IETF Logo Mail Archive

Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)

"Paul E. Jones" <paulej@packetizer.com> Sat, 21 April 2012 03:33 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16EB111E8099; Fri, 20 Apr 2012 20:33:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.379
X-Spam-Level:
X-Spam-Status: No, score=-2.379 tagged_above=-999 required=5 tests=[AWL=0.220, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJhs2Rhy3thz; Fri, 20 Apr 2012 20:33:46 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id ACFA011E809B; Fri, 20 Apr 2012 20:33:46 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q3L3Xjwa006602 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 20 Apr 2012 23:33:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1334979226; bh=7asx+dAcTcnbVW7JJuWAQg3hlJHRj0hk3THAnh4+8Dc=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=pYN08uIQwe6j6ib8tUxCW2AwNvti5R95WfssdLPXGQQF1lu6U7W3lNwJXrtakck4j 1SqncHDRytxxpAlM+W5nCAP2Zv9KKctY8nrbFXlofBWl5q4ulNU2+HbnSFezsf1X+R tJSBjD/Y6Q/TAk/Szw5gS6f5IHjEyMuLnnhRr4w4=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Derek Atkins' <derek@ihtfp.com>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net> <4F8852D0.4020404@cs.tcd.ie> <9452079D1A51524AA5749AD23E0039280EFE8D@exch-mbx901.corp.cloudmark.com> <sjm1unn338j.fsf@mocana.ihtfp.org> <9452079D1A51524AA5749AD23E0039280FACC3@exch-mbx901.corp.cloudmark.com> <4E1F6AAD24975D4BA5B168042967394366490B2A@TK5EX14MBXC284.redmond.corp.microsoft.com> <091401cd1ea3$e159be70$a40d3b50$@packetizer.com> <CAHBU6it3ZmTdK-mTwydXSRvGvZAYuv0FFR2EWLwdfTxQh4XV5g@mail.gmail.com> <091901cd1eb0$167a8ce0$436fa6a0$@packetizer.com> <sjmbommzdv4.fsf@mocana.ihtfp.org>
In-Reply-To: <sjmbommzdv4.fsf@mocana.ihtfp.org>
Date: Fri, 20 Apr 2012 23:34:08 -0400
Message-ID: <0a7401cd1f6f$9cb98fd0$d62caf70$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIAfr0IMYFP+Nqgkj5c4C1LFLKQ8QHu47mLATII4l0DGXo5TgGHkeTZAgqoPTsBaa3oyAIw2f/NAUQ5aEgCO5nRqZW2qKXg
Content-Language: en-us
Cc: 'Tim Bray' <tbray@textuality.com>, oauth@ietf.org, 'Apps Discuss' <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Apr 2012 03:33:51 -0000

Derek,

> > I do not agree that it's harmful. If I removed the WF discussion off
> > the table, I'm still having a hard time buying into everything you
> > said in the blog post.
> >
> > I implement various web services, largely for my own use.  Usually, I
> > implement all of them in XML, JSON, plain text (attribute/value
> > pairs), AND JavaScript (for JSONP).  For simple services, it's not
> > hard.  I do it because I sometimes have different wants/desires on the
> > client side.  (For more complex ones, I use XML.)
> 
> As an individual (and not the chair of OAUTH) I believe that the server
> should be allowed, no encouraged, to support multiple formats for data
> retrieval.  I also believe that clients should be allowed to choose only
> one.  I am fine with JSON being Mandatory to Implement.  I am NOT okay
> with making it the only one, and I am even less okay with mandating it is
> the ONLY one.  I would say MUST JSON, MUST (or possibly SHOULD -- you can
> convince me either way) XML, and MAY for anything else that people feel
> stronly about (although I feel in 2012 XML and JSON are the two best).  I
> also feel it is okay to say that a client MUST implement one of JSON or
> XML, and MAY implement more.

I hope I didn't mislead you with my statements.  I definitely was not
suggesting we have more than XML and JSON on the server.  I was merely
pointing out that I've found it fairly simple on the server side to offer
multiple formats.  Spewing data out in some format is trivial, usually.

My preference has been MUST for XML and JSON since 1) XML is already a MUST
in RFC 6415 and we'd have to "break" what is there now to remove the MUST
and 2) people are clearly demanding JSON.
 
> <OAUTH Chair Hat>
> 
> Note that this is a replay of the historical "MUST Implement" versus "MUST
> Use" arguments.  Just because the server MUST IMPLEMENT JSON and XML does
> not mean that a Client must use both (or even that a client must implement
> both).  It is perfectly reasonable and generally acceptable to have a
> server that provides data in multiple formats whereas the client only
> supports a subset and specifies which format(s) are acceptable.
> 
> </OAUTH Char Hat>

Definitely... clients would only have to implement what they prefer.  Only
the server would be required to implement both.  (Still, there is contention
over requiring both on the server.)

Paul

v2.23.0 | Report a Bug | By Email