[Openid-specs-ab] [OAUTH-WG] Simple Web Discovery
jpanzer at google.com
Fri Oct 29 18:35:08 UTC 2010
I think that it would be good to have a writeup like this that describes the
differences and pros and cons of each approach. Perhaps on a Wiki page?
Some random thoughts:
One thing: host-meta is highly cacheable, so the # of round trips will
hopefully be comparable for large services with significant traffic. In
fact the user XRD is also cacheable as well so there can be zero round
trips. This proposal defines a mechanism separate from HTTP caching in
order to cache responses, it'd be good to have a rationale for doing that
(and to have an explanation of how this should interact with additional HTTP
This mechanism appears to require multiple round trips to a server if you
want to discover multiple services.
This proposal seems to require that the /well-known provider run a
significant service on their endpoint, as opposed to just dropping a file in
place. I think that the forwarding mechanism may be a way around that? How
would I hook into this mechanism if I really only can drop static files on
my web server, but I can perhaps use cloud services that I've registered
with to actually power the discovery?
John Panzer / Google
jpanzer at google.com / abstractioneer.org <http://www.abstractioneer.org/> /
On Fri, Oct 29, 2010 at 4:04 AM, Lukas Rosenstock <lr at lukasrosenstock.net>wrote:
> This draft is looking nice, the idea and specification is simple and
> straightforward. I would like to draw the connection to other
> discovery approaches.
> The introductory example in the draft was this one:
> GET /.well-known/simple-web-discovery?principal=mailto:joe at example.com
> This returns the following response:
> As per my understanding - please correct me if I'm wrong - this should
> be semantically equivalent to the following:
> 1) Perform host-meta discovery for example.com, which returns an XRD
> with the webfinger endpoint.
> 2) Do webfinger for joe at example.com.
> 3) The final XRD contains the following:
> <Link rel="urn:adatum.com:calendar"
> href="http://calendars.proseware.com/calendars/joseph" />
> Both approaches work, but SWD is a shortcut removes parsing
> requirements and fetching roundtrips from the client.
> Thoughts, anyone?!
> Lukas Rosenstock
> 2010/10/27 Mike Jones <Michael.Jones at microsoft.com>:
> > Yaron Goland and I are submitting this Simple Web Discovery (SWD) draft
> > (attached and at
> > http://self-issued.info/docs/draft-jones-simple-web-discovery-00.html)
> > consideration by the community to address this need. SWD is simple to
> > understand and implement, enables different permissions to be applied to
> > discovery of different services, and is JSON-based. I look forward to
> > discussing this with many of you next week at IIW.
> > -- Mike
> OAuth mailing list
> OAuth at ietf.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab