From Michael.Jones@microsoft.com Fri Jan 11 17:46:22 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9CD221F8629 for ; Fri, 11 Jan 2013 17:46:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.454 X-Spam-Level: X-Spam-Status: No, score=-2.454 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gtiS6Ozs8K2l for ; Fri, 11 Jan 2013 17:46:22 -0800 (PST) Received: from NA01-BL2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.32]) by ietfa.amsl.com (Postfix) with ESMTP id 1929821F861F for ; Fri, 11 Jan 2013 17:46:21 -0800 (PST) Received: from BL2FFO11FD002.protection.gbl (10.173.161.200) by BL2FFO11HUB019.protection.gbl (10.173.160.111) with Microsoft SMTP Server (TLS) id 15.0.596.13; Sat, 12 Jan 2013 01:46:01 +0000 Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD002.mail.protection.outlook.com (10.173.160.102) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Sat, 12 Jan 2013 01:46:00 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.202]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.02.0318.003; Sat, 12 Jan 2013 01:45:59 +0000 From: Mike Jones To: "webfinger@ietf.org" Thread-Topic: Security considerations about redirect loops Thread-Index: Ac3wZpF3HlEPsNcqRP+eDHT7xucBTg== Date: Sat, 12 Jan 2013 01:45:58 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366A3997F@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.71] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366A3997FTK5EX14MBXC284r_" MIME-Version: 1.0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(164054002)(53806001)(16406001)(54356001)(5343655001)(47736001)(59766001)(56816002)(55846006)(5343635001)(56776001)(44976002)(31966008)(76482001)(49866001)(16236675001)(15202345001)(74662001)(74502001)(50986001)(79102001)(47976001)(4396001)(51856001)(46102001)(77982001)(33656001)(512954001)(47446002)(54316002); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB019; H:TK5EX14HUBC106.redmond.corp.microsoft.com; LANG:en; X-OriginatorOrg: microsoft.onmicrosoft.com X-Forefront-PRVS: 0724FCD4CD Subject: [webfinger] Security considerations about redirect loops X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2013 01:46:23 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366A3997FTK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Should we add text to the Security Considerations section about preventing = redirect loops? For instance, saying that clients may only want to redirec= t a limited number of times? Surely there must be existing text on this issue that we can reuse from oth= er specs? Any examples from experts out there? Thanks, -- Mike --_000_4E1F6AAD24975D4BA5B168042967394366A3997FTK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Should we add text to the Security Considerations se= ction about preventing redirect loops?  For instance, saying that clie= nts may only want to redirect a limited number of times?

 

Surely there must be existing text on this issue tha= t we can reuse from other specs?  Any examples from experts out there?=

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     Thanks,

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

--_000_4E1F6AAD24975D4BA5B168042967394366A3997FTK5EX14MBXC284r_-- From bradfitz@google.com Fri Jan 11 17:49:30 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BF8D21F868E for ; Fri, 11 Jan 2013 17:49:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.976 X-Spam-Level: X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pl6ZpEhHyFLt for ; Fri, 11 Jan 2013 17:49:29 -0800 (PST) Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id F094A21F868B for ; Fri, 11 Jan 2013 17:49:28 -0800 (PST) Received: by mail-wg0-f44.google.com with SMTP id dr12so1089261wgb.11 for ; Fri, 11 Jan 2013 17:49:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hfUDkzSH5EpSHAkCt/nYqZnf7NDNX3RFg26wW7rPN9c=; b=KvGb66ukGTaY2V7fP7tfY97A5JKqYiIHiKw0tovQfP3fOP/stzVzhwCaTKN/ViYK5X 8KoejFqGWsi1ybA5RSWjtew9Y3lC7yMCj3EQu3yVzYAKehAFftD36VvBGr4FwQzIdDWX 5/Lfh2Udk0ryMQlmZT+eVF/GCRwzutRaLZO/Q7ATJ9JkS+Fs7TraB5tAwb4+NyEGlyw7 TDYyls+aMfx/UcNy1CgKNvcgmsN+veDH2U8SKkNcJa8aCmlXdneuuiw622j2MC03fhMW 5k8fYDLMG6vz5oN82oRolni6N/LLSovbhqXRT8OmzrgjgHgUiqIgqIekDAQDNPtor8ig zoYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=hfUDkzSH5EpSHAkCt/nYqZnf7NDNX3RFg26wW7rPN9c=; b=R5NdFMxH40CxRLrvgpq9B6fu/OAN+PZ4stoopmVTr7GVVdKwJ3t8Y3odAJYIQ9ymGd cdOftwNLQKSOqGmuThUmC/Kj7mdwUIOYww6/LbufZExdRlclFVNb+0m3XPTKp+KZ9Qri XtOR22XpY2G2Ud/6S54fGws9L7JsaABTmFiUCpgfzJ4mV2bLUdcabRpXggn0/YEyAD3F soMqQeJz2o1Ld3Dm6tIhsZ7IQy+CNfHMlkz9gd1qqoJ1l1sUGr13UAxIfkXmZJAVgwKM 4FohrTGXWj1DsLs3NHZ8axIQd+KHJlR10/9PKl1gUah1XoZqCevql9nmckWKGpO3lNNf hVww== MIME-Version: 1.0 Received: by 10.194.88.202 with SMTP id bi10mr7104457wjb.5.1357955368017; Fri, 11 Jan 2013 17:49:28 -0800 (PST) Received: by 10.194.34.68 with HTTP; Fri, 11 Jan 2013 17:49:27 -0800 (PST) In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A3997F@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B168042967394366A3997F@TK5EX14MBXC284.redmond.corp.microsoft.com> Date: Fri, 11 Jan 2013 17:49:27 -0800 Message-ID: From: Brad Fitzpatrick To: Mike Jones Content-Type: multipart/alternative; boundary=089e0102ee2254e03b04d30d9fe9 X-Gm-Message-State: ALoCoQlYd6OGTropoYkNAll10Pg2axEPhMATJUEp7PBt6JPF8XGgcG/yNH8VwEl/gpBlFxX8PmvUUzTcXdVpT0gzH6Ng09TW97JuRtBIcoQmQKdJLQ6gBa3IuoAyD+pnHHPgTf9eYwBYsngZ/qyE1eG6yUdQ4wDcsDViK0wSc9KAKQSsWJuMRycS4PQRcHbzjX+DuOxKZTYm Cc: "webfinger@ietf.org" Subject: Re: [webfinger] Security considerations about redirect loops X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2013 01:49:30 -0000 --089e0102ee2254e03b04d30d9fe9 Content-Type: text/plain; charset=UTF-8 Where do you do draw the line, though? Taken to an extreme we would also warn against normal infinite loops, or against using CPU-wasting and security-bug-ridden languages. Easier to say nothing and let people use common sense. On Fri, Jan 11, 2013 at 5:45 PM, Mike Jones wrote: > Should we add text to the Security Considerations section about > preventing redirect loops? For instance, saying that clients may only want > to redirect a limited number of times?**** > > ** ** > > Surely there must be existing text on this issue that we can reuse from > other specs? Any examples from experts out there?**** > > ** ** > > Thanks,*** > * > > -- Mike*** > * > > ** ** > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > > --089e0102ee2254e03b04d30d9fe9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Where do you do draw th= e line, though? =C2=A0Taken to an extreme we would also warn against normal= infinite loops, or against using CPU-wasting and security-bug-ridden langu= ages.

Easier to s= ay nothing and let people use common sense.


On Fri= , Jan 11, 2013 at 5:45 PM, Mike Jones <Michael.Jones@microsoft.c= om> wrote:

Should we add text to the Security Considerations se= ction about preventing redirect loops?=C2=A0 For instance, saying that clie= nts may only want to redirect a limited number of times?

=C2=A0

Surely there must be existing text on this issue tha= t we can reuse from other specs?=C2=A0 Any examples from experts out there?=

