Re: [webfinger] Vision for Webfinger - what are we doing?

167 views
Skip to first unread message

Brad Fitzpatrick

unread,
Oct 15, 2013, 1:32:45 PM10/15/13
to Eric Mill, webf...@ietf.org, webf...@googlegroups.com
Encrypted email: the MUA can discovery the user's public key before mailing, and encrypt it before it hits the first SMTP server.

Sending money with bitcoin: discovery the receipient's public wallet address from their email address, or an endpoint to generate a wallet address as a function of the sender.

etc

It makes email addresses readable for any use case, instead of just SMTP-writable.



On Mon, Oct 14, 2013 at 8:21 PM, Eric Mill <er...@konklone.com> wrote:
Hey all,

I was at a hackathon today, and spent the day working on Webfinger libraries for Sinatra and Jekyll. It was really productive, but -- at the end of the day, a reporter was there asking everybody questions about their projects. 

When he asked what Webfinger was for, I realized that the original easy-to-communicate killer app for Webfinger, easing universal login through OpenID, was dead. The only thing I could think to say was "Remember OpenID? Before it died? Well, this is a piece of the puzzle to putting something like that back together again."

That didn't feel like a very impressive answer. So, now that OpenID is dead, what's the one line explanation for why Webfinger is important? What's the path forward to making Webfinger something people are incentivized to support?

Should we be pushing really hard to resuscitate OpenID via OpenID Connect? Do we just need to wait for internal lobbying inside of Google/Microsoft/Twitter/etc to pay off in some announcement? I know Webfinger supports more than email lookup -- is there some particular killer app people were envisioning when they lobbied for that feature?

I'm so happy there's finally an RFC, after so many years. I recognize how much work was put in to make that happen, and this shouldn't be taken as a criticism of anyone. I just want to know what others see for the future of Webfinger, and what I should do next.

-- Eric

--

_______________________________________________
webfinger mailing list
webf...@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger


Melvin Carvalho

unread,
Oct 16, 2013, 7:28:20 AM10/16/13
to Eric Mill, webf...@ietf.org, webf...@googlegroups.com
On 15 October 2013 05:21, Eric Mill <er...@konklone.com> wrote:
Hey all,

I was at a hackathon today, and spent the day working on Webfinger libraries for Sinatra and Jekyll. It was really productive, but -- at the end of the day, a reporter was there asking everybody questions about their projects. 

When he asked what Webfinger was for, I realized that the original easy-to-communicate killer app for Webfinger, easing universal login through OpenID, was dead. The only thing I could think to say was "Remember OpenID? Before it died? Well, this is a piece of the puzzle to putting something like that back together again."

That didn't feel like a very impressive answer. So, now that OpenID is dead, what's the one line explanation for why Webfinger is important? What's the path forward to making Webfinger something people are incentivized to support?

Should we be pushing really hard to resuscitate OpenID via OpenID Connect? Do we just need to wait for internal lobbying inside of Google/Microsoft/Twitter/etc to pay off in some announcement? I know Webfinger supports more than email lookup -- is there some particular killer app people were envisioning when they lobbied for that feature?

I'm so happy there's finally an RFC, after so many years. I recognize how much work was put in to make that happen, and this shouldn't be taken as a criticism of anyone. I just want to know what others see for the future of Webfinger, and what I should do next.

When Brad created the great grand father of OpenID, codename Yadis, it actually had a web based discovery system called FOAF.  Even though FOAF got to a certain degree of popularity (several million users) users there was a point in time when it became less popular.  We dont really know the reason for this, but people say that the XML serialization was unwieldy, there was a lot of complexity baked in (e.g. OWL) and there was no standardization of privacy.

Whatever the reason, it simply fell out of fashion, particularly on the west coast, and a new system, XRD was created as a rival.  In truth XRD and FOAF data models (RDF) were very similar (both follow the subject / property / value model), but they were developed independently.  XRD became the basis of both OpenID and Webfinger.  Both FOAF and XRD now have JSON serializations which is where we get today's JRD, which I think many developers prefer.

