draft-jones-appsawg-webfinger-05.txt   draft-jones-appsawg-webfinger-06.txt 
Network Working Group Paul E. Jones Network Working Group Paul E. Jones
Internet Draft Gonzalo Salgueiro Internet Draft Gonzalo Salgueiro
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: November 21, 2012 Joseph Smarr Expires: December 18, 2012 Joseph Smarr
Google Google
May 21, 2012 June 18, 2012
WebFinger WebFinger
draft-jones-appsawg-webfinger-05.txt draft-jones-appsawg-webfinger-06.txt
Abstract Abstract
This specification defines the WebFinger protocol. WebFinger may be This specification defines the WebFinger protocol. WebFinger may be
used to discover information about people on the Internet, such as a used to discover information about people on the Internet, such as a
person's personal profile address, identity service, telephone person's personal profile address, identity service, telephone
number, or preferred avatar. WebFinger may also be used to learn number, or preferred avatar. WebFinger may also be used to learn
information about objects on the network, such as the amount of toner information about objects on the network, such as the amount of toner
in a printer or the physical location of a server. in a printer or the physical location of a server.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 21, 2012. This Internet-Draft will expire on December 18, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................2 1. Introduction...................................................2
2. Terminology....................................................3 2. Terminology....................................................3
3. Example Uses of WebFinger......................................3 3. Overview.......................................................3
3.1. Locating a User's Blog....................................3 4. Example Uses of WebFinger......................................4
3.2. Retrieving a Person's Contact Information.................5 4.1. Locating a User's Blog....................................4
3.3. Simplifying the Login Process.............................6 4.2. Retrieving a Person's Contact Information.................7
3.4. Retrieving Device Information.............................7 4.3. Simplifying the Login Process.............................8
4. WebFinger Protocol.............................................8 4.4. Retrieving Device Information.............................9
4.1. Performing a WebFinger Query..............................8 5. WebFinger Protocol............................................10
4.2. The Web Host Metadata "resource" Parameter................9 5.1. Performing a WebFinger Query.............................10
4.3. The Web Host Metadata "rel" Parameter....................11 5.2. The Web Host Metadata "resource" Parameter...............11
5. The "acct" URI................................................12 5.3. The Web Host Metadata "rel" Parameter....................13
5.1. Using the "acct" URI.....................................12 5.4. WebFinger and URIs.......................................14
5.2. Syntax of "acct" URI.....................................13 6. The "acct" URI................................................15
6. The "acct" Link Relation......................................13 7. The "acct" Link Relation......................................16
6.1. Purpose for the "acct" Link Relation.....................13 7.1. Purpose for the "acct" Link Relation.....................16
6.2. Example Message Exchange Using the "acct" Link Relation..14 7.2. Example Message Exchange Using the "acct" Link Relation..16
7. Cross-Origin Resource Sharing (CORS)..........................15 8. Cross-Origin Resource Sharing (CORS)..........................17
8. Security Considerations.......................................15 9. Controlling Access to Information.............................17
9. IANA Considerations...........................................16 10. Implementation Notes (Non-Normative).........................18
9.1. Registration of the "acct" URI scheme name...............17 11. Security Considerations......................................18
9.2. Registration of the "acct" Link Relation Type............17 12. IANA Considerations..........................................19
10. Acknowledgments..............................................18 12.1. Registration of the "acct" URI scheme name..............19
11. References...................................................18 12.2. Registration of the "acct" Link Relation Type...........20
11.1. Normative References....................................18 13. Acknowledgments..............................................20
11.2. Informative References..................................19 14. References...................................................20
Author's Addresses...............................................20 14.1. Normative References....................................20
14.2. Informative References..................................21
Author's Addresses...............................................22
1. Introduction 1. Introduction
There is a utility found on UNIX systems called "finger" [14] that There is a utility found on UNIX systems called "finger" [15] that
allows a person to access information about another person. The allows a person to access information about another person. The
information being queried might be on a computer anywhere in the information being queried might be on a computer anywhere in the
world. The information returned via "finger" is simply a plain text world. The information returned via "finger" is simply a plain text
file that contains unstructured information provided by the queried file that contains unstructured information provided by the queried
user. user.
