Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

[Melvin Carvalho <melvincarvalho@gmail.com>]

On 19 April 2012 23:12, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

>
>
> On 19 April 2012 20:26, Eran Hammer <eran@hueniverse.com> wrote:
>
>> #1 as John Panzer identified, allowing the server to control its
>> deployment and supporting HTTP redirects is critical.
>>
>
> +1
>
>
>> #2 JSON is better, which one is required is less of on issue but more of
>> a best practices item.
>>
>
> Happy with this comment, and a +1 for JSON only
>
>
>>
>> I'll add:
>>
>> * Highly cachable
>>
>
> +1 tho I think most CSN dont cache a 303 redirect
>

Apologies CSN should read CDN


>
>
>> * Optimize for large providers, reducing the need to make repeated
>> requests when the information is mostly following a template on the server
>> side
>>
>
> +1
>
>
>> * Ability to provide discovery on resources, not users or any other
>> subset (emails, etc.)
>>
>
> There's a subtlety here and that's the difference in HTML between "rel"
> and "rev".
>
> A forward or reverse lookup.  Forward is a natural way to look things up,
> eg you give a URL and you get a document.  But something like google search
> is actually a reverse index, you give it words and you get back URLs for
> documents.  Initially hard to get your head round, but in practice can be
> incredibly practical and useful.
>
> Given a triple such as (subject verb object)
>
> <acct:user@host>  email  <mailto:user@host>
>
> Is your lookup based on the subject (WF) or the object (SWF)?
>
> If subject then you need something there.  However, it need not be an
> acct: URI
>
> It could be a URN eg
>
> urn:acct:user@host  (no new uri scheme needed)
>
> it could be a relative URI such as
>
> <#>  (which facebook do)
>
> This indicates a pointer to the top of the document
>
> It can even be blank
>
> <>
>
> The so-called 'blank node' in the linked data world, but then you're more
> reliant on a query language, such as SPARQL.
>
> I'm sure I havent covered every possibility.
>
> OR you can key off the Object
>
> <anything>  email <mailto:user@host>
>
> then return all key values assoicated with <anything> which would be in
> the @subject position in the case of XRD/JRD or the @id position in the
> case of something like JSON LD
>
> It's quite confusing but essentially you are asking two very different
> things:
>
> 1) Give me all information where the subject is acct:user@host
>
> Which also means having to create a mapping, and educating every system
> what the subject of their email (or xmpp/sip/tel/twitter account) should
> be.  A potentially big task.  Im not saying it's wrong, but IMHO this is
> potentially big enough to fill a whole other standards document in itself.
>
> or
>
> 2) Give me all information for the user with email mailto:user@host
>
> Non disruptive
>
> I'm sorry If i have not explained this very well, but the difference
> between rev and rel confuses a lot of confusion in HTML, and that's
> essentially the subtlety here (forward vs reverse lookup)
>
>
>> * Security agnostic - leave it to HTTP, TLS, OAuth, etc.
>>
>
> +1
>
>
>> * HTTP compliant - doesn't invent it's own rediretion menthods or custom
>> headers, etc.
>>
>
> +1
>
>
>>
>> EH
>>
>> > -----Original Message-----
>> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
>> > Of Mike Jones
>> > Sent: Thursday, April 19, 2012 9:49 AM
>> > To: Murray S. Kucherawy; oauth@ietf.org WG; Apps Discuss
>> > Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web
>> > Discovery (SWD)
>> >
>> > There are two criteria that I would consider to be essential
>> requirements for
>> > any resulting general-purpose discovery specification:
>> >
>> > 1.  Being able to always discover per-user information with a single GET
>> > (minimizing user interface latency for mobile devices, etc.)
>> >
>> > 2.  JSON should be required and it should be the only format required
>> > (simplicity and ease of deployment/adoption)
>> >
>> > SWD already meets those requirements.  If the resulting spec meets those
>> > requirements, it doesn't matter a lot whether we call it WebFinger or
>> Simple
>> > Web Discovery, but I believe that the requirements discussion is
>> probably
>> > the most productive one to be having at this point - not the starting
>> point
>> > document.
>> >
>> >                               -- Mike
>> >
>> > -----Original Message-----
>> > From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-
>> > bounces@ietf.org] On Behalf Of Murray S. Kucherawy
>> > Sent: Thursday, April 19, 2012 9:32 AM
>> > To: oauth@ietf.org WG; Apps Discuss
>> > Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web
>> > Discovery (SWD)
>> >
>> > By all means people should correct me if they think I'm wrong about
>> this, but
>> > so far from monitoring the discussion there seems to be general support
>> for
>> > focusing on WebFinger and developing it to meet the needs of those who
>> > have deployed SWD, versus the opposite.
>> >
>> > Does anyone want to argue the opposite?
>> >
>> > -MSK, appsawg co-chair
>> >
>> > _______________________________________________
>> > apps-discuss mailing list
>> > apps-discuss@ietf.org
>> > https://www.ietf.org/mailman/listinfo/apps-discuss
>> >
>> >
>> > _______________________________________________
>> > OAuth mailing list
>> > OAuth@ietf.org
>> > https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> apps-discuss mailing list
>> apps-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/apps-discuss
>>
>
>