Webfinger was originally conceived to get an XRD/JRD for an email address, but somewhere along the way, with multiple authors it become more generic as a general purpose discovery system, much like the technology behind FOAF.  In fact today the email use case (mailto:) is no longer is part of the core, and we have discovery on the new URI scheme acct: which Eran put in before he left.  There's many theories on why acct: was invented, but imho, it's because Eran worked out that an email address is the OBJECT of a data structure and not the SUBJECT, so we were missing a subject.  Since XRD has no query language, a term to create a subject needed to be created.  Hence we have acct:

The 5 years of discussion of webfinger mirror quite closely the first 5 years of discussion RDF (aka the semantic web aka web of data aka Linked Data).  The path towards a model where you have entities as URIs and key value pairs linked to them seems quite similar.

However, as of today, the world is slightly split by two systems that do more or less the same thing.  Sadly, they are not 100% compatible with each other at this time, RDF is a more powerful version of XRD, and I would say probably has more people developing it and adoption, particularly at enterprise level.

Things have move slightly closer together over time, and maybe the dream one day is to have a giant web based discovery system with webfinger being one important aspect, particularly for finding information on email addresses.  We'll have to wait and see!

Bob Wyman

unread,
Nov 1, 2013, 11:13:40 AM11/1/13
to Eric Mill, Paul E. Jones, webf...@ietf.org, WebFinger List
Eric, you wrote:
"Webfinger is a standard way to attach information to an email address. "

This isn't really accurate. It would be much better written as: "Webfinger provides a standard mechanism that can be used to associate data with an email address."

it is essential to understand that Webfinger is useful for much more than the single use-case you discuss.

bob wyman



On Fri, Nov 1, 2013 at 10:58 AM, Eric Mill <er...@konklone.com> wrote:
I channeled this into a blog post, if anyone's interested:


I imagine it's going to rankle some people who disagree with my prognosis that some things are dead, but it's how it feels from here. Webfinger needs rapid experimentation, high profile adoption, and the energy of the rest of the open web community.


On Wed, Oct 16, 2013 at 11:38 AM, Eric Mill <er...@konklone.com> wrote:
This is all helpful to hear, and I hope these all come to fruition, especially OpenID Connect. I'll take a stab at setting up my own OpenID Connect service on my domain and see how it feels.

I guess it's inevitable that we have to hope the big companies make a meaningful gesture, too. Giving Google's outdated Webfinger endpoint for Gmail a big update would be a great start.

On Tue, Oct 15, 2013 at 3:23 PM, Paul E. Jones <pau...@packetizer.com> wrote:
Eric,

OpenID is not entirely dead, yet.  I still run my own OpenID OP server and use it to log into some sites.  I still allow OpenID logins on forums.packetizer.com, too.  It's still in use, but the large sites just didn't have enough users using it, so they axed it.  On its heels, though, is now OpenID Connect and it will use WebFinger for discovery.  so, sure... push it :-)

Personally, I can think of a lot of good uses for WebFinger:
* When I log onto a web site, I want the site to grab my name an picture automatically.
* If I want somebody to send me bitcoins, I'd much rather give them my email address (and I do have that in my WF account)
* My contact info is published via WebFinger, so I don't have to give people a lot of info on a business card
* WebFinger will hopefully be used as the starting point for auto-provisioning of email clients or other devices and applications where one has to enter server and port information

Paul


On 10/14/2013 11:21 PM, Eric Mill wrote:
Hey all,

I was at a hackathon today, and spent the day working on Webfinger libraries for Sinatra and Jekyll. It was really productive, but -- at the end of the day, a reporter was there asking everybody questions about their projects. 

When he asked what Webfinger was for, I realized that the original easy-to-communicate killer app for Webfinger, easing universal login through OpenID, was dead. The only thing I could think to say was "Remember OpenID? Before it died? Well, this is a piece of the puzzle to putting something like that back together again."

