[Openid-specs-ab] SWD and redirection
George Fletcher
gffletch at aol.com
Mon Feb 6 18:25:34 UTC 2012
Hi,
I just found out that our XRD/Webfinger support in production is broken.
This boils down to deployment issues for me since the owner of the
aol.com domain is the portal team, not the identity team. As more and
more specs are putting files in /.well-known I'm looking for solutions
that are less brittle that what I have right now. With that context, is
it acceptable to deploy a static file to
https://aol.com/.well-known/simple-web-discovery that returns...
{
"SWD_service_redirect":
{
"location": "https://api.screenname.aol.com/swd_server",
"expires": 1300752001
}
}
That static file would ignore the query parameters though they will be
logged. Note that if the SWD request is for an @aim.com domain the JSON
response will be the same.
GET /.well-known/simple-web-discovery
?principal=mailto:joe at aim.com
&service=urn:example.org:service:calendar HTTP/1.1
Host: aim.com
HTTP/1.1 200 OK
Content-Type: application/json
{
"SWD_service_redirect":
{
"location": "https://api.screenname.aol.com/swd_server",
"expires": 1300752001
}
}
I'm assuming there are no trust chain issues if the redirect location
does NOT match the root domain of the original request.
Finally, the expiration field is going to cause me problems. I really
would like the file to be static, but the client to requery every n
hours/days/weeks. This could be done using HTTP expiration semantics.
However, I don't have a deployment solution that allows me to update the
file on a fixed interval. I'll keep exploring options to make it more
dynamic, but the dynamic flow I have right now has been broken twice by
config upgrades.
Thanks,
George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120206/566974ed/attachment.html>
More information about the Openid-specs-ab
mailing list