[Openid-specs-ab] SWD and redirection

John Bradley ve7jtb at ve7jtb.com
Mon Feb 6 18:43:01 UTC 2012


Yes you don't need expires.  HTTP caching semantics are probably fine for you.


On 2012-02-06, at 3:37 PM, Justin Richer wrote:

> But "expires" is optional, so you can have a permanent, static file. That's the same kind of thing that we'd be using here, due to similar domain-level site ownership issues.
> 
>  -- Justin
> 
> On 02/06/2012 01:25 PM, George Fletcher wrote:
>> 
>> Hi,
>> 
>> I just found out that our XRD/Webfinger support in production is broken. This boils down to deployment issues for me since the owner of the aol.com domain is the portal team, not the identity team. As more and more specs are putting files in /.well-known I'm looking for solutions that are less brittle that what I have right now. With that context, is it acceptable to deploy a static file to https://aol.com/.well-known/simple-web-discovery that returns...
>> 
>>    {
>>     "SWD_service_redirect":
>>      {
>>       "location": "https://api.screenname.aol.com/swd_server",
>>       "expires": 1300752001
>>      }
>>    }
>> That static file would ignore the query parameters though they will be logged. Note that if the SWD request is for an @aim.com domain the JSON response will be the same. 
>> 
>>    GET /.well-known/simple-web-discovery
>>        ?principal=mailto:joe at aim.com
>>        &service=urn:example.org:service:calendar HTTP/1.1
>>    Host: aim.com
>> 
>>    HTTP/1.1 200 OK
>>    Content-Type: application/json
>> 
>>    {
>>     "SWD_service_redirect":
>>      {
>>       "location": "https://api.screenname.aol.com/swd_server",
>>       "expires": 1300752001
>>      }
>>    }
>> 
>> I'm assuming there are no trust chain issues if the redirect location does NOT match the root domain of the original request.
>> 
>> Finally, the expiration field is going to cause me problems. I really would like the file to be static, but the client to requery every n hours/days/weeks. This could be done using HTTP expiration semantics. However, I don't have a deployment solution that allows me to update the file on a fixed interval. I'll keep exploring options to make it more dynamic, but the dynamic flow I have right now has been broken twice by config upgrades.
>> 
>> Thanks,
>> George
>> 
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120206/9705e8dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120206/9705e8dc/attachment.p7s>


More information about the Openid-specs-ab mailing list