[Openid-specs-ab] SWD and redirection

Justin Richer jricher at mitre.org
Mon Feb 6 18:37:36 UTC 2012


But "expires" is optional, so you can have a permanent, static file. 
That's the same kind of thing that we'd be using here, due to similar 
domain-level site ownership issues.

  -- Justin

On 02/06/2012 01:25 PM, George Fletcher wrote:
> Hi,
>
> I just found out that our XRD/Webfinger support in production is 
> broken. This boils down to deployment issues for me since the owner of 
> the aol.com domain is the portal team, not the identity team. As more 
> and more specs are putting files in /.well-known I'm looking for 
> solutions that are less brittle that what I have right now. With that 
> context, is it acceptable to deploy a static file to 
> https://aol.com/.well-known/simple-web-discovery that returns...
>
>     {
>      "SWD_service_redirect":
>       {
>        "location":"https://api.screenname.aol.com/swd_server",
>        "expires": 1300752001
>       }
>     }
> That static file would ignore the query parameters though they will be 
> logged. Note that if the SWD request is for an @aim.com domain the 
> JSON response will be the same.
>
>     GET /.well-known/simple-web-discovery
>         ?principal=mailto:joe at aim.com
>         &service=urn:example.org:service:calendar HTTP/1.1
>     Host: aim.com
>
>     HTTP/1.1 200 OK
>     Content-Type: application/json
>
>     {
>      "SWD_service_redirect":
>       {
>        "location":"https://api.screenname.aol.com/swd_server",
>        "expires": 1300752001
>       }
>     }
>
> I'm assuming there are no trust chain issues if the redirect location 
> does NOT match the root domain of the original request.
>
> Finally, the expiration field is going to cause me problems. I really 
> would like the file to be static, but the client to requery every n 
> hours/days/weeks. This could be done using HTTP expiration semantics. 
> However, I don't have a deployment solution that allows me to update 
> the file on a fixed interval. I'll keep exploring options to make it 
> more dynamic, but the dynamic flow I have right now has been broken 
> twice by config upgrades.
>
> Thanks,
> George
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120206/d8e6c70d/attachment.html>


More information about the Openid-specs-ab mailing list