On 19 April 2012 20:26, Eran Hammer <e...@hueniverse.com> wrote: > #1 as John Panzer identified, allowing the server to control its > deployment and supporting HTTP redirects is critical. >
+1 > #2 JSON is better, which one is required is less of on issue but more of a > best practices item. > Happy with this comment, and a +1 for JSON only > > I'll add: > > * Highly cachable > +1 tho I think most CSN dont cache a 303 redirect > * Optimize for large providers, reducing the need to make repeated > requests when the information is mostly following a template on the server > side > +1 > * Ability to provide discovery on resources, not users or any other subset > (emails, etc.) > There's a subtlety here and that's the difference in HTML between "rel" and "rev". A forward or reverse lookup. Forward is a natural way to look things up, eg you give a URL and you get a document. But something like google search is actually a reverse index, you give it words and you get back URLs for documents. Initially hard to get your head round, but in practice can be incredibly practical and useful. Given a triple such as (subject verb object) <acct:user@host> email <mailto:user@host> Is your lookup based on the subject (WF) or the object (SWF)? If subject then you need something there. However, it need not be an acct: URI It could be a URN eg urn:acct:user@host (no new uri scheme needed) it could be a relative URI such as <#> (which facebook do) This indicates a pointer to the top of the document It can even be blank <> The so-called 'blank node' in the linked data world, but then you're more reliant on a query language, such as SPARQL. I'm sure I havent covered every possibility. OR you can key off the Object <anything> email <mailto:user@host> then return all key values assoicated with <anything> which would be in the @subject position in the case of XRD/JRD or the @id position in the case of something like JSON LD It's quite confusing but essentially you are asking two very different things: 1) Give me all information where the subject is acct:user@host Which also means having to create a mapping, and educating every system what the subject of their email (or xmpp/sip/tel/twitter account) should be. A potentially big task. Im not saying it's wrong, but IMHO this is potentially big enough to fill a whole other standards document in itself. or 2) Give me all information for the user with email mailto:user@host Non disruptive I'm sorry If i have not explained this very well, but the difference between rev and rel confuses a lot of confusion in HTML, and that's essentially the subtlety here (forward vs reverse lookup) > * Security agnostic - leave it to HTTP, TLS, OAuth, etc. > +1 > * HTTP compliant - doesn't invent it's own rediretion menthods or custom > headers, etc. > +1 > > EH > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Mike Jones > > Sent: Thursday, April 19, 2012 9:49 AM > > To: Murray S. Kucherawy; oauth@ietf.org WG; Apps Discuss > > Subject: Re: [OAUTH-WG] [apps-discuss] Web Finger vs. Simple Web > > Discovery (SWD) > > > > There are two criteria that I would consider to be essential > requirements for > > any resulting general-purpose discovery specification: > > > > 1. Being able to always discover per-user information with a single GET > > (minimizing user interface latency for mobile devices, etc.) > > > > 2. JSON should be required and it should be the only format required > > (simplicity and ease of deployment/adoption) > > > > SWD already meets those requirements. If the resulting spec meets those > > requirements, it doesn't matter a lot whether we call it WebFinger or > Simple > > Web Discovery, but I believe that the requirements discussion is probably > > the most productive one to be having at this point - not the starting > point > > document. > > > > -- Mike > > > > -----Original Message----- > > From: apps-discuss-boun...@ietf.org [mailto:apps-discuss- > > boun...@ietf.org] On Behalf Of Murray S. Kucherawy > > Sent: Thursday, April 19, 2012 9:32 AM > > To: oauth@ietf.org WG; Apps Discuss > > Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web > > Discovery (SWD) > > > > By all means people should correct me if they think I'm wrong about > this, but > > so far from monitoring the discussion there seems to be general support > for > > focusing on WebFinger and developing it to meet the needs of those who > > have deployed SWD, versus the opposite. > > > > Does anyone want to argue the opposite? > > > > -MSK, appsawg co-chair > > > > _______________________________________________ > > apps-discuss mailing list > > apps-disc...@ietf.org > > https://www.ietf.org/mailman/listinfo/apps-discuss > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > apps-discuss mailing list > apps-disc...@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
