- From: Paul E. Jones <paulej@packetizer.com>
- Date: Wed, 31 Oct 2012 18:15:01 -0400
- To: "'Evan Prodromou'" <evan@status.net>
- Cc: <webfinger@googlegroups.com>, <public-fedsocweb@w3.org>
- Message-ID: <008d01cdb7b5$2c179900$8446cb00$@packetizer.com>
Evan, Comments in green: From: Evan Prodromou [mailto:evan@status.net] Sent: Wednesday, October 31, 2012 2:21 PM To: Paul E. Jones Cc: webfinger@googlegroups.com; public-fedsocweb@w3.org Subject: Re: Webfinger & FedSocWeb notes from IIW On 12-10-30 09:21 PM, Paul E. Jones wrote: Markus, thanks for sharing. I copied Evan since there were some points on the page that I thought were worth discussing. "Webfinger has JSON now, but didn't have it when SWD was invented." That's not quite right. JSON has been a part of WebFinger since RFC 6415. The only issue was that JSON was not mandatory on servers. That said, anyone wishing to allow use of OpenID Connect on their domain could have implemented JSON support if the spec demanded it. It's not an issue now, anyway, since JSON is now mandatory with WebFinger. I think the question was "Why was SWD created?" and Mike Jones gave this as one of the reasons. PEJ: I don't know. I wasn't aware of SWD until OpenID Connect was made more visible. I think it's rather unfortunate that we would not settle on one protocol. Regardless of SWD or WF, we have a mechanism where we can query for information about a user. Having looked at both, I have a preference for WF, because I get a set of link relations vs. having to ask the server repeatedly for every single bit of info I hope the server might be able to provide. And I say that entirely without "invented here" bias, as I didn't invent the WF protocol. I'm not sure if there's much value in fighting it out. PEJ: There is value in agreeing on one solution. "It's possible to retrieve either host-meta.json or host-meta with "json" Accept header. --> confusing?" This should not be confusing and if it is, we need to clarify it in the spec. XRD is optional and JRD is mandatory. If a server implements both (as mine does), the default format returned by host-meta will be XRD and host-meta.json is JRD. If a server only supports JSON, it will likely return JRD in response regardless. Usually, that's how web services behave with the Accept header. I think the idea that came up was that we should just concentrate on the /.well-known/host-meta.json endpoint for the Webfinger protocol (by which I mean: additional resource and rel parameters). It would simplify server implementations if I can just ignore resource and rel for /.well-known/host-meta. It would also simplify client implementations if they know always to use /.well-known/host-meta.json. PEJ: The spec currently says clients "If a client wishes to receive only JRDs, for example, it SHOULD issue a request to /.well-known/host-meta.json, but MAY issue a request to /.well-known/host-meta and include the "Accept" header with the type "application/json"." If I were writing a client that utilizes JSON, I would likely query the .json resource. To be compliant with the spec, you know it will be on the server if the server supports JSON. However, I do personally have a preference for XML. And, there is a lot of WF stuff out there using XML. There is a tiny bit of work to support both XML and JSON and even less work to support both resource addresses. In fact, I service both from a single script, using Apache rewriting rules to just direct a request from one resource address to the other. It's so simple, it can even be run on a static site: http://www.packetizer.com/webfinger/server.html. But, client developers absolutely can simplify their lives by just going straight to the .json resource, and that's the advice given. One does not have to guess about it. (And, personally, I'd rather instruct users to make proper HTTP requests and put in the Accept header, but I don't want to fight that one.) "Questions about the case when multiple links/locations are discovered" We might have to defer to others on this one, but my understanding is that the order of links is the approach. RFC 6415 is clear about ensuring that order is always maintained. Thus, in my implementation, I have an integer value in the database and all data is sorted per that integer value. Essentially, it is my "priority" value, but it does not appear in the protocol. There's not an explicit interpretation of having multiple links with the same rel, like: { links: [ { rel: <http://api.example/some-api> "http://api.example/some-api", href: <http://server1.example/endpoint> "http://server1.example/endpoint" }, { rel: <http://api.example/some-api> "http://api.example/some-api", href: <http://server2.example/endpoint> "http://server2.example/endpoint" } ] } I think the typical (?) interpretation is that both links are equally valid and that the client can pick whichever they want. Most code I've seen will either pick the first or last. There are some systems where you can define priority for different members of the list, like MX records in DNS. "Try the first endpoint, and if it doesn't work try the next one, and then one of the next three at your discretion." It's probably an issue that should be worried about in the distant future. PEJ: I really do think the first takes priority. Per RFC 6415: "Note that the order of links matters and is based on their original order in the host-meta and LRDD documents." That said, I believe order preference for the client might differ. If I am looking for information and see two different domains, I might prefer to use one domain over another. I just made sure I produce documents in the prescribed order and let the client decide what to do. Paul -Evan -- Evan Prodromou, CEO and Founder, StatusNet Inc. 1124 rue Marie-Anne Est #32, Montreal, Quebec, Canada H2J 2B7 E: evan@status.net P: +1-514-554-3826
Received on Wednesday, 31 October 2012 22:15:26 UTC