Or perhaps update/extend the existing spec to do what is needed? Is there
anything that is fundamentally in conflict?
-bill
>________________________________
> From: Igor Faynberg <[email protected]>
>To: John Bradley <[email protected]>
>Cc: [email protected]
>Sent: Thursday, April 12, 2012 11:29 AM
>Subject: Re: [OAUTH-WG] Web Finger vs. Simple Web Discovery (SWD)
>
>John,
>
> I agree with you on everything you said about the differences. My
>question: Are these not about API rather than the protocol?
>
>(I was just trying to see if I can find a common fixed point to start with.)
>
>Igor
>
>On 4/12/2012 2:00 PM, John Bradley wrote:
>> There are important deployment and privacy issues that caused openID Connect
>> to use SWD.
>>
>> I was part of the OASIS XRI/XRD work that Web Finger has been based on.
>>
>> The main differences are around allowing all of the users information to be
>> publicly discoverable, vs providing for access control.
>>
>> They are similar, but have real design differences.
>>
>> Web Finger without XML is not horrible by any means, but nether is SWD.
>>
>> SWD is more about users while host-meta is more about server resources.
>>
>> John B.
>>
>>
>> On 2012-04-12, at 7:33 PM, Igor Faynberg wrote:
>>
>>> To me this looks like more than the same problem being solved--it appears
>>> to be the same protocol... I wonder if, the representation issues were put
>>> aside (i.e., left to the API specification), the common part is what can be
>>> adopted.
>>>
>>> Igor
>>>
>>> On 4/12/2012 8:01 AM, Stephen Farrell wrote:
>>>>
>>>> On 04/12/2012 12:00 PM, Hannes Tschofenig wrote:
>>>>> Hi all,
>>>>>
>>>>> those who had attended the last IETF meeting may have noticed the ongoing
>>>>> activity in the 'Applications Area Working Group' regarding Web Finger.
>>>>> We had our discussion regarding Simple Web Discovery (SWD) as part of the
>>>>> re-chartering process.
>>>>>
>>>>> Here are the two specifications:
>>>>> http://tools.ietf.org/html/draft-jones-appsawg-webfinger-03
>>>>> http://tools.ietf.org/html/draft-jones-simple-web-discovery-02
>>>>>
>>>>> Now, the questions that seems to be hanging around are
>>>>>
>>>>> 1) Aren't these two mechanisms solving pretty much the same problem?
>>>>> 2) Do we need to have two standards for the same functionality?
>>>>> 3) Do you guys have a position or comments regarding either one of
>>>>>them?
>>>>>
>>>>> Ciao
>>>>> Hannes
>>>>>
>>>>> PS: Please also let me know if your view is: "I don't really know what
>>>>> all this is about and the documents actually don't provide enough
>>>>> requirements to make a reasonable judgement about the solution space."
>>>>>
>>>> So just as a data-point. We (the IETF, but including
>>>> me personally;-) mucked up badly on this some years
>>>> ago in the PKI space - we standardised both CMP (rfc
>>>> 2510) and CMC (rfc 2797) as two ways to do the same
>>>> thing, after a protracted battle between factions
>>>> supporting one or the other. We even made sure they
>>>> had as much common syntax as possible. (CRMF, rfc
>>>> 2511)
>>>>
>>>> Result: neither fully adopted, lots of people still
>>>> do proprietary stuff, neither can be killed off
>>>> (despite attempts), both need to be maintained (CMP
>>>> is now RFC 4210, CMC, 5272, CRMF, 4211), and IMO
>>>> partly as a result of us screwing up for what seemed
>>>> like good reasons at the time, PKI administration
>>>> stuff has never gotten beyond horrible-to-do.
>>>>
>>>> All-in-all, a really bad outcome which is still
>>>> a PITA a dozen years later.
>>>>
>>>> As OAuth AD I will need *serious* convincing that
>>>> there is a need to provide two ways to do the same
>>>> thing. I doubt it'll be possible to convince me,
>>>> in fact, so if you wanna try, you'll need to start
>>>> by saying that they are not in fact two ways to do
>>>> the same thing:-)
>>>>
>>>> S.
>>>>
>>>> PS: This discussion needs to also involve the Apps
>>>> area, so I've cc'd that list.
>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> [email protected]
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> [email protected]
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> [email protected]
>>> https://www.ietf.org/mailman/listinfo/oauth
>_______________________________________________
>OAuth mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