=C2=A0

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 Thanks,

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 -- Mike

=C2=A0


_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger


--089e0102ee2254e03b04d30d9fe9-- From Michael.Jones@microsoft.com Fri Jan 11 17:57:47 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C6821F86A9 for ; Fri, 11 Jan 2013 17:57:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.47 X-Spam-Level: X-Spam-Status: No, score=-2.47 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eu0HKB9wGGGC for ; Fri, 11 Jan 2013 17:57:45 -0800 (PST) Received: from NA01-BL2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.28]) by ietfa.amsl.com (Postfix) with ESMTP id 6877921F8689 for ; Fri, 11 Jan 2013 17:57:45 -0800 (PST) Received: from BL2FFO11FD010.protection.gbl (10.173.161.203) by BL2FFO11HUB022.protection.gbl (10.173.161.46) with Microsoft SMTP Server (TLS) id 15.0.596.13; Sat, 12 Jan 2013 01:57:43 +0000 Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD010.mail.protection.outlook.com (10.173.161.16) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Sat, 12 Jan 2013 01:57:42 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.202]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0318.003; Sat, 12 Jan 2013 01:57:25 +0000 From: Mike Jones To: Brad Fitzpatrick Thread-Topic: [webfinger] Security considerations about redirect loops Thread-Index: Ac3wZpF3HlEPsNcqRP+eDHT7xucBTgAAHx+AAAA6KWA= Date: Sat, 12 Jan 2013 01:57:25 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366A39A61@TK5EX14MBXC284.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B168042967394366A3997F@TK5EX14MBXC284.redmond.corp.microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.71] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366A39A61TK5EX14MBXC284r_" MIME-Version: 1.0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(24454001)(377454001)(164054002)(5343655001)(512874001)(47446002)(74502001)(15202345001)(74662001)(54316002)(59766001)(16236675001)(46102001)(77982001)(16406001)(5343635001)(55846006)(76482001)(53806001)(47976001)(51856001)(50986001)(49866001)(54356001)(79102001)(56776001)(31966008)(44976002)(47736001)(33656001)(4396001)(550184003)(56816002); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB022; H:TK5EX14HUBC107.redmond.corp.microsoft.com; LANG:en; X-OriginatorOrg: microsoft.onmicrosoft.com X-Forefront-PRVS: 0724FCD4CD Cc: "webfinger@ietf.org" Subject: Re: [webfinger] Security considerations about redirect loops X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2013 01:57:47 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366A39A61TK5EX14MBXC284r_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SeKAmWQgYWxzbyBiZSBPSyB3aXRoIHVzIG1ha2luZyBhbiBleHBsaWNpdCBkZWNpc2lvbiBub3Qg dG8gbWVudGlvbiB0aGUgaXNzdWUuICBUaGUgaXNzdWUgaGFkIGJlZW4gcmFpc2VkIGFib3V0IFNp bXBsZSBXZWIgRGlzY292ZXJ5IGFuZCBzbyBJIHdhbnRlZCB0byByZWRpcmVjdCB0aGF0IGRpc2N1 c3Npb24gdG8gV2ViRmluZ2VyIChwdW4gaW50ZW5kZWQgOy0pICkuDQoNCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtl DQoNCkZyb206IEJyYWQgRml0enBhdHJpY2sgW21haWx0bzpicmFkZml0ekBnb29nbGUuY29tXQ0K U2VudDogRnJpZGF5LCBKYW51YXJ5IDExLCAyMDEzIDU6NDkgUE0NClRvOiBNaWtlIEpvbmVzDQpD Yzogd2ViZmluZ2VyQGlldGYub3JnDQpTdWJqZWN0OiBSZTogW3dlYmZpbmdlcl0gU2VjdXJpdHkg Y29uc2lkZXJhdGlvbnMgYWJvdXQgcmVkaXJlY3QgbG9vcHMNCg0KV2hlcmUgZG8geW91IGRvIGRy YXcgdGhlIGxpbmUsIHRob3VnaD8gIFRha2VuIHRvIGFuIGV4dHJlbWUgd2Ugd291bGQgYWxzbyB3 YXJuIGFnYWluc3Qgbm9ybWFsIGluZmluaXRlIGxvb3BzLCBvciBhZ2FpbnN0IHVzaW5nIENQVS13 YXN0aW5nIGFuZCBzZWN1cml0eS1idWctcmlkZGVuIGxhbmd1YWdlcy4NCg0KRWFzaWVyIHRvIHNh eSBub3RoaW5nIGFuZCBsZXQgcGVvcGxlIHVzZSBjb21tb24gc2Vuc2UuDQoNCg0KT24gRnJpLCBK YW4gMTEsIDIwMTMgYXQgNTo0NSBQTSwgTWlrZSBKb25lcyA8TWljaGFlbC5Kb25lc0BtaWNyb3Nv ZnQuY29tPG1haWx0bzpNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb20+PiB3cm90ZToNClNob3Vs ZCB3ZSBhZGQgdGV4dCB0byB0aGUgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbiBhYm91 dCBwcmV2ZW50aW5nIHJlZGlyZWN0IGxvb3BzPyAgRm9yIGluc3RhbmNlLCBzYXlpbmcgdGhhdCBj bGllbnRzIG1heSBvbmx5IHdhbnQgdG8gcmVkaXJlY3QgYSBsaW1pdGVkIG51bWJlciBvZiB0aW1l cz8NCg0KU3VyZWx5IHRoZXJlIG11c3QgYmUgZXhpc3RpbmcgdGV4dCBvbiB0aGlzIGlzc3VlIHRo YXQgd2UgY2FuIHJldXNlIGZyb20gb3RoZXIgc3BlY3M/ICBBbnkgZXhhbXBsZXMgZnJvbSBleHBl cnRzIG91dCB0aGVyZT8NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFRoYW5rcywNCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCg0KX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCndlYmZpbmdlciBt YWlsaW5nIGxpc3QNCndlYmZpbmdlckBpZXRmLm9yZzxtYWlsdG86d2ViZmluZ2VyQGlldGYub3Jn Pg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby93ZWJmaW5nZXINCg0K --_000_4E1F6AAD24975D4BA5B168042967394366A39A61TK5EX14MBXC284r_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z b05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6 Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNv LXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5z LXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10 eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7fQ0K QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAx LjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24x O30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRz IHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtp ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1h cCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRp Zl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVy cGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+SeKAmWQgYWxzbyBiZSBP SyB3aXRoIHVzIG1ha2luZyBhbiBleHBsaWNpdCBkZWNpc2lvbiBub3QgdG8gbWVudGlvbiB0aGUg aXNzdWUuJm5ic3A7IFRoZSBpc3N1ZSBoYWQgYmVlbiByYWlzZWQgYWJvdXQgU2ltcGxlIFdlYiBE aXNjb3ZlcnkgYW5kIHNvIEkgd2FudGVkIHRvIHJlZGlyZWN0DQogdGhhdCBkaXNjdXNzaW9uIHRv IFdlYkZpbmdlciAocHVuIGludGVuZGVkIDstKSApLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0 OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+IEJyYWQgRml0enBhdHJpY2sgW21haWx0bzpicmFkZml0ekBnb29nbGUu Y29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+IEZyaWRheSwgSmFudWFyeSAxMSwgMjAxMyA1OjQ5IFBN PGJyPg0KPGI+VG86PC9iPiBNaWtlIEpvbmVzPGJyPg0KPGI+Q2M6PC9iPiB3ZWJmaW5nZXJAaWV0 Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFt3ZWJmaW5nZXJdIFNlY3VyaXR5IGNvbnNp ZGVyYXRpb25zIGFib3V0IHJlZGlyZWN0IGxvb3BzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPldoZXJlIGRvIHlvdSBkbyBkcmF3IHRoZSBsaW5lLCB0aG91Z2g/ ICZuYnNwO1Rha2VuIHRvIGFuIGV4dHJlbWUgd2Ugd291bGQgYWxzbyB3YXJuIGFnYWluc3Qgbm9y bWFsIGluZmluaXRlIGxvb3BzLCBvciBhZ2FpbnN0IHVzaW5nIENQVS13YXN0aW5nIGFuZCBzZWN1 cml0eS1idWctcmlkZGVuIGxhbmd1YWdlcy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RWFzaWVyIHRvIHNheSBub3RoaW5nIGFuZCBsZXQgcGVv cGxlIHVzZSBjb21tb24gc2Vuc2UuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPk9uIEZyaSwgSmFuIDExLCAyMDEzIGF0IDU6NDUgUE0sIE1pa2UgSm9uZXMg Jmx0OzxhIGhyZWY9Im1haWx0bzpNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb20iIHRhcmdldD0i X2JsYW5rIj5NaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5TaG91bGQgd2Ug YWRkIHRleHQgdG8gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gYWJvdXQgcHJl dmVudGluZyByZWRpcmVjdCBsb29wcz8mbmJzcDsgRm9yIGluc3RhbmNlLCBzYXlpbmcgdGhhdCBj bGllbnRzIG1heSBvbmx5IHdhbnQgdG8gcmVkaXJlY3QgYSBsaW1pdGVkIG51bWJlciBvZiB0aW1l cz88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlN1cmVseSB0aGVyZSBtdXN0IGJlIGV4aXN0 aW5nIHRleHQgb24gdGhpcyBpc3N1ZSB0aGF0IHdlIGNhbiByZXVzZSBmcm9tIG90aGVyIHNwZWNz PyZuYnNwOyBBbnkgZXhhbXBsZXMgZnJvbSBleHBlcnRzIG91dCB0aGVyZT88bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBUaGFu a3MsPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAtLSBNaWtlPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPg0KX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+DQp3ZWJmaW5nZXIg bWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOndlYmZpbmdlckBpZXRmLm9yZyI+d2Vi ZmluZ2VyQGlldGYub3JnPC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vd2ViZmluZ2VyIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby93ZWJmaW5nZXI8L2E+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_4E1F6AAD24975D4BA5B168042967394366A39A61TK5EX14MBXC284r_-- From evan@status.net Fri Jan 11 18:41:30 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 644B421F8B7D for ; Fri, 11 Jan 2013 18:41:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jje5coS8O8-L for ; Fri, 11 Jan 2013 18:41:28 -0800 (PST) Received: from office.statusnetinc.com (office.statusnetinc.com [50.57.148.252]) by ietfa.amsl.com (Postfix) with ESMTP id 6F3D621F855A for ; Fri, 11 Jan 2013 18:41:28 -0800 (PST) Received: from [192.168.0.107] (modemcable218.194-202-24.mc.videotron.ca [24.202.194.218]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by office.statusnetinc.com (Postfix) with ESMTPSA id 8A6598D46BC; Sat, 12 Jan 2013 02:54:40 +0000 (UTC) Message-ID: <50F0CD4D.4080206@status.net> Date: Fri, 11 Jan 2013 21:41:17 -0500 From: Evan Prodromou User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 MIME-Version: 1.0 To: Mike Jones References: <4E1F6AAD24975D4BA5B168042967394366A3997F@TK5EX14MBXC284.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B168042967394366A39A61@TK5EX14MBXC284.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A39A61@TK5EX14MBXC284.redmond.corp.microsoft.com> Content-Type: multipart/alternative; boundary="------------060509000503070905010205" Cc: Brad Fitzpatrick , "webfinger@ietf.org" Subject: Re: [webfinger] Security considerations about redirect loops X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2013 02:41:30 -0000 This is a multi-part message in MIME format. --------------060509000503070905010205 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit At the risk of causing a redirect loop here, I wonder if pointing to RFC 2616's security considerations and saying, "This is an HTTP-based mechanism, and many HTTP-based security considerations apply here" would be sufficient. That said, I couldn't find a mention of redirect loops in particular in RFC 2616. http://tools.ietf.org/html/rfc2616#section-15 -Evan On 13-01-11 08:57 PM, Mike Jones wrote: > > I'd also be OK with us making an explicit decision not to mention the > issue. The issue had been raised about Simple Web Discovery and so I > wanted to redirect that discussion to WebFinger (pun intended ;-) ). > > -- Mike > > *From:*Brad Fitzpatrick [mailto:bradfitz@google.com] > *Sent:* Friday, January 11, 2013 5:49 PM > *To:* Mike Jones > *Cc:* webfinger@ietf.org > *Subject:* Re: [webfinger] Security considerations about redirect loops > > Where do you do draw the line, though? Taken to an extreme we would > also warn against normal infinite loops, or against using CPU-wasting > and security-bug-ridden languages. > > Easier to say nothing and let people use common sense. > > On Fri, Jan 11, 2013 at 5:45 PM, Mike Jones > > wrote: > > Should we add text to the Security Considerations section about > preventing redirect loops? For instance, saying that clients may only > want to redirect a limited number of times? > > Surely there must be existing text on this issue that we can reuse > from other specs? Any examples from experts out there? > > Thanks, > > -- Mike > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger --------------060509000503070905010205 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
At the risk of causing a redirect loop here, I wonder if pointing to RFC 2616's security considerations and saying, "This is an HTTP-based mechanism, and many HTTP-based security considerations apply here" would be sufficient.

That said, I couldn't find a mention of redirect loops in particular in RFC 2616.

http://tools.ietf.org/html/rfc2616#section-15

-Evan

On 13-01-11 08:57 PM, Mike Jones wrote:

I’d also be OK with us making an explicit decision not to mention the issue.  The issue had been raised about Simple Web Discovery and so I wanted to redirect that discussion to WebFinger (pun intended ;-) ).

 

                                                                -- Mike

 

From: Brad Fitzpatrick [mailto:bradfitz@google.com]
Sent: Friday, January 11, 2013 5:49 PM
To: Mike Jones
Cc: webfinger@ietf.org
Subject: Re: [webfinger] Security considerations about redirect loops

 

Where do you do draw the line, though?  Taken to an extreme we would also warn against normal infinite loops, or against using CPU-wasting and security-bug-ridden languages.

 

Easier to say nothing and let people use common sense.

 

 

On Fri, Jan 11, 2013 at 5:45 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:

Should we add text to the Security Considerations section about preventing redirect loops?  For instance, saying that clients may only want to redirect a limited number of times?

 

Surely there must be existing text on this issue that we can reuse from other specs?  Any examples from experts out there?

 

                                                                Thanks,

                                                                -- Mike

 


_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

 



_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

--------------060509000503070905010205-- From Michael.Jones@microsoft.com Wed Jan 23 09:11:13 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0960B21F8586 for ; Wed, 23 Jan 2013 09:11:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mw5ZTcOb92QV for ; Wed, 23 Jan 2013 09:11:12 -0800 (PST) Received: from na01-bl2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.32]) by ietfa.amsl.com (Postfix) with ESMTP id 5048621F854D for ; Wed, 23 Jan 2013 09:11:12 -0800 (PST) Received: from BL2FFO11FD015.protection.gbl (10.173.161.200) by BL2FFO11HUB038.protection.gbl (10.173.160.242) with Microsoft SMTP Server (TLS) id 15.0.596.13; Wed, 23 Jan 2013 17:11:10 +0000 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD015.mail.protection.outlook.com (10.173.160.223) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Wed, 23 Jan 2013 17:11:09 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.245]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0318.003; Wed, 23 Jan 2013 17:10:35 +0000 From: Mike Jones To: "webfinger@ietf.org" Thread-Topic: OpenID Connect now using WebFinger Thread-Index: Ac35jI55Vz8driomRBi84lJYjGym5g== Date: Wed, 23 Jan 2013 17:10:34 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.33] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366A75EB8TK5EX14MBXC283r_" MIME-Version: 1.0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(189002)(199002)(69234002)(49866001)(47736001)(59766001)(5343655001)(33656001)(5343635001)(53806001)(15395725002)(5343645001)(54356001)(74502001)(4396001)(16406001)(54316002)(77982001)(44976002)(31966008)(46102001)(74662001)(15202345001)(47446002)(16297215001)(512954001)(56776001)(79102001)(16236675001)(55846006)(50986001)(47976001)(76482001)(5343665001)(51856001)(56816002)(6816006)(6606295001); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB038; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:; MX:1; A:1; LANG:en; X-OriginatorOrg: microsoft.onmicrosoft.com X-Forefront-PRVS: 073515755F Subject: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:11:13 -0000 --_000_4E1F6AAD24975D4BA5B168042967394366A75EB8TK5EX14MBXC283r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable FYI, for its most recent specification release, the OpenID Connect working = group decided to switch from using Simple Web Discovery to WebFinger for id= entity provider discovery, since WebFinger now meets the OpenID Connect dis= covery requirements previously discussed in the working group. See http://= self-issued.info/?p=3D937 and http://openid.net/specs/openid-connect-discov= ery-1_0-12.html for details. -- Mike --_000_4E1F6AAD24975D4BA5B168042967394366A75EB8TK5EX14MBXC283r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

FYI, for its most recent specification release, the = OpenID Connect working group decided to switch from using Simple Web Discov= ery to WebFinger for identity provider discovery, since WebFinger now meets= the OpenID Connect discovery requirements previously discussed in the working group.  See http://self-issued.info/?p=3D937 and http://openid.net/specs/openid-connect-discovery-1_0-12.html for detail= s.

