IETF Logo Mail Archive

Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 12 April 2012 12:02 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C6E21F85A3; Thu, 12 Apr 2012 05:02:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVWCEWHgnza6; Thu, 12 Apr 2012 05:02:03 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 2C92B21F84B8; Thu, 12 Apr 2012 05:02:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 03CD317147D; Thu, 12 Apr 2012 13:02:01 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1334232120; bh=0hhJx339BfR99P Ll1NZFG4gOklDtxqctzoHczcMrAe0=; b=K0lLb3kFAcvmUon0d8x3Gc4B1OGUGi fIERPG0yeqetw4LEPV6wkq3shTpu+CoByT13bpLLU6BTW3dar1iioTPHm3WOIWJt ufImCG631VXFFzcDzgG/AkbGO4TNx6tcIgqFnxiRoB/dXqGGGEIqMu0UrxCTR0E8 6sG8PWl1vV50pfJfU0WDU5ZwTieiHaDrvPaeWHZ3l53hmLCrvZuMbH76uuijFtUy oMvEZqGLxhXNjNMt/EcOfQ03sVvNkR2DD1UDWcIuSY9Qqv1bxOsMsm45M+Z8vUQm EGeEvoY6TFgtva9WJeWm0LeC9H0VRq2jDNgL9Uj8rxfQ9IwdYjUVJlPw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 1IXcjoiVrK-H; Thu, 12 Apr 2012 13:02:00 +0100 (IST)
Received: from [10.87.48.3] (unknown [86.45.63.74]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 56A6117147C; Thu, 12 Apr 2012 13:02:00 +0100 (IST)
Message-ID: <4F86C437.3000006@cs.tcd.ie>
Date: Thu, 12 Apr 2012 13:01:59 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net>
In-Reply-To: <423611CD-8496-4F89-8994-3F837582EB21@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 12:02:04 -0000

On 04/12/2012 12:00 PM, Hannes Tschofenig wrote:
 > Hi all,
 >
 > those who had attended the last IETF meeting may have noticed the 
ongoing activity in the 'Applications Area Working Group' regarding Web 
Finger.
 > We had our discussion regarding Simple Web Discovery (SWD) as part of 
the re-chartering process.
 >
 > Here are the two specifications:
 > http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03
 > http://tools.ietf.org/html/draft-jones-simple-web-discovery-02
 >
 > Now, the questions that seems to be hanging around are
 >
 >   1) Aren't these two mechanisms solving pretty much the same problem?
 >   2) Do we need to have two standards for the same functionality?
 >   3) Do you guys have a position or comments regarding either one of 
them?
 >
 > Ciao
 > Hannes
 >
 > PS: Please also let me know if your view is: "I don't really know 
what all this is about and the documents actually don't provide enough 
requirements to make a reasonable judgement about the solution space."
 >

So just as a data-point. We (the IETF, but including
me personally;-) mucked up badly on this some years
ago in the PKI space - we standardised both CMP (rfc
2510) and CMC (rfc 2797) as two ways to do the same
thing, after a protracted battle between factions
supporting one or the other. We even made sure they
had as much common syntax as possible. (CRMF, rfc
2511)

Result: neither fully adopted, lots of people still
do proprietary stuff, neither can be killed off
(despite attempts), both need to be maintained (CMP
is now RFC 4210, CMC, 5272, CRMF, 4211), and IMO
partly as a result of us screwing up for what seemed
like good reasons at the time, PKI administration
stuff has never gotten beyond horrible-to-do.

All-in-all, a really bad outcome which is still
a PITA a dozen years later.

As OAuth AD I will need *serious* convincing that
there is a need to provide two ways to do the same
thing. I doubt it'll be possible to convince me,
in fact, so if you wanna try, you'll need to start
by saying that they are not in fact two ways to do
the same thing:-)

S.

PS: This discussion needs to also involve the Apps
area, so I've cc'd that list.

>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email