WebFinger borrows the concept of the legacy finger protocol, but WebFinger borrows the concept of the legacy finger protocol, but
introduces a very different approach to sharing information. Rather introduces a very different approach to sharing information. Rather
than returning a simple unstructured text file, Webfinger uses than returning a simple unstructured text file, Webfinger uses
structured documents that contain link relations. These link structured documents that contain link relations. These link
skipping to change at page 3, line 24 skipping to change at page 3, line 26
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in RFC 2119 [1].
WebFinger makes heavy use of "Link Relations". Briefly, a Link WebFinger makes heavy use of "Link Relations". Briefly, a Link
Relation is an attribute and value pair used on the Internet wherein Relation is an attribute and value pair used on the Internet wherein
the attribute identifies the type of link to which the associated the attribute identifies the type of link to which the associated
value refers. In Hypertext Transfer Protocol (HTTP) [2] and Web value refers. In Hypertext Transfer Protocol (HTTP) [2] and Web
Linking [3], the attribute is a "rel" and the value is an "href". Linking Error! Reference source not found., the attribute is a "rel"
and the value is an "href".
3. Example Uses of WebFinger 3. Overview
WebFinger enables the discovery of information about accounts,
devices, and other entities that are associated with web-accessible
domains. In essence, there are two steps to discovering such
information:
1. By querying the domain itself, one can find out how to discover
information about accounts, devices, and other associated with
that domain.
2. By then querying an entity at the domain, one will find links to
more detailed information, which can then be queried individually.
To enable such functionality, WebFinger makes heavy use of well-known
URIs as defined in RFC 5785 [3] and "Link Relations" as defined in
RFC 5988 [3]. Briefly, a link is a typed connection between two web
resources that are identified by Internationalized Resource
Identifiers (IRIs) [14]; this connection consists of a context IRI, a
link relation type, a target IRI, and optionally some target
attributes, resulting in statements of the form "{context IRI} has a
{relation type} resource at {target IRI}, which has {target
attributes}". When used in the Link HTTP header, the context IRI is
the IRI of the requested resource, the relation type is the value of
the "rel" parameter, the target IRI is URI-Reference contained in the
Link header, and the target attributes are the parameters such as
"hreflang", "media", "title", "title*", "type", and any other link-
extension parameters.
Thus the framework for WebFinger consists of several building blocks:
1. To query the domain, one requests a web host metadata file [10]
located at a well-known URI of /.well-known/host-meta at the
domain of interest.
2. The web server at the domain returns an Extensible Resource
Descriptor (XRD) or a JavaScript Object Notation (JSON) Resource
Descriptor (JRD) document, including a Link-based Resource
Descriptor Document (LRDD) link relation.
3. To discover information about accounts, devices, or other entities
associated with the domain, one requests the actual Link-based
Resource Descriptor Document associated with a particular URI at
the domain (e.g., an 'acct' URI, 'http' URI', or 'mailto' URI).
4. The web server at the domain returns an XRD or JRD document about
the requested URI, which includes specialized link relations
pointing to resources that contain more detailed information about
the entity.
This model is illustrated in the examples under Section 4, then
described more formally under Section 5. Note that steps 2 and 3
above may be accomplished simultaneously by utilizing the "resource"
parameter defined in Section 5.2.
4. Example Uses of WebFinger
In this section, we describe just a few sample uses for WebFinger and In this section, we describe just a few sample uses for WebFinger and
show what the protocol looks like. This is not an exhaustive list of show what the protocol looks like. This is not an exhaustive list of
possible uses and the entire section should be considered non- possible uses and the entire section should be considered non-
normative. The list of potential use cases is virtually unlimited normative. The list of potential use cases is virtually unlimited
since a user can share any kind of machine-consumable information via since a user can share any kind of machine-consumable information via
WebFinger. WebFinger.
