4l0DGXo5TgGHkeTZAgqoPTuV7eKz0A==
Content-Language: en-us
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 03:15:50 -0000

Mike,

> There are two criteria that I would consider to be essential requirements
> for any resulting general-purpose discovery specification:
> 
> 1.  Being able to always discover per-user information with a single GET
> (minimizing user interface latency for mobile devices, etc.)

WF can do that.  See:
$ curl -v https://packetizer.com/.well-known/\
          host-meta.json?resource=acct:paulej@packetizer.com
 
> 2.  JSON should be required and it should be the only format required
> (simplicity and ease of deployment/adoption)

See the above example.  However, I also support XML with my server.  It took
me less than 10 minutes to code up both XML and JSON representations.  Once
the requested format is determined, the requested URI is determined, data is
pulled from the database, spitting out the desired format is trivial.
 
Note, and very important note: supporting both XML and JSON would only be a
server-side requirement.  The client is at liberty to use the format it
prefers.  I would agree that forcing a client to support both would be
unacceptable, but the server?  Nothing to it.
 
> SWD already meets those requirements.  If the resulting spec meets those
> requirements, it doesn't matter a lot whether we call it WebFinger or
> Simple Web Discovery, but I believe that the requirements discussion is
> probably the most productive one to be having at this point - not the
> starting point document.

I believe WebFinger meets those requirements.  We could debate whether XML
should be supported, but I'll note (again) that it is there in RFC 6415.
That document isn't all that old and, frankly, it concerns me that we would
have a strong preference for format A one week and then Format B the next.
We are where we are and I can see reason for asking for JSON, but no good
reason to say we should not allow XML (on the server side).

Paul

v2.23.0 | Report a Bug | By Email