ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback

2011-07-05 10:33:48
from [Justin Richer] [Permanent Link] 
The OpenID Connect folks have been using Simple Web Discovery, which is
as I understand it a rough translation of XRD into JSON, with a couple
of simplifying changes. (Mike, want to throw your hat in on this one?)

http://tools.ietf.org/html/draft-jones-simple-web-discovery-00

 -- Justin

On Mon, 2011-07-04 at 00:27 -0400, Eve Maler wrote:

FWIW, the "Dynamic OAuth Client Registration" proposal made by the
User-Managed Access folks:


http://tools.ietf.org/html/draft-hardjono-oauth-dynreg-00


...makes use of XRD, hostmeta, and discovery, as does the OAuth-based
UMA protocol itself:


http://www.ietf.org/internet-drafts/draft-hardjono-oauth-umacore-00.txt


We'd be just as happy to use a JSON-based version of XRD if it can be
standardized, and we did do some experimentation with this early on.
But because XRD 1.0 is now stable and is straightforward enough to use
for our needs, we decided to use it normatively for now. The UMA
implementation used by http://smartam.net implements this today and it
works fine.


Eve

On 3 Jul 2011, at 9:50 AM, Eran Hammer-Lahav wrote:


Hannes,


None of the current OAuth WG document address discovery in any way,
so clearly there will be no use of XRD. But the OAuth community
predating the IETF had multiple proposals for it. In addition,
multiple times on the IETF OAuth WG list, people have suggested
using host-meta and XRD for discovery purposes.


The idea that XRD was reused without merit is both misleading and
mean-spirited. Personally, I'm sick of it, especially coming from
standards professionals.


XRD was largely developed by the same people who worked on
host-meta. XRD predated host-meta and was designed to cover the
wider use case. Host-meta was an important use case when developing
XRD in its final few months. It was done in OASIS out of respect to
proper standards process in which the body that originated a work
(XRDS) gets to keep it.


I challenge anyone to find any faults with the IPR policy or process
used to develop host-meta in OASIS.


XRD is one of the simplest XML formats I have seen. I bet most of
the people bashing it now have never bothered to read it. At least
some of these people have been personally invited by me to comment
on XRD while it was still in development and chose to dismiss it.


XRD was designed in a very open process with plenty of community
feedback and it was significantly simplified based on that feedback.
In addition, host-meta further simplifies it by profiling it down,
removing some of the more complex elements like Subject and Alias
(which are very useful in other contexts). XRD is nothing more than
a cleaner version of HTML <LINK> elements with literally a handful
of new elements based on well defined and widely supported
requirements. It's entire semantic meaning is based on the IETF Link
relation registry RFC.


There is something very disturbing going on these days in how people
treat XML-based formats, especially form OASIS.


When host-meta's predecessor - side–meta – was originally proposed a
few years ago, Mark Nottingham proposed an XML format not that
different from XRD. There is nothing wrong with JSON taking over as
a simpler alternative. I personally prefer JSON much better. But it
would be reckless and counter productive to ignore a decade of work
on XML formats just because it is no longer cool. Feels like we back
in high school.


If you have technical arguments against host-meta, please share. But
if your objections are based on changing trends, dislike of XML or
anything OASIS, grow up.


EHL






From: Hannes Tschofenig <hannes(_dot_)tschofenig(_at_)gmx(_dot_)net>
Date: Sun, 3 Jul 2011 00:36:29 -0700
To: Mark Nottingham <mnot(_at_)mnot(_dot_)net>
Cc: Hannes Tschofenig <hannes(_dot_)tschofenig(_at_)gmx(_dot_)net>, 
"ietf(_at_)ietf(_dot_)org
IETF" <ietf(_at_)ietf(_dot_)org>, Eran Hammer-lahav 
<eran(_at_)hueniverse(_dot_)com>,
oauth WG <oauth(_at_)ietf(_dot_)org>
Subject: Re: Second Last Call: <draft-hammer-hostmeta-16.txt> (Web
Host Metadata) to Proposed Standard -- feedback




I also never really understood why XRD was re-used. 


Btw, XRD is not used by any of the current OAuth WG documents, see
http://datatracker.ietf.org/wg/oauth/




On Jun 22, 2011, at 8:08 AM, Mark Nottingham wrote:



* XRD -- XRD is an OASIS spec that's used by OpenID and OAuth.
Maybe I'm just scarred by WS-*, but it seems very
over-engineered for what it does. I understand that the
communities had reasons for using it to leverage an existing
user base for their specific user cases, but I don't see any
reason to generalise such a beast into a generic mechanism.






_______________________________________________
OAuth mailing list
OAuth(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/oauth



Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nomcom 2011-2012: Third Call for Volunteers, NomCom Chair
Next by Date:  tsv-dir review of draft-ietf-mptcp-congestion-05, david.black
Previous by Thread:  Re: [OAUTH-WG] Second Last Call: <draft-hammer-hostmeta-16.txt> (Web Host Metadata) to Proposed Standard -- feedback, Eve Maler
Next by Thread:  RE: [mpls] Last Call: <draft-ietf-mpls-tp-cc-cv-rdi-05.txt> (Proactive Connectivity Verification, Continuity Check and Remote Defect indication for MPLS Transport Profile) to Proposed Standard, Rui Costa
Indexes:  [Date] [Thread] [Top] [All Lists]