3.1. Locating a User's Blog 4.1. Locating a User's Blog
Assume you receive an email from Bob and he refers to something he Assume you receive an email from Bob and he refers to something he
posted on his blog, but you do not know where Bob's blog is located. posted on his blog, but you do not know where Bob's blog is located.
It would be simple to discover the address of Bob's blog if he makes It would be simple to discover the address of Bob's blog if he makes
that information available via WebFinger. that information available via WebFinger.
Let's assume your email client discovers that blog automatically for Let's assume your email client discovers that blog automatically for
you. After receiving the message from Bob (bob@example.com), your you. After receiving the message from Bob (bob@example.com), your
email client performs the following steps behind the scenes. email client performs the following steps behind the scenes.
First, it tries to get the host metadata [9] information for the First, it tries to get the host metadata [10] information for the
domain example.com. It does this by issuing the following HTTPS domain example.com. It does this by issuing the following HTTPS
query to example.com: query to example.com:
GET /.well-known/host-meta HTTP/1.1 GET /.well-known/host-meta HTTP/1.1
Host: example.com Host: example.com
The server replies with an XRD [8] document: The server replies with an XRD [9] document:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
Content-Type: application/xrd+xml; charset=UTF-8 Content-Type: application/xrd+xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
<Link rel="lrdd" <Link rel="lrdd"
type="application/xrd+xml" type="application/xrd+xml"
template="https://example.com/lrdd/?uri={uri}"/> template="https://example.com/lrdd/?uri={uri}"/>
</XRD> </XRD>
The client then processes the received XRD in accordance with the Web The client then processes the received XRD in accordance with the Web
Host Metadata [9] procedures. The client will see the LRDD link Host Metadata [10] procedures. The client will see the LRDD link
relation and issue a query with the user's account URI [5]. (The relation and issue a query with the user's account URI [6] or other
Account URI is discussed in Section 4.2.) The query might look like URI that serves as an alias for the account. (The account URI is
this: discussed in Section 4.2.) The query might look like this:
GET /lrdd/?uri=acct%3Abob%40example.com HTTP/1.1 GET /lrdd/?uri=acct%3Abob%40example.com HTTP/1.1
Host: example.com Host: example.com
The server might then respond with a message like this: The server might then respond with a message like this:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
Content-Type: application/xrd+xml; charset=UTF-8 Content-Type: application/xrd+xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"> <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
<Expires>2012-03-13T20:56:11Z</Expires> <Expires>2012-03-13T20:56:11Z</Expires>
<Subject>acct:bob@example.com</Subject> <Subject>acct:bob@example.com</Subject>
<Alias>http://www.example.com/~bob/</Alias>
<Link rel="http://webfinger.net/rel/avatar" <Link rel="http://webfinger.net/rel/avatar"
href="http://www.example.com/~bob/bob.jpg"/> href="http://www.example.com/~bob/bob.jpg"/>
<Link rel="http://webfinger.net/rel/profile-page" <Link rel="http://webfinger.net/rel/profile-page"
href="http://www.example.com/~bob/"/> href="http://www.example.com/~bob/"/>
<Link rel="http://packetizer.com/rel/blog" <Link rel="http://packetizer.com/rel/blog"
href="http://blogs.example.com/bob/"/> href="http://blogs.example.com/bob/"/>
</XRD> </XRD>
The email client might take note of the "blog" link relation in the The email client might take note of the "blog" link relation in the
above XRD document that refers to Bob's blog. This URL would then be above XRD document that refers to Bob's blog. This URL would then be
presented to you so that you could then visit his blog. presented to you so that you could then visit his blog.
The email client might also note that Bob has published an avatar The email client might also note that Bob has published an avatar
link relation and use that picture to represent Bob inside the email link relation and use that picture to represent Bob inside the email
client. client.
3.2. Retrieving a Person's Contact Information Note in the above example that an alias is provided that can also be
used to return information about the user's account. Had the "http:"
URI been used to query for information about Bob, the query would
have appeared as:
GET /lrdd/?uri= http%3A%2F%2Fwww.example.com%2F~bob%2F HTTP/1.1
Host: example.com
The response would have been substantially the same, with the subject
and alias information changed as necessary. Other information, such
as the expiration time might also change, but the set of link
relations and properties would be the same with either response.