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

--_000_4E1F6AAD24975D4BA5B168042967394366A75EB8TK5EX14MBXC283r_-- From stpeter@stpeter.im Wed Jan 23 09:12:34 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39ACA21F8479 for ; Wed, 23 Jan 2013 09:12:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoJAxvIxhLxn for ; Wed, 23 Jan 2013 09:12:33 -0800 (PST) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4DFDC21F8472 for ; Wed, 23 Jan 2013 09:12:33 -0800 (PST) Received: from [10.129.24.64] (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 6D12A4004E for ; Wed, 23 Jan 2013 10:18:29 -0700 (MST) Message-ID: <51001A07.6020201@stpeter.im> Date: Wed, 23 Jan 2013 10:12:39 -0700 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:12:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/23/13 10:10 AM, Mike Jones wrote: > FYI, for its most recent specification release, the OpenID Connect > working group decided to switch from using Simple Web Discovery to > WebFinger for identity provider discovery, since WebFinger now > meets the OpenID Connect discovery requirements previously > discussed in the working group. See http://self-issued.info/?p=937 > and http://openid.net/specs/openid-connect-discovery-1_0-12.html > for details. Mike, thanks for the information! Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEAGgcACgkQNL8k5A2w/vzhVwCfcfKCb+ToW3bK35zFEQs8621T t/AAoPZA8/hNd0eID0vfUsmgPNQ6RwaW =MM7d -----END PGP SIGNATURE----- From Michael.Jones@microsoft.com Wed Jan 23 09:16:02 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB98721F8479 for ; Wed, 23 Jan 2013 09:16:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CrPA8y58wcd for ; Wed, 23 Jan 2013 09:15:57 -0800 (PST) Received: from na01-bl2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.23]) by ietfa.amsl.com (Postfix) with ESMTP id 1EA2121F869B for ; Wed, 23 Jan 2013 09:15:56 -0800 (PST) Received: from BY2FFO11FD001.protection.gbl (10.1.15.203) by BY2FFO11HUB035.protection.gbl (10.1.14.119) with Microsoft SMTP Server (TLS) id 15.0.596.13; Wed, 23 Jan 2013 17:15:51 +0000 Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD001.mail.protection.outlook.com (10.1.14.123) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Wed, 23 Jan 2013 17:15:51 +0000 Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.245]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0318.003; Wed, 23 Jan 2013 17:15:28 +0000 From: Mike Jones To: Peter Saint-Andre , "webfinger@ietf.org" Thread-Topic: [webfinger] OpenID Connect now using WebFinger Thread-Index: Ac35jI55Vz8driomRBi84lJYjGym5gAAEo6AAAATM7A= Date: Wed, 23 Jan 2013 17:15:27 +0000 Message-ID: <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> In-Reply-To: <51001A07.6020201@stpeter.im> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.33] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(69234002)(24454001)(479174001)(54524001)(51914002)(13464002)(49866001)(5343655001)(47736001)(33656001)(50466001)(23726001)(53806001)(15395725002)(59766001)(5343645001)(74662001)(54356001)(4396001)(77982001)(54316002)(31966008)(46102001)(47776002)(47446002)(74502001)(16406001)(79102001)(44976002)(15202345001)(56776001)(46406002)(55846006)(5343665001)(50986001)(47976001)(76482001)(51856001)(56816002)(6816006)(6606295001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB035; H:TK5EX14HUBC107.redmond.corp.microsoft.com; LANG:en; X-OriginatorOrg: microsoft.onmicrosoft.com X-Forefront-PRVS: 073515755F Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:16:02 -0000 Oh, and I should add, it's now using the acct: scheme as well. -- Mike -----Original Message----- From: webfinger-bounces@ietf.org [mailto:webfinger-bounces@ietf.org] On Beh= alf Of Peter Saint-Andre Sent: Wednesday, January 23, 2013 9:13 AM To: webfinger@ietf.org Subject: Re: [webfinger] OpenID Connect now using WebFinger -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/23/13 10:10 AM, Mike Jones wrote: > FYI, for its most recent specification release, the OpenID Connect=20 > working group decided to switch from using Simple Web Discovery to=20 > WebFinger for identity provider discovery, since WebFinger now meets=20 > the OpenID Connect discovery requirements previously discussed in the=20 > working group. See http://self-issued.info/?p=3D937 and=20 > http://openid.net/specs/openid-connect-discovery-1_0-12.html > for details. Mike, thanks for the information! Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEAGgcACgkQNL8k5A2w/vzhVwCfcfKCb+ToW3bK35zFEQs8621T t/AAoPZA8/hNd0eID0vfUsmgPNQ6RwaW =3DMM7d -----END PGP SIGNATURE----- _______________________________________________ webfinger mailing list webfinger@ietf.org https://www.ietf.org/mailman/listinfo/webfinger From stpeter@stpeter.im Wed Jan 23 09:17:30 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3AE921F8200 for ; Wed, 23 Jan 2013 09:17:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fDxsc3Ah6hNB for ; Wed, 23 Jan 2013 09:17:29 -0800 (PST) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id CA76721F8566 for ; Wed, 23 Jan 2013 09:17:29 -0800 (PST) Received: from [10.129.24.64] (unknown [128.107.239.233]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 1B6254004E; Wed, 23 Jan 2013 10:23:26 -0700 (MST) Message-ID: <51001B30.80504@stpeter.im> Date: Wed, 23 Jan 2013 10:17:36 -0700 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: Mike Jones References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: "webfinger@ietf.org" Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:17:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/23/13 10:15 AM, Mike Jones wrote: > Oh, and I should add, it's now using the acct: scheme as well. Even better. I'll update draft-ietf-appsawg-acct-uri accordingly. :-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEAGzAACgkQNL8k5A2w/vwXKgCdFIXHSDHIHb9QWP1CGoy14QIa KV0AoLtKZJt2T96uqArlc9LGd3sbSScm =sfar -----END PGP SIGNATURE----- From gsalguei@cisco.com Wed Jan 23 09:18:39 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B8521F8200 for ; Wed, 23 Jan 2013 09:18:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.299 X-Spam-Level: X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-UpoQbTUeTZ for ; Wed, 23 Jan 2013 09:18:38 -0800 (PST) Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id 7CE2A21F85B3 for ; Wed, 23 Jan 2013 09:18:38 -0800 (PST) X-TACSUNS: Virus Scanned Received: from chook.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0NHIa1U014648 for ; Wed, 23 Jan 2013 12:18:36 -0500 (EST) Received: from rtp-gsalguei-8913.cisco.com (rtp-gsalguei-8913.cisco.com [10.116.132.52]) by chook.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0NHIZIc019781; Wed, 23 Jan 2013 12:18:35 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Gonzalo Salgueiro In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Wed, 23 Jan 2013 12:18:35 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> To: Mike Jones X-Mailer: Apple Mail (2.1283) Cc: "webfinger@ietf.org" , Gonzalo Salgueiro Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:18:39 -0000 Great to hear, Mike. A single discovery mechanism was the goal, so = thanks for helping to make that happen. Cheers, Gonzalo On Jan 23, 2013, at 12:10 PM, Mike Jones wrote: > FYI, for its most recent specification release, the OpenID Connect = working group decided to switch from using Simple Web Discovery to = WebFinger for identity provider discovery, since WebFinger now meets the = OpenID Connect discovery requirements previously discussed in the = working group. See http://self-issued.info/?p=3D937 and = http://openid.net/specs/openid-connect-discovery-1_0-12.html for = details. > =20 > -- Mike > =20 > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger From bradfitz@google.com Wed Jan 23 09:56:18 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BFFA21F8667 for ; Wed, 23 Jan 2013 09:56:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.977 X-Spam-Level: X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KTTCSfc6UAS for ; Wed, 23 Jan 2013 09:56:17 -0800 (PST) Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 227A421F859A for ; Wed, 23 Jan 2013 09:56:16 -0800 (PST) Received: by mail-we0-f173.google.com with SMTP id r5so415469wey.32 for ; Wed, 23 Jan 2013 09:56:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=WdF5vN99pHtqPTtvQDBmUC0xUAntnQfpUaUOsZLy/18=; b=nRLjpNuqRLiirrAK6pvteGR6frm/wrSgZ316AyTwyXnc/U2GsNwgOVim/pdkFIEnWC 2DppgAzkSuF+PGWy77HloGEi+KSDmKJyQl8vr0W58JUsq/2MuX+pWp3958qROa25GCx9 rwycxRNfTx136RJs6hF2eIw88N+dCyiJuXKdpvRWiXfS9hfW28K2j9DzQl4a3QTmwpJ6 v6zkrThqxf9eyf2Z386ZgVdt8dJTOx6BLlvbrF4wXtIlAtIaT4XCDct7gTZGm7jvHyTt BH4HQ0oiJTUf1xZqUFmld+6WhOFmfdxgs96F6YjQgqpzBwOdw7YMzfl8QGu67D3QmIY4 X8Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=WdF5vN99pHtqPTtvQDBmUC0xUAntnQfpUaUOsZLy/18=; b=KWoNf/6yTDI1qvdDeV8L8u4MuzjR+zM1lEPqwh7sPZpr0VQDeQZczn7o0o/qqDhmQE lfW2B8gzV9AbR0xDkBN+FrssNGiQ1zxE9Qv9pUHkmeKKQ5rtmSS4y93ifJkypoxSiFSZ aVSbegN53SGafCbpYq216et1tdykN+CfFUhooPHnlYXg2lCZCbMBc+ybAI6Ph6nY0i2F xsTWcKfCz03mQ6wzmEgHRmJtoeL0k22RylhAfVHfOD74ajwh3SGts5jEittOKMJExCqr ske99SeqFSS1U7lIn4FuMALqyrWlqDxRWZKABISwYUeqPRz305HM3ZlyjDOOr8XFZDnI kwYQ== MIME-Version: 1.0 X-Received: by 10.180.100.163 with SMTP id ez3mr4080385wib.32.1358963775759; Wed, 23 Jan 2013 09:56:15 -0800 (PST) Received: by 10.194.14.195 with HTTP; Wed, 23 Jan 2013 09:56:15 -0800 (PST) In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Wed, 23 Jan 2013 09:56:15 -0800 Message-ID: From: Brad Fitzpatrick To: Mike Jones Content-Type: multipart/alternative; boundary=f46d0444edff1de4a904d3f86926 X-Gm-Message-State: ALoCoQn+vyt9dVJRXZU5GN0C0/XAP1xbYQjYqdQkSHOLvisz437BBDViwVgIsRUd3xUpWEc+V6iNmzszr4JJKgdadBxrRcZK6RTAG4R+5rvn25MGxZZ5Rb/zHSV88/qJvXcuoQ1vcsd1dA/pIwDajjN1l2Po8OkJ8nRYagLV+vad41hv1+eA6OJwtItlVnsUhG01+t9D4e2o Cc: "webfinger@ietf.org" , Peter Saint-Andre Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 17:56:18 -0000 --f46d0444edff1de4a904d3f86926 Content-Type: text/plain; charset=UTF-8 Nice! This is great news. On Wed, Jan 23, 2013 at 9:15 AM, Mike Jones wrote: > Oh, and I should add, it's now using the acct: scheme as well. > > -- Mike > > -----Original Message----- > From: webfinger-bounces@ietf.org [mailto:webfinger-bounces@ietf.org] On > Behalf Of Peter Saint-Andre > Sent: Wednesday, January 23, 2013 9:13 AM > To: webfinger@ietf.org > Subject: Re: [webfinger] OpenID Connect now using WebFinger > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 1/23/13 10:10 AM, Mike Jones wrote: > > FYI, for its most recent specification release, the OpenID Connect > > working group decided to switch from using Simple Web Discovery to > > WebFinger for identity provider discovery, since WebFinger now meets > > the OpenID Connect discovery requirements previously discussed in the > > working group. See http://self-issued.info/?p=937 and > > http://openid.net/specs/openid-connect-discovery-1_0-12.html > > for details. > > Mike, thanks for the information! > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.18 (Darwin) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlEAGgcACgkQNL8k5A2w/vzhVwCfcfKCb+ToW3bK35zFEQs8621T > t/AAoPZA8/hNd0eID0vfUsmgPNQ6RwaW > =MM7d > -----END PGP SIGNATURE----- > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > --f46d0444edff1de4a904d3f86926 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Nice! =C2=A0This is great news.



On Wed, Jan 23, 201= 3 at 9:15 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
Oh, and I should add, it's now using the= acct: scheme as well.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -- Mike

-----Original Message-----
From: webfinger-bounces@ietf.= org [mailto:webfinger-bou= nces@ietf.org] On Behalf Of Peter Saint-Andre
Sent: Wednesday, January 23, 2013 9:13 AM
To: webfinger@ietf.org
Subject: Re: [webfinger] OpenID Connect now using WebFinger

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/23/13 10:10 AM, Mike Jones wrote:
> FYI, for its most recent specification release, the OpenID Connect
> working group decided to switch from using Simple Web Discovery to
> WebFinger for identity provider discovery, since WebFinger now meets > the OpenID Connect discovery requirements previously discussed in the<= br> > working group. =C2=A0See http://self-issued.info/?p=3D937 and
> http://openid.net/specs/openid-connect-discovery-1_0-1= 2.html
> for details.

Mike, thanks for the information!

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEAGgcACgkQNL8k5A2w/vzhVwCfcfKCb+ToW3bK35zFEQs8621T
t/AAoPZA8/hNd0eID0vfUsmgPNQ6RwaW
=3DMM7d
-----END PGP SIGNATURE-----
_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger
_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

