Webfinger for providers who aren't email
6 views
Skip to first unread message
Eric Mill
May 24, 2010, 12:50:12 PM5/24/10
to webf...@googlegroups.com
A high level question about Webfinger - what value is there in a site
supporting Webfinger for their user accounts, if they're not an email
provider?
So for example, Facebook, or Twitter. Would this allow users to "sign
in with their Facebook account" in a standard way, that would be more
rich than getting a standard set of metadata through OAuth? And if
Facebook became an OpenID provider, then this too would be
discoverable through a Facebook user's Webfinger profile.
I'm also thinking more longterm - if we're using Salmon to federate
"replies" and "mentions", and allow people to reference other people
in a cross-service way, does it make sense to use Webfinger to figure
out who someone is talking about when they say that "Thanks to
jane@facebook for the link" or "Thanks to ja...@twitter.com" for the
link? Is it confusing to express a user's identity like that when
they don't actually have a Facebook or Twitter email address?
I feel this abstract sense that there's a lot of potential for
Webfinger outside of email providers, but I'm trying to figure out
some concrete uses for it.
-- Eric
supporting Webfinger for their user accounts, if they're not an email
provider?
So for example, Facebook, or Twitter. Would this allow users to "sign
in with their Facebook account" in a standard way, that would be more
rich than getting a standard set of metadata through OAuth? And if
Facebook became an OpenID provider, then this too would be
discoverable through a Facebook user's Webfinger profile.
I'm also thinking more longterm - if we're using Salmon to federate
"replies" and "mentions", and allow people to reference other people
in a cross-service way, does it make sense to use Webfinger to figure
out who someone is talking about when they say that "Thanks to
jane@facebook for the link" or "Thanks to ja...@twitter.com" for the
link? Is it confusing to express a user's identity like that when
they don't actually have a Facebook or Twitter email address?
I feel this abstract sense that there's a lot of potential for
Webfinger outside of email providers, but I'm trying to figure out
some concrete uses for it.
-- Eric
Bob Wyman
May 24, 2010, 1:36:34 PM5/24/10
to webf...@googlegroups.com
One immediately obvious use of the email-like identifiers supported by WebFinger would be Jabber/XMPP Instant Messaging ids. For instance: exa...@jabber.org is an IM handle but isn't necessarily an email handle.
The <name>@<domain> syntax may look like an email address since that is primarily how it has been used in the past (with the exception of XMPP and a few other examples) but all it really means is something like: This is a name which is managed by this domain... The ability to send email or XMPP messages using such a scoped name is not implied by its syntax, rather it is only facilitated by it. Just because a thing looks like an email address doesn't mean that it is. In theory, you should do a WebFinger lookup to figure out how to address mail once you're given something that follows this syntactical convention.
bob wyman
Eran Hammer-Lahav
May 24, 2010, 1:54:41 PM5/24/10
to webf...@googlegroups.com
The WebFinger narrative is really about using email addresses as identifiers and using HTTP instead of SMTP to "resolve" them. But when you take a higher level look at identity, you are really talking about identifier discovery (using the exact same flow), where the identifier can be an email address or an http URI (e.g. http://twitter.com/hueniverse).
We got a case of too many protocol names and components and no clear big picture. This will be sorted out soon as we finalize the remaining spec and the OAuth/OpenID communities figure out how to apply this to their work.
I don't see WebFinger lasting much longer as a protocol brand.
EHL
We got a case of too many protocol names and components and no clear big picture. This will be sorted out soon as we finalize the remaining spec and the OAuth/OpenID communities figure out how to apply this to their work.
I don't see WebFinger lasting much longer as a protocol brand.
EHL
Eric Mill
May 24, 2010, 3:25:46 PM5/24/10
to webf...@googlegroups.com
On Mon, May 24, 2010 at 1:54 PM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:
> The WebFinger narrative is really about using email addresses as identifiers and using HTTP instead of SMTP to "resolve" them. But when you take a higher level look at identity, you are really talking about identifier discovery (using the exact same flow), where the identifier can be an email address or an http URI (e.g. http://twitter.com/hueniverse).
Yeah, it's a higher level look at identity, but I wasn't necessarily
> The WebFinger narrative is really about using email addresses as identifiers and using HTTP instead of SMTP to "resolve" them. But when you take a higher level look at identity, you are really talking about identifier discovery (using the exact same flow), where the identifier can be an email address or an http URI (e.g. http://twitter.com/hueniverse).
saying the identifier could be an HTTP URI. I was suggesting we
overload the email address format to be a generic URI that points to a
user's account somewhere else. That would use the existing workflow
that Webfinger defines, and applying it outside of the scope of plain
email providers.
> We got a case of too many protocol names and components and no clear big picture. This will be sorted out soon as we finalize the remaining spec and the OAuth/OpenID communities figure out how to apply this to their work.
> I don't see WebFinger lasting much longer as a protocol brand.
wouldn't have written this email), but do you mean anything specific?
When you say WebFinger not lasting much longer as a protocol brand,
are you saying it'll be absorbed into something like OpenID Connect,
or that it'll retreat to be something lower profile in a more abstract
sense, or...?
-- Eric
David Recordon
May 24, 2010, 4:00:45 PM5/24/10
to webf...@googlegroups.com
I think something lower level via host-meta and LRDD. I think that WebFinger is a good brand, but its use case is getting subsumed into other more generic technologies.
--David
John Panzer
May 26, 2010, 8:09:34 PM5/26/10
to webf...@googlegroups.com
BTW, I think that in the long run most users will be using autocomplete against things like address books (or contextual autocomplete, e.g., against who's sent you messages and who's participated in a conversation thus far) and so they'd actually type "B-o-b-by" and get "b...@example.com" autocompleted for them, based on profile data. And they won't really care whether it says example.com/bob or b...@example.com as long as their software shows the right popup UI with a profile photo.
Reply all
Reply to author
Forward
0 new messages