Re: [webfinger] Vision for Webfinger - what are we doing?

Eric Mill <> Fri, 01 November 2013 15:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55A1C11E815F for <>; Fri, 1 Nov 2013 08:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.477
X-Spam-Status: No, score=-1.477 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_BACKHAIR_42=1, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iuPZGcn4tgSB for <>; Fri, 1 Nov 2013 08:50:02 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4013:c01::232]) by (Postfix) with ESMTP id B88D211E81C6 for <>; Fri, 1 Nov 2013 08:50:00 -0700 (PDT)
Received: by with SMTP id a15so2157638eae.9 for <>; Fri, 01 Nov 2013 08:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=WBVXDYJXsl6DtVTZWppSL4vOOQkJQNDGXxZXGPPCZ7I=; b=Yof/wln5r9NT1AQ5kCME5VLVGFNjbNSG/PPzcoKqFQjEjJX8VNljkSs4tUecGyrqr9 MPa2p4qoiJlOaZO+8L1wzotGHID1kmS5bv1d4+M+/PYdLfpGymZdH0e1jmI7lIqY7Ogz ES3+oYofQkMEZtLVsijY1+1V8pjggHNFERZbwIs1lUw56nl+lr5v3dcs94XVcuwItfdp M2wkeGLcuY3+3Ud1dzrwHqZog00nscGSF7jFNS8y+CcYDgqDmfr9RcpyztFBS5t6229O PAWGSN1T0Ho6Nz9hvqWag22qx/untn0lvdddKyF4jT+9HJIVDsxVJPGdXb5y1Nr6H4hF WbXg==
X-Received: by with SMTP id f5mr3930886eeg.48.1383320999731; Fri, 01 Nov 2013 08:49:59 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 1 Nov 2013 08:49:19 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <>
From: Eric Mill <>
Date: Fri, 01 Nov 2013 11:49:19 -0400
X-Google-Sender-Auth: muQOshJhNV8-n8o8oLyp_b6yFoI
Message-ID: <>
Content-Type: multipart/alternative; boundary="001a11c2833accaaad04ea1f846b"
Cc: "Paul E. Jones" <>, "" <>
Subject: Re: [webfinger] Vision for Webfinger - what are we doing?
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Nov 2013 15:50:04 -0000

I know I gloss over the non-email uses of Webfinger. It's just very far
from my original understanding of WF, and I don't know any uses out there
of WF for non-email URIs to mention. FWIW, I was more precise in the
definition I contributed
<>to the front
page of <>: "A way to attach information
to an email address, or other online resource."

About the link relations (and maybe this should be a separate thread), when
I was making sinatra-webfinger, I realized it was useful to start a little
mapping file<>of
keywords to best-practice URNs. That way, my configuration was just
"name: 'Eric Mill'", etc.

Maybe it's worth factoring this out to its own tiny repo, and soliciting
contributions? I think in practice, most admin and user interaction with
Webfinger property names and link rel's should be through common names, not
literally pasting in whole URNs. I honestly can't be bothered to remember
them, or choose between them.