--f46d0444edff1de4a904d3f86926-- From evan@status.net Wed Jan 23 10:17:31 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ADEE21F84F8 for ; Wed, 23 Jan 2013 10:17:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zdY14G9RduK for ; Wed, 23 Jan 2013 10:17:30 -0800 (PST) Received: from office.statusnetinc.com (office.statusnetinc.com [50.57.148.252]) by ietfa.amsl.com (Postfix) with ESMTP id 42EB221F84E6 for ; Wed, 23 Jan 2013 10:17:30 -0800 (PST) Received: from [192.168.0.107] (modemcable218.194-202-24.mc.videotron.ca [24.202.194.218]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by office.statusnetinc.com (Postfix) with ESMTPSA id 8BE708D432F for ; Wed, 23 Jan 2013 18:31:11 +0000 (UTC) Message-ID: <51002937.6080100@status.net> Date: Wed, 23 Jan 2013 13:17:27 -0500 From: Evan Prodromou User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 18:17:31 -0000 Awesome news! -Evan On Wed 23 Jan 2013 12:56:15 PM EST, Brad Fitzpatrick wrote: > Nice! This is great news. > > > > On Wed, Jan 23, 2013 at 9:15 AM, Mike Jones > > wrote: > > Oh, and I should add, it's now using the acct: scheme as well. > > -- Mike > > -----Original Message----- > From: webfinger-bounces@ietf.org > > [mailto:webfinger-bounces@ietf.org > ] On Behalf Of Peter Saint-Andre > Sent: Wednesday, January 23, 2013 9:13 AM > To: webfinger@ietf.org > Subject: Re: [webfinger] OpenID Connect now using WebFinger > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 1/23/13 10:10 AM, Mike Jones wrote: > > FYI, for its most recent specification release, the OpenID Connect > > working group decided to switch from using Simple Web Discovery to > > WebFinger for identity provider discovery, since WebFinger now meets > > the OpenID Connect discovery requirements previously discussed > in the > > working group. See http://self-issued.info/?p=937 and > > http://openid.net/specs/openid-connect-discovery-1_0-12.html > > for details. > > Mike, thanks for the information! > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.18 (Darwin) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlEAGgcACgkQNL8k5A2w/vzhVwCfcfKCb+ToW3bK35zFEQs8621T > t/AAoPZA8/hNd0eID0vfUsmgPNQ6RwaW > =MM7d > -----END PGP SIGNATURE----- > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > > > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger From barryleiba.mailing.lists@gmail.com Wed Jan 23 12:49:57 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 652A221F8801 for ; Wed, 23 Jan 2013 12:49:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.099 X-Spam-Level: X-Spam-Status: No, score=-103.099 tagged_above=-999 required=5 tests=[AWL=-0.122, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zi+3w4a9wt9s for ; Wed, 23 Jan 2013 12:49:56 -0800 (PST) Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id C390921F8804 for ; Wed, 23 Jan 2013 12:49:56 -0800 (PST) Received: by mail-vb0-f44.google.com with SMTP id fc26so3696358vbb.17 for ; Wed, 23 Jan 2013 12:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=yeigG+Pyot9z+kPYwg6c92xqOFl6/cwt1HfOmRTO7Eg=; b=qGlDdYteLMtQz7U8V02qCwjmU0BNowOMiGW8+OlVlpudDIXbiJltwAL4qbCDhMopjX SL6lztA6hto7/USoVdZrtq3NgL6Ho/DISUoCrsMxMQB9gxCMrQhhZmevv1nCYFvXE3aD o1mNT9KhqwM8G4QDgtIN6rKZBbw65aZw+K/FzkCJyaT8Y/4j3pYUcMvz5OPHnSm93bnb 6tD4QVigbPYLEm8PwieAH1lyKWaYKL4TsPKP1pgYE3AEZAcqJO2EBwfkk+IirEZX66uN opRm2+vXItt7iDlYqc0vG05WBecCDYiGuTBFOUtJKvErvlq3jLtUUtAeO50qOfUTVrDr ZfBA== MIME-Version: 1.0 X-Received: by 10.52.66.18 with SMTP id b18mr2565179vdt.43.1358974196117; Wed, 23 Jan 2013 12:49:56 -0800 (PST) Sender: barryleiba.mailing.lists@gmail.com Received: by 10.59.3.41 with HTTP; Wed, 23 Jan 2013 12:49:55 -0800 (PST) In-Reply-To: <51001B30.80504@stpeter.im> References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001B30.80504@stpeter.im> Date: Wed, 23 Jan 2013 15:49:55 -0500 X-Google-Sender-Auth: t6VlviMU9m_ku9VgOy9iIwQJjJU Message-ID: From: Barry Leiba To: Peter Saint-Andre Content-Type: text/plain; charset=ISO-8859-1 Cc: "webfinger@ietf.org" , Mike Jones Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 20:49:57 -0000 >> Oh, and I should add, it's now using the acct: scheme as well. > > Even better. I'll update draft-ietf-appsawg-acct-uri accordingly. :-) ...which means adding an "Implementation Status" section, yes? :-) Barry From stpeter@stpeter.im Wed Jan 23 12:56:08 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2BAD21F882A for ; Wed, 23 Jan 2013 12:56:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZ15Hq9QnZvz for ; Wed, 23 Jan 2013 12:56:06 -0800 (PST) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 8DCCC21F8828 for ; Wed, 23 Jan 2013 12:56:06 -0800 (PST) Received: from [10.129.24.64] (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 014244004E; Wed, 23 Jan 2013 14:02:02 -0700 (MST) Message-ID: <51004E70.7020503@stpeter.im> Date: Wed, 23 Jan 2013 13:56:16 -0700 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: Barry Leiba References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001B30.80504@stpeter.im> In-Reply-To: X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: "webfinger@ietf.org" , Mike Jones Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 20:56:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/23/13 1:49 PM, Barry Leiba wrote: >>> Oh, and I should add, it's now using the acct: scheme as well. >> >> Even better. I'll update draft-ietf-appsawg-acct-uri accordingly. >> :-) > > ...which means adding an "Implementation Status" section, yes? :-) If draft-farrell-ft itself gets fast-tracked to RFC, perchance. Is there running code for that spec? ;-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEATnAACgkQNL8k5A2w/vzAVwCfXs8X8iG6U8Gg4hy5bZkR+Xul BX4AoOTTWfDos0JpHqCkZTLNHSOUH49d =Zj5B -----END PGP SIGNATURE----- From barryleiba@gmail.com Wed Jan 23 12:58:15 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 814C121F8654 for ; Wed, 23 Jan 2013 12:58:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.093 X-Spam-Level: X-Spam-Status: No, score=-103.093 tagged_above=-999 required=5 tests=[AWL=-0.116, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0nrNEM1PS-k for ; Wed, 23 Jan 2013 12:58:15 -0800 (PST) Received: from mail-lb0-f169.google.com (mail-lb0-f169.google.com [209.85.217.169]) by ietfa.amsl.com (Postfix) with ESMTP id B2F1621F8644 for ; Wed, 23 Jan 2013 12:58:14 -0800 (PST) Received: by mail-lb0-f169.google.com with SMTP id m4so5309622lbo.0 for ; Wed, 23 Jan 2013 12:58:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=29J1mG4GT6k0xpZTPNwcDywmldIPOp53kkBC9ljXY/Y=; b=atsIqKb0uFaLIRDj/fpEWMzJm5fg8odUTsFdbSwPpFqm1DoIQAC0qW4TEpnjwluZ5j CHcIxjl0wnn5w8NFx0b/XNiPqT5b/pYJ/hqRwwnk7dXpWQpWyjX7hkvjgf9D7iaFK4EP 9C0WyjGi7HdgheVElcC2nWFii96I984WtrZl9VI8i14weTT/hxBSNVRwzqbZ2qrxlnus d48mR39/g6fHGm6mB9eH5MIrBor0JWgSRGYLaJiGX+cMit1nQ7GpioKAV+JX8NHNn4SX SOHWJpfgvrSUqdVlvZHecYZ9QHX2C7pE3putmhR59OgWalISSQkDjjwh/RoUp760ZXxj 6S2A== MIME-Version: 1.0 X-Received: by 10.152.132.137 with SMTP id ou9mr2695485lab.7.1358974693456; Wed, 23 Jan 2013 12:58:13 -0800 (PST) Sender: barryleiba@gmail.com Received: by 10.112.47.168 with HTTP; Wed, 23 Jan 2013 12:58:13 -0800 (PST) In-Reply-To: <51004E70.7020503@stpeter.im> References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001A07.6020201@stpeter.im> <4E1F6AAD24975D4BA5B168042967394366A75F8F@TK5EX14MBXC283.redmond.corp.microsoft.com> <51001B30.80504@stpeter.im> <51004E70.7020503@stpeter.im> Date: Wed, 23 Jan 2013 15:58:13 -0500 X-Google-Sender-Auth: jDbz0t6rVMIz1aSBUCzA7Z9pM3s Message-ID: From: Barry Leiba To: Peter Saint-Andre Content-Type: text/plain; charset=ISO-8859-1 Cc: "webfinger@ietf.org" , Mike Jones Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 20:58:15 -0000 >>> Even better. I'll update draft-ietf-appsawg-acct-uri accordingly. >>> :-) >> >> ...which means adding an "Implementation Status" section, yes? :-) > > If draft-farrell-ft itself gets fast-tracked to RFC, perchance. Is > there running code for that spec? ;-) No, that's different. I'm talking about Yaron Sheffer's draft, https://datatracker.ietf.org/doc/draft-sheffer-running-code/ Much simpler, and more useful. b From melvincarvalho@gmail.com Wed Jan 23 14:17:31 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E587B21F84E2 for ; Wed, 23 Jan 2013 14:17:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4k6pmnl-AK9 for ; Wed, 23 Jan 2013 14:17:31 -0800 (PST) Received: from mail-ie0-f169.google.com (mail-ie0-f169.google.com [209.85.223.169]) by ietfa.amsl.com (Postfix) with ESMTP id 2998221F84D0 for ; Wed, 23 Jan 2013 14:17:31 -0800 (PST) Received: by mail-ie0-f169.google.com with SMTP id c14so14602559ieb.14 for ; Wed, 23 Jan 2013 14:17:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=sRBfVLnYj//JPZLBhq4w6erCD92OnE3XAueMACLfsUA=; b=cP55y3gUoM/sv/EP2hmthr+tzLc0yzm/MjpTc2j9yu8AIg9k2GTBfbanFflvZQLC9C qu3i0yG/sMVetPVPS439PZAiyzdn24ERuhg8q+4ypp4IKR7g9zGd643GHb7IyREOaOjU 6vpwuTeXJhL0vqKYcY1BLgYhOPTB2yryi//3mEBm3WEUCeO0htr3DS0cvSuHR6ruGwD1 3IybPXu6XMVe+rSMAq7lrj+BIqTCGbTZsvOUCFshkjMMhvPjjEyi6cZ0Oz1ffo1I9wbf t3V5KjlYrHyiWRXL5sNtes5ay/ju5yWRwtdAWff8ckMzD5ox9QOXSxCao5ErzsTAiYoh Mw1Q== MIME-Version: 1.0 X-Received: by 10.50.5.143 with SMTP id s15mr2536250igs.11.1358979450797; Wed, 23 Jan 2013 14:17:30 -0800 (PST) Received: by 10.43.63.135 with HTTP; Wed, 23 Jan 2013 14:17:30 -0800 (PST) In-Reply-To: References: <4E1F6AAD24975D4BA5B168042967394366A75EB8@TK5EX14MBXC283.redmond.corp.microsoft.com> Date: Wed, 23 Jan 2013 23:17:30 +0100 Message-ID: From: Melvin Carvalho To: Gonzalo Salgueiro Content-Type: multipart/alternative; boundary=e89a8f5028306bfecf04d3fc0f59 Cc: "webfinger@ietf.org" , Mike Jones Subject: Re: [webfinger] OpenID Connect now using WebFinger X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2013 22:17:32 -0000 --e89a8f5028306bfecf04d3fc0f59 Content-Type: text/plain; charset=ISO-8859-1 On 23 January 2013 18:18, Gonzalo Salgueiro wrote: > Great to hear, Mike. A single discovery mechanism was the goal, so thanks > for helping to make that happen. > There is no single discovery mechanism on the web. But consolodation is beneficial to developers. Good stuff. > > Cheers, > > Gonzalo > > On Jan 23, 2013, at 12:10 PM, Mike Jones wrote: > > > FYI, for its most recent specification release, the OpenID Connect > working group decided to switch from using Simple Web Discovery to > WebFinger for identity provider discovery, since WebFinger now meets the > OpenID Connect discovery requirements previously discussed in the working > group. See http://self-issued.info/?p=937 and > http://openid.net/specs/openid-connect-discovery-1_0-12.html for details. > > > > -- Mike > > > > _______________________________________________ > > webfinger mailing list > > webfinger@ietf.org > > https://www.ietf.org/mailman/listinfo/webfinger > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > --e89a8f5028306bfecf04d3fc0f59 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On 23 January 2013 18:18, Gonzalo Salgue= iro <gsalguei@cisco.com> wrote:
Great to hear, Mike. =A0A single discovery mechanism was the goal, so thank= s for helping to make that happen.

There is no sin= gle discovery mechanism on the web.=A0 But consolodation is beneficial to d= evelopers.=A0 Good stuff.
=A0

Cheers,

Gonzalo

On Jan 23, 2013, at 12:10 PM, Mike Jones wrote:

> FYI, for its most recent specification release, the OpenID Connect wor= king group decided to switch from using Simple Web Discovery to WebFinger f= or identity provider discovery, since WebFinger now meets the OpenID Connec= t discovery requirements previously discussed in the working group. =A0See = http://self-= issued.info/?p=3D937 and http://openid.net/specs/openid= -connect-discovery-1_0-12.html for details.
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 -- Mike
>
> ________________________= _______________________
> webfinger mailing list
> webfinger@ietf.org
> https://www.ietf.org/mailman/listinfo/webfinger

_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

--e89a8f5028306bfecf04d3fc0f59-- From salvatore.loreto@ericsson.com Mon Jan 28 05:26:13 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C324921F886D for ; Mon, 28 Jan 2013 05:26:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.248 X-Spam-Level: X-Spam-Status: No, score=-106.248 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQdvBZTWJg3e for ; Mon, 28 Jan 2013 05:26:11 -0800 (PST) Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 3F52A21F8585 for ; Mon, 28 Jan 2013 05:26:11 -0800 (PST) X-AuditID: c1b4fb30-b7f0d6d000007e61-01-51067c7168cc Received: from esessmw0237.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 0A.48.32353.17C76015; Mon, 28 Jan 2013 14:26:10 +0100 (CET) Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0237.eemea.ericsson.se (153.88.115.91) with Microsoft SMTP Server id 8.3.279.1; Mon, 28 Jan 2013 14:26:08 +0100 Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id C9E932AB5 for ; Mon, 28 Jan 2013 15:26:08 +0200 (EET) Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 07D235407D for ; Mon, 28 Jan 2013 15:26:07 +0200 (EET) Received: from n94.nomadiclab.com (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id BF73253F90 for ; Mon, 28 Jan 2013 15:26:06 +0200 (EET) Message-ID: <51067C70.6010005@ericsson.com> Date: Mon, 28 Jan 2013 15:26:08 +0200 From: Salvatore Loreto User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org References: <51067C1C.2050509@ericsson.com> In-Reply-To: <51067C1C.2050509@ericsson.com> X-Forwarded-Message-Id: <51067C1C.2050509@ericsson.com> Content-Type: multipart/alternative; boundary="------------080900070100020700000509" X-Virus-Scanned: ClamAV using ClamSMTP X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrELMWRmVeSWpSXmKPExsUyM+JvrW5RDVugwTI5i0U3pjM6MHosWfKT KYAxissmJTUnsyy1SN8ugSvj6xK9ghUKFUf/vGdpYHwj2cXIySEhYCKx8NoaRghbTOLCvfVs XYxcHEICJxklGiYcY4VwNjBKrHrexAjhXGaUeLJ2HVTZMUaJCbdmsEA4+xglXt9czwIyjFdA W2Lzol1AVRwcLAKqEm+vBYOE2QTMJJ4/3MIMYosKJEt8vHONFaJcUOLkzCdgrSJAd6w/+oAN xBYWCJfomb6GBWSMENDIgwu5QcKcAjoSk/euY4Y421xi9c0D7CA2s0CYxKv+bUwQcTWJq+c2 gdUICWhJ9J7tZJrAKDILybZZSFogbFuJC3OuQ8XlJba/ncMMYetKXPg/BUV8ASPbKkb23MTM nPRy802MwHg4uOW3wQ7GTffFDjFKc7AoifOGu14IEBJITyxJzU5NLUgtii8qzUktPsTIxMEp 1cC4/qzz9VnWPudvhnVu0SztXPvs96V7v8I/5OZ1GHA8+NtXaPV2ibmfVGrlLi7tvxumr8hd nnLj2TWWhrOG/Gqmdbc3XTni/+Kz/KeZBc2Zcwxs2V7Nm/CsZGm927/M2L/vzu+teZovltNd xfZjb869xgomZdPtH5eWOqo+/ZoadmKWdof1w63KSizFGYmGWsxFxYkAX9ETsFUCAAA= Subject: [webfinger] Fwd: [apps-discuss] Working Group Last Call for draft-ietf-appsawg-acct-uri-02 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 13:26:13 -0000 --------------080900070100020700000509 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit FYI Note: your comments, feedback on the draft should go to the apps-discuss mailing list thanks Salvatore -------- Original Message -------- Subject: [apps-discuss] Working Group Last Call for draft-ietf-appsawg-acct-uri-02 Date: Mon, 28 Jan 2013 15:24:44 +0200 From: Salvatore Loreto To: apps-discuss@ietf.org Dear WG partecipants, I would like to initiate a 2 weeks WG Last Call on draft-ietf-appsawg-acct-uri-02.txt ("The 'acct' URI Scheme") http://tools.ietf.org/id/draft-ietf-appsawg-acct-uri-02.txt Please send your reviews, as well as expression of support regarding document readiness for IESG (or not) either to the *apps-discuss* mailing list, or directly to the WG chairs (Murray Kucherawy and myself). The WG LC will end on Friday, February 8th. Thank you, Salvatore as an APPSAWG co-chair. _______________________________________________ apps-discuss mailing list apps-discuss@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss --------------080900070100020700000509 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit FYI

Note: your comments, feedback on the draft should go to the apps-discuss mailing list
<apps-discuss@ietf.org>

thanks
Salvatore

-------- Original Message --------
Subject: [apps-discuss] Working Group Last Call for draft-ietf-appsawg-acct-uri-02
Date: Mon, 28 Jan 2013 15:24:44 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: apps-discuss@ietf.org <apps-discuss@ietf.org>


Dear WG partecipants,


I would like to initiate a 2 weeks WG Last Call on
draft-ietf-appsawg-acct-uri-02.txt ("The 'acct' URI Scheme")
http://tools.ietf.org/id/draft-ietf-appsawg-acct-uri-02.txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *apps-discuss* 
mailing list,
or directly to the WG chairs (Murray Kucherawy and myself).