Let's assume, though, that for the above query the client requested a
JRD representation for the resource rather than an XRD
representation. In that case, the response would have been:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=UTF-8
{
"expires" : "2012-03-13T20:56:11Z",
"subject" : "http://www.example.com/~bob/",
"aliases" :
[
"acct:bob@example.com"
],
"links" :
[
{
"rel" : "http://webfinger.net/rel/avatar",
"href" : "http://www.example.com/~bob/bob.jpg"
},
{
"rel" : "http://webfinger.net/rel/profile-page",
"href" : "http://www.example.com/~bob/"
},
{
"rel" : "http://packetizer.com/rel/blog",
"href" : "http://blogs.example.com/bob/"
}
]
}
4.2. Retrieving a Person's Contact Information
Assume you have Alice in your address book, but her phone number Assume you have Alice in your address book, but her phone number
appears to be invalid. You could use WebFinger to find her current appears to be invalid. You could use WebFinger to find her current
phone number and update your address book. phone number and update your address book.
Let's assume you have a web-based address book that you wish to Let's assume you have a web-based address book that you wish to
update. When you instruct the address book to pull Alice's current update. When you instruct the address book to pull Alice's current
contact information, the address book might issue a query like this contact information, the address book might issue a query like this
to get host metadata information for example.com: to get host metadata information for example.com:
GET /.well-known/host-meta.json HTTP/1.1 GET /.well-known/host-meta.json HTTP/1.1
Host: example.com Host: example.com
Note the address book is looking for a JSON [4] representation, Note the address book is looking for a JSON [5] representation,
whereas we used XML in the previous example. whereas we used XML in the previous example.
The server might reply with something like this: The server might reply with something like this:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
Content-Type: application/json; charset=UTF-8 Content-Type: application/json; charset=UTF-8
{ {
"links" : "links" :
[ [
{ {
"rel" : "lrdd", "rel" : "lrdd",
"type" : "application/json", "type" : "application/json",
"template" : "template" :
"https://example.com/lrdd/?format=json&uri={uri}" "https://example.com/lrdd/?format=json&uri={uri}"
} }
] ]
} }
The client processes the response as described in RFC 6415 [9]. It The client processes the response as described in RFC 6415 [10]. It
will process the LRDD link relation using Alice's account URI by will process the LRDD link relation using Alice's account URI by
issuing this query: issuing this query:
GET /lrdd/?format=json&uri=acct%3Aalice%40example.com HTTP/1.1 GET /lrdd/?format=json&uri=acct%3Aalice%40example.com HTTP/1.1
Host: example.com Host: example.com
The server might return a response like this: The server might return a response like this:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
skipping to change at page 6, line 19 skipping to change at page 8, line 22
"rel" : "http://webfinger.net/rel/avatar", "rel" : "http://webfinger.net/rel/avatar",
"href" : "http://example.com/~alice/alice.jpg" "href" : "http://example.com/~alice/alice.jpg"
}, },
{ {
"rel" : "vcard", "rel" : "vcard",
"href" : "http://example.com/~alice/alice.vcf" "href" : "http://example.com/~alice/alice.vcf"
} }
] ]
} }
With this response, the address book might see the vcard [16] link With this response, the address book might see the vcard [17] link
relation and use that file to offer you updated contact information. relation and use that file to offer you updated contact information.
3.3. Simplifying the Login Process 4.3. Simplifying the Login Process
OpenID (http://www.openid.net) is great for allowing users to log OpenID (http://www.openid.net) is great for allowing users to log
into a web site, though one criticism is that it is challenging for into a web site, though one criticism is that it is challenging for
users to remember the URI they are assigned. WebFinger can help users to remember the URI they are assigned. WebFinger can help
address this issue by allowing users to use user@domain-style address this issue by allowing users to use user@domain-style
addresses. Using a user's account URI, a web site can perform a addresses. Using a user's account URI, a web site can perform a
query to discover the associated OpenID identifier for a user. query to discover the associated OpenID identifier for a user.
Let's assume Carol is trying to use OpenID to log into a blog. The Let's assume Carol is trying to use OpenID to log into a blog. The
blog server might issue the following query to get the host metadata blog server might issue the following query to get the host metadata
skipping to change at page 7, line 39 skipping to change at page 9, line 41
"rel" : "http://specs.openid.net/auth/2.0/provider", "rel" : "http://specs.openid.net/auth/2.0/provider",
"href" : "https://openid.example.com/carol" "href" : "https://openid.example.com/carol"
} }
] ]
} }
At this point, the blog server knows that Carol's OpenID identifier At this point, the blog server knows that Carol's OpenID identifier
is https://openid.example.com/carol and could then proceed with the is https://openid.example.com/carol and could then proceed with the
login process as usual. login process as usual.
3.4. Retrieving Device Information 4.4. Retrieving Device Information
While the examples thus far have been focused on information about While the examples thus far have been focused on information about
humans, WebFinger does not limit queries to only those that use the humans, WebFinger does not limit queries to only those that use the
account URI scheme. Any URI scheme that contains domain information account URI scheme. Any URI scheme that contains domain information
MAY be used with WebFinger. Let's suppose there are devices on the MAY be used with WebFinger. Let's suppose there are devices on the
network like printers and you would like to check the current toner network like printers and you would like to check the current toner
level for a particular printer identified via the URI like level for a particular printer identified via the URI like
device:p1.example.com. While the "device" URI scheme is not device:p1.example.com. While the "device" URI scheme is not
presently specified, we use it here for illustrative purposes. presently specified, we use it here for illustrative purposes.
Following the procedures similar to those above, a query may be Following the procedures similar to those above, a query may be
issued to get link relations specific to this URI like this: issued to get link relations specific to this URI like this:
GET /lrdd/?format=json&uri=device%3Ap1.example.com HTTP/1.1 GET /lrdd/?format=json&uri=device%3Ap1.example.com HTTP/1.1
Host: example.com Host: example.com
The link relations that are returned may be quite different than The link relations that are returned may be quite different than
those for human users. Perhaps we may see a response like this: those for user accounts. Perhaps we may see a response like this:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
Content-Type: application/json; charset=UTF-8 Content-Type: application/json; charset=UTF-8
{ {
"subject" : "device:p1.example.com", "subject" : "device:p1.example.com",
"links" : "links" :
[ [
{ {
"rel" : "tipsi", "rel" : "tipsi",
"href" : "http://192.168.1.5/npap/" "href" : "http://192.168.1.5/npap/"
} }
] ]
} }
While this example is entirely fictitious, you can imagine that While this example is entirely fictitious, you can imagine that
perhaps the Transport Independent, Printer/System Interface [18] may perhaps the Transport Independent, Printer/System Interface [19] may
be enhanced with a web interface that allows a device that be enhanced with a web interface that allows a device that
understands the TIP/SI web interface specification to query the understands the TIP/SI web interface specification to query the
printer for toner levels. printer for toner levels.
4. WebFinger Protocol 5. WebFinger Protocol
WebFinger does not actually introduce a new protocol, per se. WebFinger does not actually introduce a new protocol, per se.
Rather, it builds upon the existing Web Host Metadata [9] Rather, it builds upon the existing Web Host Metadata [10]
specification and leverages the Cross-Origin Resource Sharing (CORS) specification and leverages the Cross-Origin Resource Sharing (CORS)
[7] specification. [8] specification.
4.1. Performing a WebFinger Query 5.1. Performing a WebFinger Query
The first step a client must perform in executing a WebFinger query The first step a client must perform in executing a WebFinger query
is to query for the host metadata using HTTPS or HTTP. The is to query for the host metadata using HTTPS or HTTP. The
procedures are defined in the Web Host Metadata [9] specification. procedures are defined in the Web Host Metadata [10] specification.