That didn't feel like a very impressive answer. So, now that OpenID is dead, what's the one line explanation for why Webfinger is important? What's the path forward to making Webfinger something people are incentivized to support?

Should we be pushing really hard to resuscitate OpenID via OpenID Connect? Do we just need to wait for internal lobbying inside of Google/Microsoft/Twitter/etc to pay off in some announcement? I know Webfinger supports more than email lookup -- is there some particular killer app people were envisioning when they lobbied for that feature?

I'm so happy there's finally an RFC, after so many years. I recognize how much work was put in to make that happen, and this shouldn't be taken as a criticism of anyone. I just want to know what others see for the future of Webfinger, and what I should do next.

-- Eric

--
_______________________________________________
webfinger mailing list
webf...@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

_______________________________________________
webfinger mailing list
webf...@ietf.org
https://www.ietf.org/mailman/listinfo/webfinger

Melvin Carvalho

unread,
Nov 1, 2013, 11:14:29 AM11/1/13
to Eric Mill, Paul E. Jones, webf...@ietf.org, webf...@googlegroups.com
On 1 November 2013 15:58, Eric Mill <er...@konklone.com> wrote:
I channeled this into a blog post, if anyone's interested:


Nice post.  It's actually worth rereading Eran's post on this topic.  It's great that eran talks about http range 14.

+1 that your record has https

+1 that you set the mime type

I personally would *not* use the webfinger.net link relations, but reuse existing predicates such as FOAF, which passes W3C validation (e.g. vapour).  But you are free to choose what you prefer.

IMHO, decentralization didnt happen, we live in a more centralized web than ever.  Many people including Chris Messina advocated the host your own identity pattern, but slowly but surely, the concept was put more and more to the side.  At least openid in theory still allows it, even if the practice is very different.  Persona does not allow it at all.

You seem to suggest that webfinger is about getting information about email addresses, although that was the original idea, but it's not now.  It's about accounts at hosts, which is a subtle difference.  SWD was about email addresses.

Overall I find myself agreeing with most of what you say :)

Bob Wyman

unread,
Nov 1, 2013, 2:08:35 PM11/1/13
to Eric Mill, WebFinger List, Paul E. Jones, webf...@ietf.org



On Fri, Nov 1, 2013 at 11:49 AM, Eric Mill <er...@konklone.com> wrote:
I know I gloss over the non-email uses of Webfinger. It's just very far from my original understanding of WF, and I don't know any uses out there of WF for non-email URIs to mention.

Imagine that you were running a service like Twitter that has accounts but doesn't offer email service. In this case, you might use an acct: URI to allow data to be associated with names of your accounts. 

Imagine that you had a web page that allowed users to do some kind of a search or perform some function upon filling out a form. But, you also offered an API so that folk could write programs to accomplish the same function without parsing HTML, etc. -- if only they knew the API protocol or had a WSDL-like document describing it. In that case, you could use WebFinger to return a resource that described or pointed to the API that should be used with the page. (i.e. this would be like a simple, distributed version of UDDI...)

etc. the uses are endless...

 
FWIW, I was more precise in the definition I contributed to the front page of webfinger.net: "A way to attach information to an email address, or other online resource."

About the link relations (and maybe this should be a separate thread), when I was making sinatra-webfinger, I realized it was useful to start a little mapping file of keywords to best-practice URNs. That way, my configuration was just "name: 'Eric Mill'", etc.

Maybe it's worth factoring this out to its own tiny repo, and soliciting contributions? I think in practice, most admin and user interaction with Webfinger property names and link rel's should be through common names, not literally pasting in whole URNs. I honestly can't be bothered to remember them, or choose between them.

-- Eric


--
 

---
You received this message because you are subscribed to the Google Groups "WebFinger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webfinger+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
Reply all
Reply to author
Forward
0 new messages