-- Eric

On Fri, Nov 1, 2013 at 11:14 AM, Melvin Carvalho

> On 1 November 2013 15:58, Eric Mill <> wrote:
>> I channeled this into a blog post, if anyone's interested:
> Nice post.  It's actually worth rereading Eran's post on this topic.  It's
> great that eran talks about http range 14.
> +1 that your record has https
> +1 that you set the mime type
> I personally would *not* use the link relations, but reuse
> existing predicates such as FOAF, which passes W3C validation (e.g.
> vapour).  But you are free to choose what you prefer.
> IMHO, decentralization didnt happen, we live in a more centralized web
> than ever.  Many people including Chris Messina advocated the host your own
> identity pattern, but slowly but surely, the concept was put more and more
> to the side.  At least openid in theory still allows it, even if the
> practice is very different.  Persona does not allow it at all.
> You seem to suggest that webfinger is about getting information about
> email addresses, although that was the original idea, but it's not now.
> It's about accounts at hosts, which is a subtle difference.  SWD was about
> email addresses.
> Overall I find myself agreeing with most of what you say :)
>> I imagine it's going to rankle some people who disagree with my prognosis
>> that some things are dead, but it's how it feels from here. Webfinger needs
>> rapid experimentation, high profile adoption, and the energy of the rest of
>> the open web community.
>> On Wed, Oct 16, 2013 at 11:38 AM, Eric Mill <> wrote:
>>> This is all helpful to hear, and I hope these all come to fruition,
>>> especially OpenID Connect. I'll take a stab at setting up my own OpenID
>>> Connect service on my domain and see how it feels.
>>> I guess it's inevitable that we have to hope the big companies make a
>>> meaningful gesture, too. Giving Google's outdated Webfinger endpoint<> for
>>> Gmail a big update would be a great start.
>>> On Tue, Oct 15, 2013 at 3:23 PM, Paul E. Jones <>wrote:
>>>>  Eric,
>>>> OpenID is not entirely dead, yet.  I still run my own OpenID OP server
>>>> and use it to log into some sites.  I still allow OpenID logins on
>>>>, too.  It's still in use, but the large sites
>>>> just didn't have enough users using it, so they axed it.  On its heels,
>>>> though, is now OpenID Connect and it will use WebFinger for discovery.  so,
>>>> sure... push it :-)
>>>> Personally, I can think of a lot of good uses for WebFinger:
>>>> * When I log onto a web site, I want the site to grab my name an
>>>> picture automatically.
>>>> * If I want somebody to send me bitcoins, I'd much rather give them my
>>>> email address (and I do have that in my WF account)
>>>> * My contact info is published via WebFinger, so I don't have to give
>>>> people a lot of info on a business card
>>>> * WebFinger will hopefully be used as the starting point for
>>>> auto-provisioning of email clients or other devices and applications where
>>>> one has to enter server and port information
>>>> Paul
>>>> On 10/14/2013 11:21 PM, Eric Mill wrote:
>>>> Hey all,
>>>>  I was at a hackathon<> today,
>>>> and spent the day working on Webfinger libraries for Sinatra<>and
>>>> Jekyll <>. It was really
>>>> productive, but -- at the end of the day, a reporter was there asking
>>>> everybody questions about their projects.
>>>>  When he asked what Webfinger was for, I realized that the original
>>>> easy-to-communicate killer app for Webfinger, easing universal login
>>>> through OpenID, was<>
>>>> dead <>. The only thing I could think to say
>>>> was "Remember OpenID? Before it died? Well, this is a piece of the puzzle
>>>> to putting something like that back together again."
>>>>  That didn't feel like a very impressive answer. So, now that OpenID
>>>> is dead, what's the one line explanation for why Webfinger is important?
>>>> What's the path forward to making Webfinger something people are
>>>> incentivized to support?
>>>>  Should we be pushing really hard to resuscitate OpenID via OpenID
>>>> Connect? Do we just need to wait for internal lobbying inside of
>>>> Google/Microsoft/Twitter/etc to pay off in some announcement? I know
>>>> Webfinger supports more than email lookup -- is there some particular
>>>> killer app people were envisioning when they lobbied for that feature?
>>>>  I'm so happy there's finally an RFC, after so many years. I recognize
>>>> how much work was put in to make that happen, and this shouldn't be taken
>>>> as a criticism of anyone. I just want to know what others see for the
>>>> future of Webfinger, and what I should do next.
>>>>  -- Eric
>>>>  --
>>>> | @konklone <>
>>>> _______________________________________________
>>>> webfinger mailing listwebfinger@ietf.org
>>>> _______________________________________________
>>>> webfinger mailing list
>>> --
>>> | @konklone <>
>> --
>> | @konklone <>
>> _______________________________________________
>> webfinger mailing list
>  --
> ---
> You received this message because you are subscribed to the Google Groups
> "WebFinger" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> For more options, visit

-- | @konklone <>