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.


_______________________________________________
apps-discuss mailing list
apps-discuss@ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss




--------------080900070100020700000509-- From salvatore.loreto@ericsson.com Mon Jan 28 08:50:44 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0F521F88B9 for ; Mon, 28 Jan 2013 08:50:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.248 X-Spam-Level: X-Spam-Status: No, score=-106.248 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2yBPulkaYdGB for ; Mon, 28 Jan 2013 08:50:43 -0800 (PST) Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 5D53021F87FA for ; Mon, 28 Jan 2013 08:50:43 -0800 (PST) X-AuditID: c1b4fb30-b7f0d6d000007e61-fb-5106ac62b9b4 Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id C0.F7.32353.26CA6015; Mon, 28 Jan 2013 17:50:42 +0100 (CET) Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.279.1; Mon, 28 Jan 2013 17:50:42 +0100 Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id D90A12AB5 for ; Mon, 28 Jan 2013 18:50:41 +0200 (EET) Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 126A653D4E for ; Mon, 28 Jan 2013 18:50:40 +0200 (EET) Received: from Salvatore-Loretos-MacBook-Pro.local (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id B52DE53991 for ; Mon, 28 Jan 2013 18:50:39 +0200 (EET) Message-ID: <5106AC61.3010702@ericsson.com> Date: Mon, 28 Jan 2013 18:50:41 +0200 From: Salvatore Loreto User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org References: <20130128161915.25113.71244.idtracker@ietfa.amsl.com> In-Reply-To: <20130128161915.25113.71244.idtracker@ietfa.amsl.com> X-Forwarded-Message-Id: <20130128161915.25113.71244.idtracker@ietfa.amsl.com> Content-Type: multipart/alternative; boundary="------------010104060405050203070508" X-Virus-Scanned: ClamAV using ClamSMTP X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMLMWRmVeSWpSXmKPExsUyM+JvrW7SGrZAg38v5C0W3ZjO6MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujJbnL5gKHmtUPHg1hb2B8a98FyMnh4SAicThU9eZIWwxiQv3 1rN1MXJxCAmcZJT4236NDSQhJLCBUWLnAg+IxGVGic/flrBCOMcYJS5v7mSCcM4zSkzdtBKs hVdAW6Lr7DJWEJtFQFVixou1LCA2m4CZxPOHW8D2iQokS3y8c40Vol5Q4uTMJ2A1IkB3rD/6 AGyOsICPxIXW2cwQZzhKrF/3DqyeU8BJYvL1Y4wQd/tKbHq3E+gIDg5mgTCJtj6o19Qkrp7b BNWqJdF7tpNpAqPILCTbZiF0gISZBWwlLsy5zgJhy0tsfzuHGcLWlbjwfwqK+AJGtlWM7LmJ mTnp5eabGIERcXDLb4MdjJvuix1ilOZgURLnDXe9ECAkkJ5YkpqdmlqQWhRfVJqTWnyIkYmD U6qB8VRd7rNdsw/L7QxbOrde2WeBunfxxF5tk328LQq7opzcV++xWRHx1+HsPOHpp3IDewpm 6dxiU1M1+V3Nf9ZOQs+O/dy+yq0pZjy9r1et6Pf/xpB/5cjH4qwA5QmxH2La9LYtNIn4tmpp W4v4t5NZclMrHD1t5T2/HGDNyHvS+dycM2epEDOjEktxRqKhFnNRcSIAG80zUlYCAAA= Subject: [webfinger] Fwd: [apps-discuss] I-D Action: draft-ietf-appsawg-webfinger-09.txt X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 16:50:44 -0000 --------------010104060405050203070508 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit FYI -------- Original Message -------- Subject: [apps-discuss] I-D Action: draft-ietf-appsawg-webfinger-09.txt Date: Mon, 28 Jan 2013 08:19:15 -0800 From: To: CC: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Applications Area Working Group Working Group of the IETF. Title : WebFinger Author(s) : Paul E. Jones Gonzalo Salgueiro Joseph Smarr Filename : draft-ietf-appsawg-webfinger-09.txt Pages : 20 Date : 2013-01-28 Abstract: This specification defines the WebFinger protocol, which can be used to discover information about people or other entities on the Internet using standard HTTP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-09 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-appsawg-webfinger-09 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ apps-discuss mailing list apps-discuss@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss --------------010104060405050203070508 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit FYI


-------- Original Message --------
Subject: [apps-discuss] I-D Action: draft-ietf-appsawg-webfinger-09.txt
Date: Mon, 28 Jan 2013 08:19:15 -0800
From: <internet-drafts@ietf.org>
To: <i-d-announce@ietf.org>
CC: <apps-discuss@ietf.org>


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Applications Area Working Group Working Group of the IETF.

	Title           : WebFinger
	Author(s)       : Paul E. Jones
                          Gonzalo Salgueiro
                          Joseph Smarr
	Filename        : draft-ietf-appsawg-webfinger-09.txt
	Pages           : 20
	Date            : 2013-01-28

Abstract:
   This specification defines the WebFinger protocol, which can be used
   to discover information about people or other entities on the
   Internet using standard HTTP methods.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-09

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-appsawg-webfinger-09


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
apps-discuss mailing list
apps-discuss@ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss




--------------010104060405050203070508-- From salvatore.loreto@ericsson.com Mon Jan 28 10:13:52 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0EA821F8783 for ; Mon, 28 Jan 2013 10:13:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.248 X-Spam-Level: X-Spam-Status: No, score=-106.248 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43UcW5cUS+iZ for ; Mon, 28 Jan 2013 10:13:51 -0800 (PST) Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 1C34121F8928 for ; Mon, 28 Jan 2013 10:13:50 -0800 (PST) X-AuditID: c1b4fb2d-b7f316d0000028db-78-5106bfdd6bcd Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id A0.70.10459.DDFB6015; Mon, 28 Jan 2013 19:13:49 +0100 (CET) Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.279.1; Mon, 28 Jan 2013 19:13:49 +0100 Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 379EE2ACC; Mon, 28 Jan 2013 20:13:49 +0200 (EET) Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 1B7E25417B; Mon, 28 Jan 2013 20:13:47 +0200 (EET) Received: from Salvatore-Loretos-MacBook-Pro.local (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id C3F2353F8F; Mon, 28 Jan 2013 20:13:46 +0200 (EET) Message-ID: <5106BFDC.2030706@ericsson.com> Date: Mon, 28 Jan 2013 20:13:48 +0200 From: Salvatore Loreto User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org Content-Type: multipart/alternative; boundary="------------060804060600040004050402" X-Virus-Scanned: ClamAV using ClamSMTP X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrKLMWRmVeSWpSXmKPExsUyM+Jvre7d/WyBBrvm61tM/N7AZrHoxnRG ByaPnbPusnssWfKTKYApissmJTUnsyy1SN8ugStj/jTvglnCFc0PFrM2MPbwdzFyckgImEic u/iFDcIWk7hwbz2QzcUhJHCSUWLZvUfMEM4GRonmW71Qzi5GicXvpzJBOGsZJT7cv8sK4Wxj lDh+q5sdZBivgLbErEubmUFsFgFViRV7e8FsNgEziecPt4DZogLJEh/vXGOFqBeUODnzCQuI LQJ0yPqjD8COYhbQl2hYMwesRljAReLSln2MXYwcQPEwieYOZYi71SSuntsENlJIQEui92wn 0wRGoVlIps5C6JgFNtRW4sKc6ywQtrzE9rdzmCFsXYkL/6egiC9gZFvFyJ6bmJmTXm64iREY 9Ae3/NbdwXjqnMghRmkOFiVx3jDXCwFCAumJJanZqakFqUXxRaU5qcWHGJk4OKUaGHvVP9m+ +nP3vZf1Vn/NznzfxX213w41S+RPKrq9/dLvxH8bbXcb3k5yNNlgtlf8SPuiyil1Kw9Y/+KO 3smxJ0ey6t37Y2dE2C8etlLJvLgv6VSMxGxr/qqSpBtnLFqmTn9w6cT6x17hT9e1FlXmCHfM +j0pjXWyfKXU1NvaeUeOCJTukOT8H6/EUpyRaKjFXFScCACgd0rUSAIAAA== Cc: "Murray S. Kucherawy" Subject: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 18:13:52 -0000 --------------060804060600040004050402 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Dear WG partecipants, I would like to initiate a 2 weeks WG Last Call on draft-ietf-appsawg-webfinger-09.txt ("WebFinger") http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt Please send your reviews, as well as expression of support regarding document readiness for IESG (or not) either to the *webfinger* mailing list (webfinger@ietf.org), or directly to the WG chairs (Murray Kucherawy and myself). Comments like "I've read the document and it is Ok to publish" or "I've read the document and it has the following issues" are useful and would be gratefully accepted by chairs. The WG LC will end on Friday, February 8th. Thank you, Salvatore as an APPSAWG co-chair. --------------060804060600040004050402 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Dear WG partecipants,


I would like to initiate a 2 weeks WG Last Call on
draft-ietf-appsawg-webfinger-09.txt ("WebFinger")
http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *webfinger* mailing list (webfinger@ietf.org),
or directly to the WG chairs (Murray Kucherawy and myself).

Comments like "I've read the document and it is Ok to publish" or
"I've read the document and it has the following issues"
are useful and would be gratefully accepted by chairs.


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.


--------------060804060600040004050402-- From jasnell@gmail.com Tue Jan 29 10:03:44 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF12921F8A49 for ; Tue, 29 Jan 2013 10:03:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.183 X-Spam-Level: X-Spam-Status: No, score=-2.183 tagged_above=-999 required=5 tests=[AWL=0.417, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sB-UiJZowEsG for ; Tue, 29 Jan 2013 10:03:43 -0800 (PST) Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id BD18121F8923 for ; Tue, 29 Jan 2013 10:03:43 -0800 (PST) Received: by mail-ie0-f181.google.com with SMTP id 17so600293iea.12 for ; Tue, 29 Jan 2013 10:03:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=u2lagcgnS0YoPuabNdP5SAp81tWswmPbBLWn7FMjULQ=; b=rA1CceybQCmPj95j0W2DRfnf7TzswwnofQ5iPPgTdjgkRQNvXi0Wkg4fyK7Z2ZjuTM Xz8NL1Z8DIAt/3bDVJgdGwhMO99xRSMvnLyYvnpsm1Nr7WO9m6W8/JFmh1FeAO1ZA/p1 EUPKsAp8RMSVdMzeARuzB8nneXmRaRFRvdO9LOPCzgUc7P8l2GT1eb1OiVIkjQBzI3WY HwNmpIF2evQgaUFLK5gK2FLIjjieR0xF2KMFpylmMaTmOGVkc4ABA0+o6F1+fOKmaRgk rel3SL5E/bIkzmQiNPHP/BR71FCZw8yfxcjG++okbSa8EXTviZnJdrnPb8aC3vECc3pv vdJw== X-Received: by 10.42.157.68 with SMTP id c4mr1234366icx.35.1359482623302; Tue, 29 Jan 2013 10:03:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.26.137 with HTTP; Tue, 29 Jan 2013 10:03:23 -0800 (PST) In-Reply-To: <5106C090.8080403@ericsson.com> References: <5106BFDC.2030706@ericsson.com> <5106C090.8080403@ericsson.com> From: James M Snell Date: Tue, 29 Jan 2013 10:03:23 -0800 Message-ID: To: Salvatore Loreto Content-Type: multipart/alternative; boundary=90e6ba613b32d71cd204d4713692 Cc: "webfinger@ietf.org" Subject: Re: [webfinger] [apps-discuss] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:03:45 -0000 --90e6ba613b32d71cd204d4713692 Content-Type: text/plain; charset=UTF-8 I'm really just now starting to turn my attention to the acct uri aspect of the WebFinger discussion.. generally speaking I'm +1 on the current draft. When going through various implementation scenarios, however, one thought did strike me, although it may be a bit too late in the game to put this on the table at all. I apologize for making this late suggestion... In some scenarios, such as hosted cloud application environments, a service provider may wish to host the information about a given user within a different domain. For instance, suppose Company Foo.com utilizes services from ISV Bar.com. The user accounts, however, are drawn from Foo.com, but Bar.com is the provider that actually hosts the profiles and account information. What I want is something that identifies the user account AND the service provider. Example: acct:john.doe@foo.com?provider=bar.com In a WebFinger type of scenario, resolving this would involve something like... GET /.well-known/webfinger?resource=john.doe@foo.com Host: bar.com Encoding the third party provider into the URL in this way provides a fairly flexible way of enabling the third party support without complicated redirects from foo.com to bar.com. It also gives domains a way of enabling bits of information to be shared from multiple sources... acct:john.doe@foo.com?provider=isv1.com vs. acct:john.doe@foo.com?provider=isv2.com To enable this kind of thing, it would be helpful if the basic acct URI syntax allowed for optional parameters like the mailto URI scheme does (RFC2368). The specific parameters themselves can be figured out later... - James On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto < salvatore.loreto@ericsson.com> wrote: > FYI > > the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started. > Please see the mail below and note that the right venue for discussion is > the *webfinger* mailing list > > best regards > Salvatore > > -------- Original Message -------- Subject: [webfinger] Working Group > Last Call for draft-ietf-appsawg-webfinger-09 Date: Mon, 28 Jan 2013 > 20:13:48 +0200 From: Salvatore Loreto To: > CC: Murray S. Kucherawy > > > > Dear WG partecipants, > > > I would like to initiate a 2 weeks WG Last Call on > draft-ietf-appsawg-webfinger-09.txt ("WebFinger") > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt > > > Please send your reviews, as well as expression of support regarding > document readiness for IESG (or not) either to the **webfinger** mailing > list (webfinger@ietf.org), > or directly to the WG chairs (Murray Kucherawy and myself). > > Comments like "I've read the document and it is Ok to publish" or > "I've read the document and it has the following issues" > are useful and would be gratefully accepted by chairs. > > > The WG LC will end on Friday, February 8th. > > > Thank you, > Salvatore as an APPSAWG co-chair. > > > > > > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > > --90e6ba613b32d71cd204d4713692 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I'm really just n= ow starting to turn my attention to the acct uri aspect of the WebFinger di= scussion.. generally speaking I'm +1 on the current draft. When going t= hrough various implementation scenarios, however, one thought did strike me= , although it may be a bit too late in the game to put this on the table at= all. I apologize for making this late suggestion...

In some scenarios, such as hosted cloud applicat= ion environments, a service provider may wish to host the information about= a given user within a different domain. For instance, suppose Company Foo.= com utilizes services from ISV Bar.com. The user accounts, however, are dra= wn from Foo.com, but Bar.com is the provider that actually hosts the profil= es and account information. What I want is something that identifies the us= er account AND the service provider.=C2=A0

Example:=C2=A0

=C2=A0 acct:john.doe@foo.com?provider=3Dbar.com

In a WebFinger type of scenario, res= olving this would involve something like...

=C2=A0 GET /.= well-known/webfinger?resource=3Djohn.do= e@foo.com
= =C2=A0 Host: bar.com

Encoding the third party provider i= nto the URL in this way provides a fairly flexible way of enabling the thir= d party support without complicated redirects from foo.com to bar.com. It also gives dom= ains a way of enabling bits of information to be shared from multiple sourc= es... acct:joh= n.doe@foo.com?provider=3Disv1.com vs. acct:john.doe@foo.com?provider=3Disv2.com

To enable this kind of thing, it wo= uld be helpful if the basic acct URI syntax allowed for optional parameters= like the mailto URI scheme does (RFC2368). The specific parameters themsel= ves can be figured out later...

- Jam= es

=





On Mon, Jan 28, 2013 at 10:16 AM, Sa= lvatore Loreto <salvatore.loreto@ericsson.com> w= rote:
=20 =20 =20
FYI

the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started.
Please see the mail below and note that the right venue for discussion is
the *webfinger* mailing list

best regards
Salvatore

-------- Original Message --------
Subject: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09
Date: Mon, 28 Jan 2013 20:13:48 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: <= ;webfinger@ietf.org>
CC: Murray S. Kucherawy <superuser@gmail.com>


=20 Dear WG partecipants,


I would like to initiate a 2 weeks WG Last Call on
draft-ietf-appsawg-webfinger-09.txt ("WebFinger")
http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-= 09.txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *w= ebfinger* mailing list (webfinger@ietf.org),
or directly to the WG chairs (Murray Kucherawy and myself).

Comments like "I've read the document and it is Ok to publis= h" or
"I've read the document and it has the following issues"= ;
are useful and would be gratefully accepted by chairs.


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.





_______________________________________________
apps-discuss mailing list
apps-discuss@ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss


--90e6ba613b32d71cd204d4713692-- From kidehen@openlinksw.com Tue Jan 29 10:12:00 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6524221F8AF8 for ; Tue, 29 Jan 2013 10:12:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNcPqmcyEbWW for ; Tue, 29 Jan 2013 10:11:59 -0800 (PST) Received: from mail.openlinksw.com (mail.openlinksw.com [63.119.36.38]) by ietfa.amsl.com (Postfix) with ESMTP id C97D221F8AF2 for ; Tue, 29 Jan 2013 10:11:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=openlinksw.com; s=x; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=Nr0uoomwGP3r4FXTB1X2w+K8CBTF54cVnpdaPJUdC+8=; b=aMe9Jfwz9tuYTiGsXqW7AFzqAnVu9zYBeaQYgPZs9LPs/rT8JUkLkwD7DVL3CP6iScTCUDB1kDqiEOXpFkAgGxeaAztV/CF0nFghGvLEFAoZ1TYmkktfXasfPzLs/vmA; Received: from kidehen.vpn ([10.100.2.3] helo=Macintosh-96.local) by mail.openlinksw.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.74) (envelope-from ) id 1U0Ff3-0006kA-Oh for webfinger@ietf.org; Tue, 29 Jan 2013 13:11:58 -0500 Message-ID: <510810ED.3080106@openlinksw.com> Date: Tue, 29 Jan 2013 13:11:57 -0500 From: Kingsley Idehen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: webfinger@ietf.org References: <5106BFDC.2030706@ericsson.com> <5106C090.8080403@ericsson.com> In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms020405030206050309000101" Subject: Re: [webfinger] [apps-discuss] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:12:00 -0000 This is a cryptographically signed message in MIME format. --------------ms020405030206050309000101 Content-Type: multipart/alternative; boundary="------------020102080207000900030402" This is a multi-part message in MIME format. --------------020102080207000900030402 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable On 1/29/13 1:03 PM, James M Snell wrote: > I'm really just now starting to turn my attention to the acct uri=20 > aspect of the WebFinger discussion.. generally speaking I'm +1 on the=20 > current draft. When going through various implementation scenarios,=20 > however, one thought did strike me, although it may be a bit too late=20 > in the game to put this on the table at all. I apologize for making=20 > this late suggestion... > > In some scenarios, such as hosted cloud application environments, a=20 > service provider may wish to host the information about a given user=20 > within a different domain. For instance, suppose Company Foo.com=20 > utilizes services from ISV Bar.com. The user accounts, however, are=20 > drawn from Foo.com, but Bar.com is the provider that actually hosts=20 > the profiles and account information. What I want is something that=20 > identifies the user account AND the service provider. > > Example: > > acct:john.doe@foo.com?provider=3Dbar.com=20 > > > In a WebFinger type of scenario, resolving this would involve=20 > something like... > > GET /.well-known/webfinger?resource=3Djohn.doe@foo.com=20 > > Host: bar.com > > Encoding the third party provider into the URL in this way provides a=20 > fairly flexible way of enabling the third party support without=20 > complicated redirects from foo.com to bar.com=20 > . It also gives domains a way of enabling bits of=20 > information to be shared from multiple sources...=20 > acct:john.doe@foo.com?provider=3Disv1.com=20 > vs.=20 > acct:john.doe@foo.com?provider=3Disv2.com=20 > > > To enable this kind of thing, it would be helpful if the basic acct=20 > URI syntax allowed for optional parameters like the mailto URI scheme=20 > does (RFC2368). The specific parameters themselves can be figured out=20 > later... +1 Kingsley > > - James > > > > > > > On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto=20 > > = > wrote: > > FYI > > the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started. > Please see the mail below and note that the right venue for > discussion is > the *webfinger* mailing list > > best regards > Salvatore > > -------- Original Message -------- > Subject: [webfinger] Working Group Last Call for > draft-ietf-appsawg-webfinger-09 > Date: Mon, 28 Jan 2013 20:13:48 +0200 > From: Salvatore Loreto > > To: > CC: Murray S. Kucherawy > > > > > Dear WG partecipants, > > > I would like to initiate a 2 weeks WG Last Call on > draft-ietf-appsawg-webfinger-09.txt ("WebFinger") > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt > > > > Please send your reviews, as well as expression of support regardin= g > document readiness for IESG (or not) either to the **webfinger** > mailing list (webfinger@ietf.org ), > or directly to the WG chairs (Murray Kucherawy and myself). > > Comments like "I've read the document and it is Ok to publish" or > "I've read the document and it has the following issues" > are useful and would be gratefully accepted by chairs. > > > The WG LC will end on Friday, February 8th. > > > Thank you, > Salvatore as an APPSAWG co-chair. > > > > > > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > > > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger --=20 Regards, Kingsley Idehen=09 Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen --------------020102080207000900030402 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On 1/29/13 1:03 PM, James M Snell wrote:
I'm really ju= st now starting to turn my attention to the acct uri aspect of the WebFinger discussion.. generally speaking I'm +1 on the current draft. When going through various implementation scenarios, however, one thought did strike me, although it may be a bit too late in the game to put this on the table at all. I apologize for making this late suggestion...

In some scenarios, such as hosted cloud application environments, a service provider may wish to host the information about a given user within a different domain. For instance, suppose Company Foo.com utilizes services from ISV Bar.com. The user accounts, however, are drawn from Foo.com, but Bar.com is the provider that actually hosts the profiles and account information. What I want is something that identifies the user account AND the service provider. 

Example:&nbs= p;


In a WebFin= ger type of scenario, resolving this would involve something like...

  GET /.well-known/webfinger?resource=3Djohn.doe@foo.com
  Host= : bar.com


To enable t= his kind of thing, it would be helpful if the basic acct URI syntax allowed for optional parameters like the mailto URI scheme does (RFC2368). The specific parameters themselves can be figured out later...

+1

Kingsley

- James






On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto <salvatore.loreto@ericsson.com> wrote:
FYI

the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started.
Please see the mail below and note that the right venue for discussion is
the *webfinger* mailing list

best regards
Salvatore

-------- Original Message --------
Subject: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09
Date: Mon, 28 Jan 2013 20:13:48 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson= =2Ecom>
To: <webfinger@ietf.org>
CC: Murray S. Kucherawy <superuser@gmail.com>


Dear WG partecipants,


I would like to initiate a 2 weeks WG Last Call on draft-ietf-appsawg-webfinger-09.txt ("WebFinger") http://tools.ietf.org/id/draft-ie= tf-appsawg-webfinger-09.txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *webfinger* mailing list (webfinger@ietf.org),
or directly to the WG chairs (Murray Kucherawy and myself).

Comments like "I've read the document and it is Ok to publish" or
"I've read the document and it has the following issues"
are useful and would be gratefully accepted by chairs.


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.





_______________________________________________
apps-discuss mailing list
apps-discuss@ietf.org=
https://www.ietf.org/mailman/listinfo/app= s-discuss




_______________________________________________
webfinger mailing list
=
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger


--=20

Regards,

Kingsley Idehen	     =20
Founder & CEO=20
OpenLink Software    =20
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767=
740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen




--------------020102080207000900030402-- --------------ms020405030206050309000101 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEJDCC BCAwggMIoAMCAQICAgE4MA0GCSqGSIb3DQEBDQUAMEExIzAhBgNVBAMMGk9wZW5MaW5rIFNv ZnR3YXJlIExvY2FsIENBMRowGAYDVQQKDBFPcGVuTGluayBTb2Z0d2FyZTAeFw0xMjAyMjQx OTU2NTlaFw0xMzAyMjMxOTU2NTlaMHExHTAbBgNVBAMUFEBraWRlaGVuIChMaW5rZWRJbikg MSkwJwYDVQQKEyBQZXJzb25hbCBEYXRhIFNwYWNlIHZpYSBMaW5rZWRJbjElMCMGCSqGSIb3 DQEJARYWa2lkZWhlbkBvcGVubGlua3N3LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAKrT1qMDcB84exoG2vBpCkJW0LclRLuM0gnbqnY+e/aBhJGtlwAtgvHehFwWT/ec 1jDTKEkgmJMGQaBwiM+BslcRIO1DdebUEwTI2HpY1PzCarGir+4lxPySTc9Wb8Y77k6eId20 pC2DhMa3dwLWbUColYPbcwCLhl+dD8g9GVDpuuqhQpFd24M5ycV62GMbjQi2pLlqXE9eQgOy NpOeSO4GCOlTX4N84YWFXQw9OpMu3NN3Gebd0czpwHK/sgHpQGGCZTfCUfkXhXwb5MuYYnHr pwIpsWU3aD7PMO4UJeAGnI3A/mC0vbvBRBLflgGMMqk6r4EGMhjhtSYEo2i+VX0CAwEAAaOB 8TCB7jAdBgNVHQ4EFgQUxyi+Y4xfaXWdVzdTTGn2clQ/r5YwbAYDVR0RBGUwY4ZJaHR0cDov L2lkLm15b3BlbmxpbmsubmV0L2Fib3V0L2lkL2VudGl0eS9odHRwL3d3dy5saW5rZWRpbi5j b20vaW4va2lkZWhlboEWa2lkZWhlbkBvcGVubGlua3N3LmNvbTAtBglghkgBhvhCAQ0EIBYe VmlydHVvc28gR2VuZXJhdGVkIENlcnRpZmljYXRlMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMC BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQENBQADggEBAFrH60IIx9mG LxLVxZ81c2ti3gPU18j8GvbhHk7jNRWPepeR99T49K+YdUwMAPvsypfxS0f77CYM2JwCFkus rCr+NyVR44cvdXOYQcAlmlklDu+U+bZMLYWAzgx0U5kLZunFXBpoXUxuC5uVVhZ4cX/GrkYh 7JlEnqg1GgDnIjgojV4gc8a2oTEGA+eNY72N29MO0I9Ptu72HY13VT3tkPmOpCBMKJbDCfVF dUJeLv7AnNFSA28lg0x1bwjTixavzFbkpkdjmdSYfxPJRkzUgATcfNGQbdwMhz4Smd921wFL oorFXA2tGuMwkNePnD/Wg73BbtAhHGMNq575tPdysVIxggLvMIIC6wIBATBHMEExIzAhBgNV BAMMGk9wZW5MaW5rIFNvZnR3YXJlIExvY2FsIENBMRowGAYDVQQKDBFPcGVuTGluayBTb2Z0 d2FyZQICATgwCQYFKw4DAhoFAKCCAX0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMTMwMTI5MTgxMTU3WjAjBgkqhkiG9w0BCQQxFgQUxZlk8SSBMsGot3zB ksOGuSLjEOEwVgYJKwYBBAGCNxAEMUkwRzBBMSMwIQYDVQQDDBpPcGVuTGluayBTb2Z0d2Fy ZSBMb2NhbCBDQTEaMBgGA1UECgwRT3BlbkxpbmsgU29mdHdhcmUCAgE4MFgGCyqGSIb3DQEJ EAILMUmgRzBBMSMwIQYDVQQDDBpPcGVuTGluayBTb2Z0d2FyZSBMb2NhbCBDQTEaMBgGA1UE CgwRT3BlbkxpbmsgU29mdHdhcmUCAgE4MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAESztja8NZvqJ boUdA8L2qOPMZZ6OssI4eMewITMRl2AhWYYxsrA6IqilC2x7wVW+AzJob5qug4JQI5tOHnXP xydhsc9zqdkDYSowlay56pihqS+us54MiZUw29JFhq7hdQIJXMycglchdVPJsA6ruKa9FrYA EZL/oT79zeCHUOQs+upfZ8x8udl+yPyWj8ns+tqQfDHd7pLhNBJuuGEB6/B9IDoTTlBq+ts/ W88ijMQvdj1Zr039Rk3lw4ol7zrhKnursOwa2vqLyOY58GIbZyaqOb6eBvHWtzk/9OY/AiZJ YjnkMOnU7/xEuMnK16QUc4ngzE3ZLqF0VW/NoLXeHAAAAAAAAA== --------------ms020405030206050309000101-- From gsalguei@cisco.com Tue Jan 29 10:12:25 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63ADA21F87D1 for ; Tue, 29 Jan 2013 10:12:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.374 X-Spam-Level: X-Spam-Status: No, score=-10.374 tagged_above=-999 required=5 tests=[AWL=0.225, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62CrCTxQ3ehY for ; Tue, 29 Jan 2013 10:12:24 -0800 (PST) Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id 12A7721F869B for ; Tue, 29 Jan 2013 10:12:24 -0800 (PST) X-TACSUNS: Virus Scanned Received: from chook.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0TICNJB019794 for ; Tue, 29 Jan 2013 13:12:23 -0500 (EST) Received: from rtp-gsalguei-8913.cisco.com (rtp-gsalguei-8913.cisco.com [10.116.132.52]) by chook.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0TICNft022707; Tue, 29 Jan 2013 13:12:23 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Gonzalo Salgueiro In-Reply-To: Date: Tue, 29 Jan 2013 13:12:22 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <50FE8D7F-FC41-4297-90FE-F2F5730696D8@cisco.com> References: <5106BFDC.2030706@ericsson.com> <5106C090.8080403@ericsson.com> To: James M Snell X-Mailer: Apple Mail (2.1499) Cc: Salvatore Loreto , webfinger@ietf.org Subject: Re: [webfinger] [apps-discuss] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:12:26 -0000 Thanks James. I'm just trying to sort through this a bit. Is this a WF = LC comment or more of an acct URI LC comment? Cheers, Gonzalo On Jan 29, 2013, at 1:03 PM, James M Snell wrote: > I'm really just now starting to turn my attention to the acct uri = aspect of the WebFinger discussion.. generally speaking I'm +1 on the = current draft. When going through various implementation scenarios, = however, one thought did strike me, although it may be a bit too late in = the game to put this on the table at all. I apologize for making this = late suggestion... >=20 > In some scenarios, such as hosted cloud application environments, a = service provider may wish to host the information about a given user = within a different domain. For instance, suppose Company Foo.com = utilizes services from ISV Bar.com. The user accounts, however, are = drawn from Foo.com, but Bar.com is the provider that actually hosts the = profiles and account information. What I want is something that = identifies the user account AND the service provider.=20 >=20 > Example:=20 >=20 > acct:john.doe@foo.com?provider=3Dbar.com >=20 > In a WebFinger type of scenario, resolving this would involve = something like... >=20 > GET /.well-known/webfinger?resource=3Djohn.doe@foo.com > Host: bar.com >=20 > Encoding the third party provider into the URL in this way provides a = fairly flexible way of enabling the third party support without = complicated redirects from foo.com to bar.com. It also gives domains a = way of enabling bits of information to be shared from multiple = sources... acct:john.doe@foo.com?provider=3Disv1.com vs. = acct:john.doe@foo.com?provider=3Disv2.com >=20 > To enable this kind of thing, it would be helpful if the basic acct = URI syntax allowed for optional parameters like the mailto URI scheme = does (RFC2368). The specific parameters themselves can be figured out = later... >=20 > - James >=20 >=20 >=20 >=20 >=20 >=20 > On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto = wrote: > FYI >=20 > the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started. > Please see the mail below and note that the right venue for discussion = is=20 > the *webfinger* mailing list >=20 > best regards > Salvatore >=20 > -------- Original Message -------- > Subject: [webfinger] Working Group Last Call for = draft-ietf-appsawg-webfinger-09 > Date: Mon, 28 Jan 2013 20:13:48 +0200 > From: Salvatore Loreto > To: > CC: Murray S. Kucherawy >=20 >=20 > Dear WG partecipants,=20 >=20 >=20 > I would like to initiate a 2 weeks WG Last Call on=20 > draft-ietf-appsawg-webfinger-09.txt ("WebFinger")=20 > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt >=20 >=20 > Please send your reviews, as well as expression of support regarding=20= > document readiness for IESG (or not) either to the *webfinger* mailing = list (webfinger@ietf.org),=20 > or directly to the WG chairs (Murray Kucherawy and myself).=20 >=20 > Comments like "I've read the document and it is Ok to publish" or=20 > "I've read the document and it has the following issues" > are useful and would be gratefully accepted by chairs.=20 >=20 >=20 > The WG LC will end on Friday, February 8th.=20 >=20 >=20 > Thank you,=20 > Salvatore as an APPSAWG co-chair.=20 >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss >=20 >=20 > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger From jasnell@gmail.com Tue Jan 29 10:26:06 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A9E21F8AE5 for ; Tue, 29 Jan 2013 10:26:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.321 X-Spam-Level: X-Spam-Status: No, score=-2.321 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4W0vwGNJ8Z8 for ; Tue, 29 Jan 2013 10:26:05 -0800 (PST) Received: from mail-ia0-x235.google.com (ia-in-x0235.1e100.net [IPv6:2607:f8b0:4001:c02::235]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF2A21F8923 for ; Tue, 29 Jan 2013 10:26:05 -0800 (PST) Received: by mail-ia0-f181.google.com with SMTP id k25so998148iah.12 for ; Tue, 29 Jan 2013 10:26:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=nakqvkezT/aJYfYA+BW2zFOm0Edekrqr84C6fPojlHs=; b=H+RymfkCHtMpSn84NS/514KSZqQGDLizMcIcotB4aHuA+SZ8+WIw0TevjfGS9u7hOG RvCFnYWVIoZqS9oXYbMUQE5iWBBQ1CrLTvQdb11vmygTAMpgfBE5mN+H2hEhvlNvzi9/ w0rupASMF4SO3iLjsIM9YLIf5PF+aHdxjVwpC/sagCOxmDtv2tzVziL0DOBtCBhdi2l4 1xErcZKsrAD0eYis1AyBmWeliAL17cTZc5sR8cx8t9GPRxQCp1F5zBiiqHiGPMiDlCNP YWTFXzqiAJO5LVyCQnbOdlfxR78V1L8yKNse6TfUIZVQ6I8bRpyfWBF3Cp1rpGmCAyAn RIQA== X-Received: by 10.50.178.10 with SMTP id cu10mr1672395igc.75.1359483964549; Tue, 29 Jan 2013 10:26:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.26.137 with HTTP; Tue, 29 Jan 2013 10:25:44 -0800 (PST) In-Reply-To: <50FE8D7F-FC41-4297-90FE-F2F5730696D8@cisco.com> References: <5106BFDC.2030706@ericsson.com> <5106C090.8080403@ericsson.com> <50FE8D7F-FC41-4297-90FE-F2F5730696D8@cisco.com> From: James M Snell Date: Tue, 29 Jan 2013 10:25:44 -0800 Message-ID: To: Gonzalo Salgueiro Content-Type: multipart/alternative; boundary=e89a8f839ca1c8e96004d4718690 Cc: Salvatore Loreto , "webfinger@ietf.org" Subject: Re: [webfinger] [apps-discuss] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:26:06 -0000 --e89a8f839ca1c8e96004d4718690 Content-Type: text/plain; charset=UTF-8 Umm... more of an acct URI LC comment really, although it could potentially impact WF impls down the road. On Tue, Jan 29, 2013 at 10:12 AM, Gonzalo Salgueiro wrote: > Thanks James. I'm just trying to sort through this a bit. Is this a WF LC > comment or more of an acct URI LC comment? > > Cheers, > > Gonzalo > > On Jan 29, 2013, at 1:03 PM, James M Snell wrote: > > > I'm really just now starting to turn my attention to the acct uri aspect > of the WebFinger discussion.. generally speaking I'm +1 on the current > draft. When going through various implementation scenarios, however, one > thought did strike me, although it may be a bit too late in the game to put > this on the table at all. I apologize for making this late suggestion... > > > > In some scenarios, such as hosted cloud application environments, a > service provider may wish to host the information about a given user within > a different domain. For instance, suppose Company Foo.com utilizes services > from ISV Bar.com. The user accounts, however, are drawn from Foo.com, but > Bar.com is the provider that actually hosts the profiles and account > information. What I want is something that identifies the user account AND > the service provider. > > > > Example: > > > > acct:john.doe@foo.com?provider=bar.com > > > > In a WebFinger type of scenario, resolving this would involve something > like... > > > > GET /.well-known/webfinger?resource=john.doe@foo.com > > Host: bar.com > > > > Encoding the third party provider into the URL in this way provides a > fairly flexible way of enabling the third party support without complicated > redirects from foo.com to bar.com. It also gives domains a way of > enabling bits of information to be shared from multiple sources... > acct:john.doe@foo.com?provider=isv1.com vs. > acct:john.doe@foo.com?provider=isv2.com > > > > To enable this kind of thing, it would be helpful if the basic acct URI > syntax allowed for optional parameters like the mailto URI scheme does > (RFC2368). The specific parameters themselves can be figured out later... > > > > - James > > > > > > > > > > > > > > On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto < > salvatore.loreto@ericsson.com> wrote: > > FYI > > > > the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started. > > Please see the mail below and note that the right venue for discussion is > > the *webfinger* mailing list > > > > best regards > > Salvatore > > > > -------- Original Message -------- > > Subject: [webfinger] Working Group Last Call for > draft-ietf-appsawg-webfinger-09 > > Date: Mon, 28 Jan 2013 20:13:48 +0200 > > From: Salvatore Loreto > > To: > > CC: Murray S. Kucherawy > > > > > > Dear WG partecipants, > > > > > > I would like to initiate a 2 weeks WG Last Call on > > draft-ietf-appsawg-webfinger-09.txt ("WebFinger") > > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt > > > > > > Please send your reviews, as well as expression of support regarding > > document readiness for IESG (or not) either to the *webfinger* mailing > list (webfinger@ietf.org), > > or directly to the WG chairs (Murray Kucherawy and myself). > > > > Comments like "I've read the document and it is Ok to publish" or > > "I've read the document and it has the following issues" > > are useful and would be gratefully accepted by chairs. > > > > > > The WG LC will end on Friday, February 8th. > > > > > > Thank you, > > Salvatore as an APPSAWG co-chair. > > > > > > > > > > > > _______________________________________________ > > apps-discuss mailing list > > apps-discuss@ietf.org > > https://www.ietf.org/mailman/listinfo/apps-discuss > > > > > > _______________________________________________ > > webfinger mailing list > > webfinger@ietf.org > > https://www.ietf.org/mailman/listinfo/webfinger > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > --e89a8f839ca1c8e96004d4718690 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Umm... more of an acc= t URI LC comment really, although it could potentially impact WF impls down= the road.


On Tue, Jan 29, 2013 at 10:12 AM, Gonzalo Salgueiro <<= a href=3D"mailto:gsalguei@cisco.com" target=3D"_blank">gsalguei@cisco.com> wrote:
Thanks James. I'm just trying to sort through this a bit. Is this a WF = LC comment or more of an acct URI LC comment?

Cheers,

Gonzalo

On Jan 29, 2013, at 1:03 PM, James M Snell <jasnell@gmail.com> wrote:

> I'm really just now starting to turn my attention to the acct uri = aspect of the WebFinger discussion.. generally speaking I'm +1 on the c= urrent draft. When going through various implementation scenarios, however,= one thought did strike me, although it may be a bit too late in the game t= o put this on the table at all. I apologize for making this late suggestion= ...
>
> In some scenarios, such as hosted cloud application environments, a se= rvice provider may wish to host the information about a given user within a= different domain. For instance, suppose Company Foo.com utilizes services = from ISV Bar.com. The user accounts, however, are drawn from Foo.com, but B= ar.com is the provider that actually hosts the profiles and account informa= tion. What I want is something that identifies the user account AND the ser= vice provider.
>
> Example:
>
> =C2=A0 acct:john.doe@foo.com?provider=3Dbar.com
>
> In a WebFinger type of scenario, resolving this would involve somethin= g like...
>
> =C2=A0 GET /.well-known/webfinger?resource=3Djohn.doe@foo.com
> =C2=A0 Host: bar.com<= br> >
> Encoding the third party provider into the URL in this way provides a = fairly flexible way of enabling the third party support without complicated= redirects from foo.com to= bar.com. It also gives do= mains a way of enabling bits of information to be shared from multiple sour= ces... acct:john.doe@foo.com?provider=3Disv1.com vs. acct:john= .doe@foo.com?provider=3Disv2.com
>
> To enable this kind of thing, it would be helpful if the basic acct UR= I syntax allowed for optional parameters like the mailto URI scheme does (R= FC2368). The specific parameters themselves can be figured out later...
>
> - James
>
>
>
>
>
>
> On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto <salvatore.loreto@ericsson.com> wro= te:
> FYI
>
> the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started.
> Please see the mail below and note that the right venue for discussion= is
> the *webfinger* mailing list
>
> best regards
> Salvatore
>
> -------- Original Message --------
> Subject: =C2=A0 =C2=A0 =C2=A0[webfinger] Working Group Last Call for d= raft-ietf-appsawg-webfinger-09
> Date: Mon, 28 Jan 2013 20:13:48 +0200
> From: Salvatore Loreto <salvatore.loreto@ericsson.com>
> To: =C2=A0 <webfinger@ietf.or= g>
> CC: =C2=A0 Murray S. Kucherawy <superuser@gmail.com>
>
>
> Dear WG partecipants,
>
>
> I would like to initiate a 2 weeks WG Last Call on
> draft-ietf-appsawg-webfinger-09.txt ("WebFinger")
> http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-= 09.txt
>
>
> Please send your reviews, as well as expression of support regarding > document readiness for IESG (or not) either to the *webfinger* mailing= list (webfinger@ietf.org),
> or directly to the WG chairs (Murray Kucherawy and myself).
>
> Comments like "I've read the document and it is Ok to publish= " or
> "I've read the document and it has the following issues"=
> are useful and would be gratefully accepted by chairs.
>
>
> The WG LC will end on Friday, February 8th.
>
>
> Thank you,
> Salvatore as an APPSAWG co-chair.
>
>
>
>
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>
>
> __________________= _____________________________
> webfinger mailing list
> webfinger@ietf.org
> https://www.ietf.org/mailman/listinfo/webfinger

