Re: [OAUTH-WG] [Openid-specs-ab] Simple Web Discovery

John Bradley <ve7jtb@ve7jtb.com> Sun, 31 October 2010 11:46 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB4A13A6845 for <oauth@core3.amsl.com>; Sun, 31 Oct 2010 04:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VufQg8vQM6mG for <oauth@core3.amsl.com>; Sun, 31 Oct 2010 04:46:37 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 001A73A683C for <oauth@ietf.org>; Sun, 31 Oct 2010 04:46:36 -0700 (PDT)
Received: by iwn40 with SMTP id 40so6084690iwn.31 for <oauth@ietf.org>; Sun, 31 Oct 2010 04:48:35 -0700 (PDT)
Received: by 10.231.14.73 with SMTP id f9mr12780861iba.25.1288525715129; Sun, 31 Oct 2010 04:48:35 -0700 (PDT)
Received: from 70-9-55-37.pools.spcsdns.net (70-9-55-37.pools.spcsdns.net [70.9.55.37]) by mx.google.com with ESMTPS id 8sm6805249iba.16.2010.10.31.04.48.29 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 31 Oct 2010 04:48:32 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/signed; boundary=Apple-Mail-659-980863515; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <AANLkTimaOgXvp9zXqCazt-+Z5KoOm_GDyD7buipYqxVg@mail.gmail.com>
Date: Sun, 31 Oct 2010 08:48:28 -0300
Message-Id: <A04A8D15-A56B-4052-9EAB-6A4045C7BD24@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B16804296739432459E77D@TK5EX14MBXC207.redmond.corp.microsoft.com> <AANLkTimAdES43rtkEA55x6uSE1N2irUZ=_6WHreLH9n0@mail.gmail.com> <AANLkTimaOgXvp9zXqCazt-+Z5KoOm_GDyD7buipYqxVg@mail.gmail.com>
To: John Panzer <jpanzer@google.com>
X-Mailer: Apple Mail (2.1081)
Cc: "openid-specs-connect@lists.openid.net" <openid-specs-connect@lists.openid.net>, "openid-specs-ab@lists.openid.net" <openid-specs-ab@lists.openid.net>, "webfinger@googlegroups.com" <webfinger@googlegroups.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [Openid-specs-ab] Simple Web Discovery
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Oct 2010 11:46:39 -0000

John is correct.  

Also when using a URL identifier like a blog it is possible to publish a XRD via link headers as well.  
That helps make publishing meta-data open to a broader selection of users.

If a site wanted to have a oAuth protected XRD service there is nothing to stop that.

In XRI/XRDS resolution we had per service discovery, much the same as MS is proposing for similar reasons.

People criticized that in XRI/XRDS as being too complicated.  That is why it is not in the current XRD spec.

We do need to make a side by side comparison.

I know that people have asked for a JSON format XRD document option.   That is on the OASIS TC list of things to work on.

John Bradley
On 2010-10-29, at 3:35 PM, John Panzer wrote:

> I think that it would be good to have a writeup like this that describes the differences and pros and cons of each approach. Perhaps on a Wiki page?
> 
> Some random thoughts:
> 
> One thing:  host-meta is highly cacheable, so the # of round trips will hopefully be comparable for large services with significant traffic.  In fact the user XRD is also cacheable as well so there can be zero round trips.  This proposal defines a mechanism separate from HTTP caching in order to cache responses, it'd be good to have a rationale for doing that (and to have an explanation of how this should interact with additional HTTP level caching.)
> 
> This mechanism appears to require multiple round trips to a server if you want to discover multiple services.  
> 
> This proposal seems to require that the /well-known provider run a significant service on their endpoint, as opposed to just dropping a file in place.  I think that the forwarding mechanism may be a way around that?  How would I hook into this mechanism if I really only can drop static files on my web server, but I can perhaps use cloud services that I've registered with to actually power the discovery?
> 
> --
> John Panzer / Google
> jpanzer@google.com / abstractioneer.org / @jpanzer
> 
> 
> 
> On Fri, Oct 29, 2010 at 4:04 AM, Lukas Rosenstock <lr@lukasrosenstock.net> wrote:
> Hello!
> This draft is looking nice, the idea and specification is simple and
> straightforward. I would like to draw the connection to other
> discovery approaches.
> 
> The introductory example in the draft was this one:
> GET /.well-known/simple-web-discovery?principal=mailto:joe@example.com&service=urn:adatum.com:calendar
> HTTP/1.1
> 
> This returns the following response:
> {
>  "locations":["http://calendars.proseware.com/calendars/joseph"]
> }
> 
> As per my understanding - please correct me if I'm wrong - this should
> be semantically equivalent to the following:
> 1) Perform host-meta discovery for example.com, which returns an XRD
> with the webfinger endpoint.
> 2) Do webfinger for joe@example.com.
> 3) The final XRD contains the following:
> <XRD>
> [...]
> <Link rel="urn:adatum.com:calendar"
> href="http://calendars.proseware.com/calendars/joseph" />
> [...]
> </XRD>
> 
> Both approaches work, but SWD is a shortcut removes parsing
> requirements and fetching roundtrips from the client.
> 
> Thoughts, anyone?!
> 
> Regards,
>  Lukas Rosenstock
> 
> 2010/10/27 Mike Jones <Michael.Jones@microsoft.com>om>:
> > Yaron Goland and I are submitting this Simple Web Discovery (SWD) draft
> > (attached and at
> > http://self-issued.info/docs/draft-jones-simple-web-discovery-00.html) for
> > consideration by the community to address this need.  SWD is simple to
> > understand and implement, enables different permissions to be applied to
> > discovery of different services, and is JSON-based.  I look forward to
> > discussing this with many of you next week at IIW.
> >
> >
> >
> >                                                                 -- Mike
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab@lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab