Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The OpenID Connect folks have been using Simple Web Discovery, which is
as I understand it a rough translation of XRD into JSON, with a couple
of simplifying changes. (Mike, want to throw your hat in on this one?)

http://tools.ietf.org/html/draft-jones-simple-web-discovery-00

 -- Justin

On Mon, 2011-07-04 at 00:27 -0400, Eve Maler wrote:
> FWIW, the "Dynamic OAuth Client Registration" proposal made by the
> User-Managed Access folks:
> 
> 
> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg-00
> 
> 
> ...makes use of XRD, hostmeta, and discovery, as does the OAuth-based
> UMA protocol itself:
> 
> 
> http://www.ietf.org/internet-drafts/draft-hardjono-oauth-umacore-00.txt
> 
> 
> We'd be just as happy to use a JSON-based version of XRD if it can be
> standardized, and we did do some experimentation with this early on.
> But because XRD 1.0 is now stable and is straightforward enough to use
> for our needs, we decided to use it normatively for now. The UMA
> implementation used by http://smartam.net implements this today and it
> works fine.
> 
> 
> Eve
> 
> On 3 Jul 2011, at 9:50 AM, Eran Hammer-Lahav wrote:
> 
> > Hannes,
> > 
> > 
> > None of the current OAuth WG document address discovery in any way,
> > so clearly there will be no use of XRD. But the OAuth community
> > predating the IETF had multiple proposals for it. In addition,
> > multiple times on the IETF OAuth WG list, people have suggested
> > using host-meta and XRD for discovery purposes.
> > 
> > 
> > The idea that XRD was reused without merit is both misleading and
> > mean-spirited. Personally, I'm sick of it, especially coming from
> > standards professionals.
> > 
> > 
> > XRD was largely developed by the same people who worked on
> > host-meta. XRD predated host-meta and was designed to cover the
> > wider use case. Host-meta was an important use case when developing
> > XRD in its final few months. It was done in OASIS out of respect to
> > proper standards process in which the body that originated a work
> > (XRDS) gets to keep it.
> > 
> > 
> > I challenge anyone to find any faults with the IPR policy or process
> > used to develop host-meta in OASIS.
> > 
> > 
> > XRD is one of the simplest XML formats I have seen. I bet most of
> > the people bashing it now have never bothered to read it. At least
> > some of these people have been personally invited by me to comment
> > on XRD while it was still in development and chose to dismiss it.
> > 
> > 
> > XRD was designed in a very open process with plenty of community
> > feedback and it was significantly simplified based on that feedback.
> > In addition, host-meta further simplifies it by profiling it down,
> > removing some of the more complex elements like Subject and Alias
> > (which are very useful in other contexts). XRD is nothing more than
> > a cleaner version of HTML <LINK> elements with literally a handful
> > of new elements based on well defined and widely supported
> > requirements. It's entire semantic meaning is based on the IETF Link
> > relation registry RFC.
> > 
> > 
> > There is something very disturbing going on these days in how people
> > treat XML-based formats, especially form OASIS.
> > 
> > 
> > When host-meta's predecessor - side–meta – was originally proposed a
> > few years ago, Mark Nottingham proposed an XML format not that
> > different from XRD. There is nothing wrong with JSON taking over as
> > a simpler alternative. I personally prefer JSON much better. But it
> > would be reckless and counter productive to ignore a decade of work
> > on XML formats just because it is no longer cool. Feels like we back
> > in high school.
> > 
> > 
> > If you have technical arguments against host-meta, please share. But
> > if your objections are based on changing trends, dislike of XML or
> > anything OASIS, grow up.
> > 
> > 
> > EHL
> > 
> > 
> > 
> > 
> > 
> > 
> > From: Hannes Tschofenig <hannes.tschofenig@xxxxxxx>
> > Date: Sun, 3 Jul 2011 00:36:29 -0700
> > To: Mark Nottingham <mnot@xxxxxxxx>
> > Cc: Hannes Tschofenig <hannes.tschofenig@xxxxxxx>, "ietf@xxxxxxxx
> > IETF" <ietf@xxxxxxxx>, Eran Hammer-lahav <eran@xxxxxxxxxxxxxx>,
> > oauth WG <oauth@xxxxxxxx>
> > Subject: Re: Second Last Call: <draft-hammer-hostmeta-16.txt> (Web
> > Host Metadata) to Proposed Standard -- feedback
> > 
> > 
> > 
> > > I also never really understood why XRD was re-used. 
> > > 
> > > 
> > > Btw, XRD is not used by any of the current OAuth WG documents, see
> > > http://datatracker.ietf.org/wg/oauth/
> > > 
> > > 
> > > 
> > > 
> > > On Jun 22, 2011, at 8:08 AM, Mark Nottingham wrote:
> > > 
> > > 
> > > > * XRD -- XRD is an OASIS spec that's used by OpenID and OAuth.
> > > > Maybe I'm just scarred by WS-*, but it seems very
> > > > over-engineered for what it does. I understand that the
> > > > communities had reasons for using it to leverage an existing
> > > > user base for their specific user cases, but I don't see any
> > > > reason to generalise such a beast into a generic mechanism.
> > > 
> > > 
> > > 
> > > 
> > _______________________________________________
> > OAuth mailing list
> > OAuth@xxxxxxxx
> > https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> Eve Maler                                  http://www.xmlgrrl.com/blog
> +1 425 345 6756                         http://www.twitter.com/xmlgrrl
> 


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]