[Openid-specs-ab] Please review this version of WebFinger

Justin Richer jricher at mitre.org
Mon Nov 26 15:27:00 UTC 2012 

Should the "aliases" list always contain the subject if it's present? 
Can it?

 From my read, this is now missing the static redirect functionality 
that earlier versions of SWD and Webfinger made possible: drop a static 
file into the right place, it gets served back with a 200 and the client 
can follow the redirection. This might be accomplished somewhat cleanly 
by defining a "webfinger" rel/link pairing, right?

  -- Justin

On 11/22/2012 03:34 AM, Mike Jones wrote:
>
> This version is JSON-only, no longer uses host-meta, uses query 
> parameters instead of templates, and uses a domain prefix to enable 
> hosted deployments.  Are there other changes we would want in this 
> draft to use it for OpenID Connect?
>
> -- Mike
>
> *From:*apps-discuss-bounces at ietf.org 
> [mailto:apps-discuss-bounces at ietf.org] *On Behalf Of *Paul E. Jones
> *Sent:* Wednesday, November 21, 2012 8:14 PM
> *To:* apps-discuss at ietf.org; webfinger at googlegroups.com
> *Subject:* [apps-discuss] draft-ietf-appsawg-webfinger-04
>
> Folks,
>
> I just posted a new draft that takes into consideration the input I 
> received on -03 and adds the "webfinger" subdomain that was discussed 
> on the list this past week.  Specifically, here's what changed:
>
> ·Mention in section 2 that WebFinger uses the "rel" attribute and 
> provide a reference to the IANA registry for link relations
>
> ·Deleted the second paragraph from  section 3 that expands on link 
> relations
>
> ·Changed the link relation value for "blog" to be just the token "blog"
>
> ·Corrected a syntax error in the example in 4.1
>
> ·Clarified in section 4.1 what is meant by a "valid alias"
>
> ·Introduced a new section 4.2 that shows an example for OpenID Connect
>
> ·Changed the rel types in 4.3 and 4.4 to be URI-based (on example.net)
>
> ·Corrected syntax in 5.3 and added two clarifying sentences
>
> ·Introduced a new section 5.5 that describes the "webfinger" subdomain
>
> ·Changed the name of section 7
>
> ·Added language to section 8 to support section 5.5
>
> ·Added language to section 9 to support section 5.5
>
> ·Spells out Mike's name as he prefers it
>
> ·Added a couple of informational references
>
> The new draft is here:
>
> http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-04
>
> I think we're getting closer, though I know the "webfinger" subdomain 
> might be a bit controversial.  I'm on the fence on this one, myself.  
> I can see the pros and cons of having it.  I'd prefer to stay out of 
> the debate, though. I'll put into the document whatever the group says 
> to put into the documents :-)  That said, I think Mike made a valid 
> argument with respect to the fact that some domain owners have no 
> ability to do anything more than insert an A record for a subdomain.
>
> I do want to highlight the fact that the current language says that if 
> there is any response from a web server at the host, that means the 
> host does have the capability of providing WF services and the 
> "webfinger" subdomain should not be consulted.  Thus, the webfinger 
> subdomain would only be consulted if there is no web server running at 
> the host at all.  It's not a fallback for domain owners who have a web 
> server, but just didn't install a WF server.  For that case, they 
> should use 3xx redirection for hosting the WF server elsewhere.
>
> Paul
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121126/999f18ac/attachment.html>

More information about the Openid-specs-ab mailing list