Re: [webfinger] Vision for Webfinger - what are we doing?

Melvin Carvalho <> Fri, 01 November 2013 15:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 42AD011E8395 for <>; Fri, 1 Nov 2013 08:14:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RmRg3XZzhmuj for <>; Fri, 1 Nov 2013 08:14:32 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c04::235]) by (Postfix) with ESMTP id 202A311E8393 for <>; Fri, 1 Nov 2013 08:14:30 -0700 (PDT)
Received: by with SMTP id x18so3613365lbi.12 for <>; Fri, 01 Nov 2013 08:14:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UN64T6FOvmjJ1XjpgPkt1ipiLYdqF4+1wLZjprLFbEI=; b=Y9JwJPzcMB1vOkrY+ryHqTXFjc68gGb0x84ZONP6xPHZ000Y39t5T5Afm2LZ7RyJiO zYlgAfIkHjnOUIDKExjEl+ZwaGUleHpAk9H/KrASp8vueBpkY4lyBclRyji2gNgbmHKG YiIHH7A0/HWI3fI6IXsKQDLtlTmjWQqTJMFm59ZOP8HYMYdnubKLkHsxx9yChi6XMfB2 kiTu9G1Ygyme97BfixFdtCC4iXhXOJBUn1ANwL0zMepSU2uJ2lq4TwPokiZGGjfDJZQy vBVm00M5wYe62y4kwhz6I1hnP7hYy7gwJ1h53+ej7eudE45rXQ2SPT5EPf8gkqbaDQfq SfCA==
MIME-Version: 1.0
X-Received: by with SMTP id si2mr2333741lac.32.1383318870017; Fri, 01 Nov 2013 08:14:30 -0700 (PDT)
Received: by with HTTP; Fri, 1 Nov 2013 08:14:29 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Fri, 01 Nov 2013 16:14:29 +0100
Message-ID: <>
From: Melvin Carvalho <>
To: Eric Mill <>
Content-Type: multipart/alternative; boundary="001a1133f3d0dbced204ea1f055b"
Cc: "Paul E. Jones" <>, "" <>, "" <>
Subject: Re: [webfinger] Vision for Webfinger - what are we doing?
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Nov 2013 15:14:34 -0000

On 1 November 2013 15:58, Eric Mill <> wrote:

> I channeled this into a blog post, if anyone's interested:

Nice post.  It's actually worth rereading Eran's post on this topic.  It's
great that eran talks about http range 14.

+1 that your record has https

+1 that you set the mime type

I personally would *not* use the link relations, but reuse
existing predicates such as FOAF, which passes W3C validation (e.g.
vapour).  But you are free to choose what you prefer.

IMHO, decentralization didnt happen, we live in a more centralized web than
ever.  Many people including Chris Messina advocated the host your own
identity pattern, but slowly but surely, the concept was put more and more
to the side.  At least openid in theory still allows it, even if the
practice is very different.  Persona does not allow it at all.

You seem to suggest that webfinger is about getting information about email
addresses, although that was the original idea, but it's not now.  It's
about accounts at hosts, which is a subtle difference.  SWD was about email

Overall I find myself agreeing with most of what you say :)

> I imagine it's going to rankle some people who disagree with my prognosis
> that some things are dead, but it's how it feels from here. Webfinger needs
> rapid experimentation, high profile adoption, and the energy of the rest of
> the open web community.
> On Wed, Oct 16, 2013 at 11:38 AM, Eric Mill <> wrote:
>> This is all helpful to hear, and I hope these all come to fruition,
>> especially OpenID Connect. I'll take a stab at setting up my own OpenID
>> Connect service on my domain and see how it feels.
>> I guess it's inevitable that we have to hope the big companies make a
>> meaningful gesture, too. Giving Google's outdated Webfinger endpoint<> for
>> Gmail a big update would be a great start.
>> On Tue, Oct 15, 2013 at 3:23 PM, Paul E. Jones <>wrote:
>>>  Eric,
>>> OpenID is not entirely dead, yet.  I still run my own OpenID OP server
>>> and use it to log into some sites.  I still allow OpenID logins on
>>>, too.  It's still in use, but the large sites
>>> just didn't have enough users using it, so they axed it.  On its heels,
>>> though, is now OpenID Connect and it will use WebFinger for discovery.  so,
>>> sure... push it :-)
>>> Personally, I can think of a lot of good uses for WebFinger:
>>> * When I log onto a web site, I want the site to grab my name an picture
>>> automatically.
>>> * If I want somebody to send me bitcoins, I'd much rather give them my
>>> email address (and I do have that in my WF account)
>>> * My contact info is published via WebFinger, so I don't have to give
>>> people a lot of info on a business card
>>> * WebFinger will hopefully be used as the starting point for
>>> auto-provisioning of email clients or other devices and applications where
>>> one has to enter server and port information
>>> Paul
>>> On 10/14/2013 11:21 PM, Eric Mill wrote:
>>> Hey all,
>>>  I was at a hackathon<> today,
>>> and spent the day working on Webfinger libraries for Sinatra<>and
>>> Jekyll <>. It was really
>>> productive, but -- at the end of the day, a reporter was there asking
>>> everybody questions about their projects.
>>>  When he asked what Webfinger was for, I realized that the original
>>> easy-to-communicate killer app for Webfinger, easing universal login
>>> through OpenID, was<>
>>> dead <>. The only thing I could think to say
>>> was "Remember OpenID? Before it died? Well, this is a piece of the puzzle
>>> to putting something like that back together again."
>>>  That didn't feel like a very impressive answer. So, now that OpenID is
>>> dead, what's the one line explanation for why Webfinger is important?
>>> What's the path forward to making Webfinger something people are
>>> incentivized to support?
>>>  Should we be pushing really hard to resuscitate OpenID via OpenID
>>> Connect? Do we just need to wait for internal lobbying inside of
>>> Google/Microsoft/Twitter/etc to pay off in some announcement? I know
>>> Webfinger supports more than email lookup -- is there some particular
>>> killer app people were envisioning when they lobbied for that feature?
>>>  I'm so happy there's finally an RFC, after so many years. I recognize
>>> how much work was put in to make that happen, and this shouldn't be taken
>>> as a criticism of anyone. I just want to know what others see for the
>>> future of Webfinger, and what I should do next.
>>>  -- Eric
>>>  --
>>> | @konklone <>
>>> _______________________________________________
>>> webfinger mailing listwebfinger@ietf.org
>>> _______________________________________________
>>> webfinger mailing list
>> --
>> | @konklone <>
> --
> | @konklone <>
> _______________________________________________
> webfinger mailing list