_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

--e89a8f839ca1c8e96004d4718690-- From gsalguei@cisco.com Tue Jan 29 10:33:59 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4357521F89E1 for ; Tue, 29 Jan 2013 10:33:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.419 X-Spam-Level: X-Spam-Status: No, score=-10.419 tagged_above=-999 required=5 tests=[AWL=0.180, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAuNiwm3aGs9 for ; Tue, 29 Jan 2013 10:33:58 -0800 (PST) Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id 496B421F8962 for ; Tue, 29 Jan 2013 10:33:58 -0800 (PST) X-TACSUNS: Virus Scanned Received: from chook.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0TIXvpe022862 for ; Tue, 29 Jan 2013 13:33:57 -0500 (EST) Received: from rtp-gsalguei-8913.cisco.com (rtp-gsalguei-8913.cisco.com [10.116.132.52]) by chook.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r0TIXvgA026663; Tue, 29 Jan 2013 13:33:57 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Gonzalo Salgueiro In-Reply-To: Date: Tue, 29 Jan 2013 13:33:57 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <1DE3E52B-191C-4A32-9D99-7709E91B28D8@cisco.com> References: <5106BFDC.2030706@ericsson.com> <5106C090.8080403@ericsson.com> <50FE8D7F-FC41-4297-90FE-F2F5730696D8@cisco.com> To: James M Snell X-Mailer: Apple Mail (2.1499) Cc: Salvatore Loreto , webfinger@ietf.org Subject: Re: [webfinger] [apps-discuss] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:33:59 -0000 That was more or less my assessment as well. There is a separate thread = going on in apps-discuss for acct URI LC comments. I think this needs = to be featured there and based on its resolution we will figure out if = requires new/different text on the WF draft. Cheers, Gonzalo On Jan 29, 2013, at 1:25 PM, James M Snell wrote: > Umm... more of an acct URI LC comment really, although it could = potentially impact WF impls down the road. >=20 >=20 > On Tue, Jan 29, 2013 at 10:12 AM, Gonzalo Salgueiro = wrote: > Thanks James. I'm just trying to sort through this a bit. Is this a WF = LC comment or more of an acct URI LC comment? >=20 > Cheers, >=20 > Gonzalo >=20 > On Jan 29, 2013, at 1:03 PM, James M Snell wrote: >=20 > > I'm really just now starting to turn my attention to the acct uri = aspect of the WebFinger discussion.. generally speaking I'm +1 on the = current draft. When going through various implementation scenarios, = however, one thought did strike me, although it may be a bit too late in = the game to put this on the table at all. I apologize for making this = late suggestion... > > > > In some scenarios, such as hosted cloud application environments, a = service provider may wish to host the information about a given user = within a different domain. For instance, suppose Company Foo.com = utilizes services from ISV Bar.com. The user accounts, however, are = drawn from Foo.com, but Bar.com is the provider that actually hosts the = profiles and account information. What I want is something that = identifies the user account AND the service provider. > > > > Example: > > > > acct:john.doe@foo.com?provider=3Dbar.com > > > > In a WebFinger type of scenario, resolving this would involve = something like... > > > > GET /.well-known/webfinger?resource=3Djohn.doe@foo.com > > Host: bar.com > > > > Encoding the third party provider into the URL in this way provides = a fairly flexible way of enabling the third party support without = complicated redirects from foo.com to bar.com. It also gives domains a = way of enabling bits of information to be shared from multiple = sources... acct:john.doe@foo.com?provider=3Disv1.com vs. = acct:john.doe@foo.com?provider=3Disv2.com > > > > To enable this kind of thing, it would be helpful if the basic acct = URI syntax allowed for optional parameters like the mailto URI scheme = does (RFC2368). The specific parameters themselves can be figured out = later... > > > > - James > > > > > > > > > > > > > > On Mon, Jan 28, 2013 at 10:16 AM, Salvatore Loreto = wrote: > > FYI > > > > the 2 weeks WGLC on draft-ietf-appsawg-webfinger is started. > > Please see the mail below and note that the right venue for = discussion is > > the *webfinger* mailing list > > > > best regards > > Salvatore > > > > -------- Original Message -------- > > Subject: [webfinger] Working Group Last Call for = draft-ietf-appsawg-webfinger-09 > > Date: Mon, 28 Jan 2013 20:13:48 +0200 > > From: Salvatore Loreto > > To: > > CC: Murray S. Kucherawy > > > > > > Dear WG partecipants, > > > > > > I would like to initiate a 2 weeks WG Last Call on > > draft-ietf-appsawg-webfinger-09.txt ("WebFinger") > > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt > > > > > > Please send your reviews, as well as expression of support regarding > > document readiness for IESG (or not) either to the *webfinger* = mailing list (webfinger@ietf.org), > > or directly to the WG chairs (Murray Kucherawy and myself). > > > > Comments like "I've read the document and it is Ok to publish" or > > "I've read the document and it has the following issues" > > are useful and would be gratefully accepted by chairs. > > > > > > The WG LC will end on Friday, February 8th. > > > > > > Thank you, > > Salvatore as an APPSAWG co-chair. > > > > > > > > > > > > _______________________________________________ > > apps-discuss mailing list > > apps-discuss@ietf.org > > https://www.ietf.org/mailman/listinfo/apps-discuss > > > > > > _______________________________________________ > > webfinger mailing list > > webfinger@ietf.org > > https://www.ietf.org/mailman/listinfo/webfinger >=20 > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger >=20 > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger From Michael.Jones@microsoft.com Tue Jan 29 10:39:03 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71B3C21F88A9 for ; Tue, 29 Jan 2013 10:39:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWWFLRzKtXDH for ; Tue, 29 Jan 2013 10:39:02 -0800 (PST) Received: from na01-bl2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.27]) by ietfa.amsl.com (Postfix) with ESMTP id 8665C21F886D for ; Tue, 29 Jan 2013 10:39:02 -0800 (PST) Received: from BY2FFO11FD005.protection.gbl (10.1.15.201) by BY2FFO11HUB013.protection.gbl (10.1.14.85) with Microsoft SMTP Server (TLS) id 15.0.596.13; Tue, 29 Jan 2013 18:39:00 +0000 Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD005.mail.protection.outlook.com (10.1.14.126) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Tue, 29 Jan 2013 18:38:59 +0000 Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.132]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0318.003; Tue, 29 Jan 2013 18:38:32 +0000 From: Mike Jones To: Salvatore Loreto , "webfinger@ietf.org" Thread-Topic: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09 Thread-Index: Ac3+T9aealFem3ZRQwigiYJ7rx6DkA== Date: Tue, 29 Jan 2013 18:38:32 +0000 Message-ID: <4E1F6AAD24975D4BA5B1680429673943673DA646@TK5EX14MBXC284.redmond.corp.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.71] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943673DA646TK5EX14MBXC284r_" MIME-Version: 1.0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(189002)(199002)(164054002)(59766001)(50986001)(31966008)(46102001)(55846006)(15202345001)(5343655001)(20776003)(54356001)(77982001)(76482001)(79102001)(16236675001)(74502001)(33656001)(512954001)(56816002)(47976001)(74662001)(47736001)(16406001)(51856001)(56776001)(63696002)(53806001)(49866001)(44976002)(47446002)(5343635001)(54316002)(4396001)(550254004); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB013; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:; MX:1; A:1; LANG:en; X-OriginatorOrg: microsoft.onmicrosoft.com X-Forefront-PRVS: 0741C77572 Cc: "Murray S. Kucherawy" Subject: Re: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:39:03 -0000 --_000_4E1F6AAD24975D4BA5B1680429673943673DA646TK5EX14MBXC284r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I believe that this document is ready for the IESG. Thanks, -- Mike From: webfinger-bounces@ietf.org [mailto:webfinger-bounces@ietf.org] On Beh= alf Of Salvatore Loreto Sent: Monday, January 28, 2013 10:14 AM To: webfinger@ietf.org Cc: Murray S. Kucherawy Subject: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfing= er-09 Dear WG partecipants, I would like to initiate a 2 weeks WG Last Call on draft-ietf-appsawg-webfinger-09.txt ("WebFinger") http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt Please send your reviews, as well as expression of support regarding document readiness for IESG (or not) either to the *webfinger* mailing list= (webfinger@ietf.org), or directly to the WG chairs (Murray Kucherawy and myself). Comments like "I've read the document and it is Ok to publish" or "I've read the document and it has the following issues" are useful and would be gratefully accepted by chairs. The WG LC will end on Friday, February 8th. Thank you, Salvatore as an APPSAWG co-chair. --_000_4E1F6AAD24975D4BA5B1680429673943673DA646TK5EX14MBXC284r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I believe that this document is ready for the IES= G.

 

        &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     Thanks,

        &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     -- Mike

 <= /p>

 <= /p>

From: webfinger-bounces@ietf.org [mailto:webfinger-boun= ces@ietf.org] On Behalf Of Salvatore Loreto
Sent: Monday, January 28, 2013 10:14 AM
To: webfinger@ietf.org
Cc: Murray S. Kucherawy
Subject: [webfinger] Working Group Last Call for draft-ietf-appsawg-= webfinger-09

 

Dear WG partecipants,=


I would like to initiate a 2 weeks WG Last Call on
draft-ietf-appsawg-webfinger-09.txt ("WebFinger")
htt= p://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *webfinger* mai= ling list (webfinger@ietf.org),
or directly to the WG chairs (Murray Kucherawy and myself).

Comments like "I've read the document and it is Ok to publish" or=
"I've read the document and it has the following issues"
are useful and would be gratefully accepted by chairs.


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.

--_000_4E1F6AAD24975D4BA5B1680429673943673DA646TK5EX14MBXC284r_-- From melvincarvalho@gmail.com Tue Jan 29 10:40:39 2013 Return-Path: X-Original-To: webfinger@ietfa.amsl.com Delivered-To: webfinger@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E97F21F8900 for ; Tue, 29 Jan 2013 10:40:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apZKvP1nVaTJ for ; Tue, 29 Jan 2013 10:40:39 -0800 (PST) Received: from mail-ia0-x232.google.com (mail-ia0-x232.google.com [IPv6:2607:f8b0:4001:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 0340121F8884 for ; Tue, 29 Jan 2013 10:40:38 -0800 (PST) Received: by mail-ia0-f178.google.com with SMTP id y26so1000629iab.37 for ; Tue, 29 Jan 2013 10:40:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=W5/CXTnzGUhgvuoRCEFRpB+x3h99ToHxRAe7NKD64b4=; b=r6BhiNJTDtDvf7Z4rGwesehSmOITsb6xvV8weIwjXJul+45I7OltwWyS0ZarSUCIKP WGrcsVjtmtW/17RoGpzH5o3QutyaaOIbdSVftg6gcFwauz2aA862iKsrvR/Gx/LbcTyH YxvtRJrNpFFJ6ZYju1Nzy8RxV8/i+wuV35aC8w6HaxgWMev0I7NxuDPDd+53V607qQ4d o/klBUrgtNREA1kb/fbuMHItYUpvjf5OsEmKnA1rI3lei3rX5mldKf3DGe5QVdj/K28W d7ohKujvfoq8xYaZwJOn0Z6kcgqseQIqk7gNqmR/RzKEiuJsTC8qiSdgL10RQkr5ryij n+PA== MIME-Version: 1.0 X-Received: by 10.50.77.230 with SMTP id v6mr1721023igw.11.1359484838468; Tue, 29 Jan 2013 10:40:38 -0800 (PST) Received: by 10.43.63.135 with HTTP; Tue, 29 Jan 2013 10:40:38 -0800 (PST) In-Reply-To: <5106BFDC.2030706@ericsson.com> References: <5106BFDC.2030706@ericsson.com> Date: Tue, 29 Jan 2013 19:40:38 +0100 Message-ID: From: Melvin Carvalho To: Salvatore Loreto Content-Type: multipart/alternative; boundary=e89a8f3ba87fdfddf204d471ba57 Cc: webfinger@ietf.org, "Murray S. Kucherawy" Subject: Re: [webfinger] Working Group Last Call for draft-ietf-appsawg-webfinger-09 X-BeenThere: webfinger@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Discussion of the Webfinger protocol proposal in the Applications Area List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 18:40:39 -0000 --e89a8f3ba87fdfddf204d471ba57 Content-Type: text/plain; charset=ISO-8859-1 On 28 January 2013 19:13, Salvatore Loreto wrote: > Dear WG partecipants, > > > I would like to initiate a 2 weeks WG Last Call on > draft-ietf-appsawg-webfinger-09.txt ("WebFinger") > http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09.txt > > > Please send your reviews, as well as expression of support regarding > document readiness for IESG (or not) either to the **webfinger** mailing > list (webfinger@ietf.org), > or directly to the WG chairs (Murray Kucherawy and myself). > > Comments like "I've read the document and it is Ok to publish" or > "I've read the document and it has the following issues" > are useful and would be gratefully accepted by chairs. > I have read the document and I think the JRD should have it's own MIME type, which the client SHOULD send with the HTTP(S) GET. > > > The WG LC will end on Friday, February 8th. > > > Thank you, > Salvatore as an APPSAWG co-chair. > > > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger > > --e89a8f3ba87fdfddf204d471ba57 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On 28 January 2013 19:13, Salvatore Lore= to <salvatore.loreto@ericsson.com> wrote:
=20 =20 =20
Dear WG partecipants,


I would like to initiate a 2 weeks WG Last Call on
draft-ietf-appsawg-webfinger-09.txt ("WebFinger")
http://tools.ietf.org/id/draft-ietf-appsawg-webfinger-09= .txt


Please send your reviews, as well as expression of support regarding
document readiness for IESG (or not) either to the *web= finger* mailing list (webfinger@ietf= .org),
or directly to the WG chairs (Murray Kucherawy and myself).

Comments like "I've read the document and it is Ok to publish&= quot; or
"I've read the document and it has the following issues"<= br> are useful and would be gratefully accepted by chairs.

I have read the document and I think th= e JRD should have it's own MIME type, which the client SHOULD send with= the HTTP(S) GET.=A0
=A0


The WG LC will end on Friday, February 8th.


Thank you,
Salvatore as an APPSAWG co-chair.



_______________________________________________
webfinger mailing list
webfinger@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger


--e89a8f3ba87fdfddf204d471ba57--