--
---
You received this message because you are subscribed to the Google Groups "WebFinger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webfinger+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Nick, it's up and running now on webfist.org
but there's only one server (an EC2 instance we created Sunday) in one zone, run by one person (me). We'd really like to see instances run by a handful of people on a handful of reliable providers in different zones first, before we declare it as "stable".It also doesn't have an SSL cert yet.Blaine Cook said he's interested in running a node as well, but we then need to discuss how we load balance: if we do a DNS round-robin thing, then we all need the same SSL certs, and we have to trust that I continue to pay for the WebFist DNS on Amazon's Route 53 (which is pretty cheap). Likewise with domain renewal.Considering that I might get hit by a bus (or crash my motorcycle, or both), it's probably best to have a group of people own the domain name & DNS account(s). Nodes can come and go, as long as a group of people continue to update the DNS pool's IPs. I trust Amazon's Route 53 to stay around for awhile.We could just pay for the WebFist domain name for 10 or 20 years.
So what happens if the user’s mail provider does not use DKIM? Is there the option to send a verification email back to prove identity?
Paul
--
Great, I'll update webfinger.js with a configurable option to fallback to webfist.org on failure (on by default), and add your gmail account to the demo (if you don't mind).
Yeah, that’s a good reason to use DKIM. However, I’ve encountered a number of domains that do not properly sign messages. I’m not sure if any large domains were failing, but I did see a number of domains with verification errors on my mail server.
You might want is to allow a domain owner (e.g., Acme, Inc.) to install a policy that disallows use of WebFist. It might be that a company does not want to provide WF services (perish the thought!) and does not want its employees using alternative services with its domain to bypass its policy. Perhaps an email from an address like hostm...@acme.example could be used to allow/disallow use for the domain.
Another thing to consider is when Acme, Inc. does decide to support WF. If there were users that had delegated WF queries to some URI, that will break all of a sudden when Acme starts responding.
In the examples posted, I noted all delegation was to HTTP rather than HTTPS URIs. Some folks who insisted on HTTPS might not like the fact that the fallback does not use HTTPS. I understand the challenges in trying to explain that to users, but a “proper” WF client should not follow an HTTP URI.
Paul
CORS header should be:
Access-Control-Allow-Origin: *
Paul
From: webf...@googlegroups.com [mailto:webf...@googlegroups.com] On Behalf Of Brad Fitzpatrick
Sent: Tuesday, June 25, 2013 7:16 PM
To: webf...@googlegroups.com
Subject: Re: Bootstrapping decentralized discovery with WebFist
Right. We were talking about that the other day but forgot them.
Done.
--
There's not supposed to be anything to look at. WebFist will never return anything more than the URL of the actual webfinger document for an email address. It's not meant to replace webfinger, it only bootstraps it for domains that don't support it natively. If you want the avatar, links to blogs, etc, then follow the rel="http://webfist.org/spec/rel" link and find it there.
On Wed, Jun 26, 2013 at 2:50 AM, Will Norris <wi...@willnorris.com> wrote:
There's not supposed to be anything to look at. WebFist will never return anything more than the URL of the actual webfinger document for an email address. It's not meant to replace webfinger, it only bootstraps it for domains that don't support it natively. If you want the avatar, links to blogs, etc, then follow the rel="http://webfist.org/spec/rel" link and find it there.Doh! I think I must have overlooked that in the article. :)Will update webfinger.js to make this extra request after the webfist query.
I'm not concerned about users who can run their own server but can't set their own CORS headers. The level of technical competence and cost between those two is so small as to be uninteresting of a niche to worry about. That is: you can either run your own server (totally), or you can't.I figure "most" users (especially of WebFist) will use a hosted WebFinger provider. Just like most of us use a hosted email provider rather than running our own SMTP+IMAP servers, most users will use hosted WebFinger. Think of WebFist as an MX record. But instead of an MX on our own domain name, it's an MX redirection from gmail/facebook to my-webfinger.com or yapalets.ru or whatever.
I suspect most users will not be running their own servers, either. However, I can’t imagine any company finding a business model where they can make money running a WF server.
It might fit in well with Google+, for example, making that platform more feature-rich.
WF would be potentially useful inside the enterprise (er, business) and for sharing information between businesses (and the world, for that matter). Businesses might outsource the WF server like they do email, but that would still mean a domain that can control servers and DNS records.
WebFist appears to be targeting individuals or smaller companies that don’t have the ability or desire to run a WF server. Those folks will have to have some technical ability, though, as who would offer a service for them?
I believe Amazon S3 allows for CORS headers to be set for files and/or buckets. I’ve not checked that out too closely, but it seems like I did see something in the documentation about that.
Paul
From: webf...@googlegroups.com [mailto:webf...@googlegroups.com] On Behalf Of Brad Fitzpatrick
Sent: Tuesday, June 25, 2013 10:06 PM
To: webf...@googlegroups.com
Subject: Re: Bootstrapping decentralized discovery with WebFist
I'm not concerned about users who can run their own server but can't set their own CORS headers. The level of technical competence and cost between those two is so small as to be uninteresting of a niche to worry about. That is: you can either run your own server (totally), or you can't.
I should also say, it’s pretty easy to set CORS headers with Apache, too. The .htaccess file in the directory where the JRD files are located just needs to have a line like this:
Header set Access-Control-Allow-Origin "*"
Paul
Hey all,Here are the details on bootstrapping WebFinger with WebFist:http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html
Let us know what you think. Thanks,-Brett
On 25 June 2013 19:36, Brett Slatkin <bsla...@gmail.com> wrote:
Hey all,Here are the details on bootstrapping WebFinger with WebFist:http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.htmlLooks great. Would it be possible to use webfist with the traditional plain old email address user@host, as well as the newly proposed acct: scheme?
Hey all,Here are the details on bootstrapping WebFinger with WebFist:http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html
Let us know what you think. Thanks,-Brett
On 6/25/13 12:36 PM, Brett Slatkin wrote:I'm new here, so maybe this was discussed. I see a long term implementation issue with webfist.
Hey all,
Here are the details on bootstrapping WebFinger with WebFist:
http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html
Let us know what you think. Thanks,
-Brett
Suppose that my users begin adopting and relying on webfist, but I intend to directly implement webfinger next year. If I have hundreds or thousands of users depending on the results returned by webfist, then when I enable webfinger for my domain my service will immediately begin returning the incorrect results for all of those users. That will result in end-user complaints. Most importantly, I won't know which of my users will be affected by this change, so there is no way for me to warn them ahead of time.
So, I would need to query webfist for the results for every single one of my users in order to import the data into my service. Is that type of mass query going to be allowed by webfist?
Is webfist going to be the only service facilitating the role of bootstrapping webfinger? If not, I'll need to mass-query all of these bootstrapping services, right?
but there's only one server (an EC2 instance we created Sunday) in one zone, run by one person (me). We'd really like to see instances run by a handful of people on a handful of reliable providers in different zones first, before we declare it as "stable".It also doesn't have an SSL cert yet.Blaine Cook said he's interested in running a node as well, but we then need to discuss how we load balance: if we do a DNS round-robin thing, then we all need the same SSL certs, and we have to trust that I continue to pay for the WebFist DNS on Amazon's Route 53 (which is pretty cheap). Likewise with domain renewal.Considering that I might get hit by a bus (or crash my motorcycle, or both), it's probably best to have a group of people own the domain name & DNS account(s). Nodes can come and go, as long as a group of people continue to update the DNS pool's IPs. I trust Amazon's Route 53 to stay around for awhile.We could just pay for the WebFist domain name for 10 or 20 years.On Tue, Jun 25, 2013 at 1:28 PM, Nick Jennings <ni...@silverbucket.net> wrote:
This is great stuff Brett (and Brad)! Thanks for sharing. I had some similar ideas about this recently (though I didn't get as far with the concept, especially with the proofs), and I'm glad to see someone has already gotten something working.
Is this going to be up and running any time soon? I will update webfinger.js[1] to use webfirst as a fallback as soon as it's ready.
[1] http://silverbucket.github.io/webfinger.js/demo/
On Tue, Jun 25, 2013 at 7:36 PM, Brett Slatkin <bsla...@gmail.com> wrote:
Hey all,Here are the details on bootstrapping WebFinger with WebFist:http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html
Let us know what you think. Thanks,-Brett
--
---
You received this message because you are subscribed to the Google Groups "WebFinger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webfinger+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
---
You received this message because you are subscribed to the Google Groups "WebFinger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webfinger+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
I'll try to do it this weekend.
Very cool! Next, it would be cool to create some kind of profile-like page with the information that is discovered :-)
I tried using curl at the command line on the https URI that you reported to be failing and I’m getting a connection refused. You really see cert errors? What I see looks more like port 443 not listening for traffic.
Paul
From: webf...@googlegroups.com [mailto:webf...@googlegroups.com] On Behalf Of Will Norris
Sent: Saturday, June 29, 2013 12:14 AM
To: webf...@googlegroups.com
Subject: Re: Bootstrapping decentralized discovery with WebFist
that'd be great, thanks! I've got webfist support live on client.webfinger.net now... http://client.webfinger.net/lookup?resource=wnorris%40gmail.com
Very cool! Next, it would be cool to create some kind of profile-like page with the information that is discovered :-)
I tried using curl at the command line on the https URI that you reported to be failing and I’m getting a connection refused. You really see cert errors? What I see looks more like port 443 not listening for traffic.
For those not familiar with WebFinger, it does not always immediately click. A visual example goes a long way in producing that “Ah! Ha!” moment. But then having the stuff you have here now is good for those who want to understand how it works. I’m not sure how to present it, but perhaps something similar to what Nick has:
http://silverbucket.github.io/webfinger.js/demo/
Or, perhaps refer people to that page?