WebFinger clients MUST locate the LRDD link relation, if present, and WebFinger clients MUST locate the LRDD link relation, if present, and
perform a query for that link relation, if present. All other link perform a query for that link relation, if present. All other link
templates found must be processed to form a complete resource templates found must be processed to form a complete resource
descriptor. The processing rules in Section 4.2 of RFC 6415 MUST be descriptor. The processing rules in Section 4.2 of RFC 6415 MUST be
followed. followed.
WebFinger servers MUST accept requests for both XRD [8] and JRD [9] WebFinger servers MUST accept requests for both XRD [9] and JRD [10]
documents. The default representation returned by the server MUST be documents. The default representation returned by the server MUST be
an XRD document, but a JRD document MUST be returned if the client an XRD document, but a JRD document MUST be returned if the client
explicitly requests it by using /.well-known/host-meta.json or explicitly requests it by using /.well-known/host-meta.json or
includes an Accept header in the HTTP request with a type of includes an Accept header in the HTTP request with a type of
"application/json" [4]. "application/json" [5].
If the client requests a JRD document when querying for host If the client requests a JRD document when querying for host
metadata, the WebFinger server can assume that the client will want a metadata, the WebFinger server can assume that the client will want a
JRD documents when querying the LRDD resource. As such, when the JRD documents when querying the LRDD resource. As such, when the
WebFinger server returns a JRD document containing host metadata it WebFinger server returns a JRD document containing host metadata it
should include a URI for an LRDD resource that can return a JRD should include a URI for an LRDD resource that can return a JRD
document and MAY include a URI for an LRDD resource that will return document and MAY include a URI for an LRDD resource that will return
an XRD document. an XRD document.
If the client queries the LRDD resource and provides a URI for which If the client queries the LRDD resource and provides a URI for which
the server has no information, the server MUST return a 404 status the server has no information, the server MUST return a 404 status
code. Likewise, any query to a URI in the resource descriptor that code. Likewise, any query to a URI in the resource descriptor that
is unknown to the server MUST result in the server returning a 404 is unknown to the server MUST result in the server returning a 404
status code. status code.
WebFinger servers MAY include cache validators in a response to WebFinger servers MAY include cache validators in a response to
enable conditional requests by clients and/or expiration times as per enable conditional requests by clients and/or expiration times as per
RFC 2616 section 13. RFC 2616 section 13.
4.2. The Web Host Metadata "resource" Parameter 5.2. The Web Host Metadata "resource" Parameter
In addition to the normal processing logic for processing host In addition to the normal processing logic for processing host
metadata information, WebFinger defines the "resource" parameter for metadata information, WebFinger defines the "resource" parameter for
querying for host metadata and returning all of the link relations querying for host metadata and returning all of the link relations
from LRDD and other resource-specific link templates in a single from LRDD and other resource-specific link templates in a single
query. This resource essentially pushes the work to the server to query. This resource essentially pushes the work to the server to
form a complete resource descriptor for the specified resource. form a complete resource descriptor for the specified resource.
WebFinger servers compliant with this specification MUST support for WebFinger servers compliant with this specification MUST support for
the "resource" parameter as a means of improving performance and the "resource" parameter as a means of improving performance and
skipping to change at page 11, line 16 skipping to change at page 13, line 20
"href" : "http://example.com/john" "href" : "http://example.com/john"
}, },
{ {
"rel" : "author", "rel" : "author",
"href" : "http://example.com/author?\ "href" : "http://example.com/author?\
q=http%3A%2F%2Fexample.com%2Fxy" q=http%3A%2F%2Fexample.com%2Fxy"
} }
] ]
} }
4.3. The Web Host Metadata "rel" Parameter 5.3. The Web Host Metadata "rel" Parameter
WebFinger also defines the "rel" parameter for use when querying for WebFinger also defines the "rel" parameter for use when querying for
host metadata. It is used to return a subset of the information that host metadata. It is used to return a subset of the information that
would otherwise be returned without the "rel" parameter. When the would otherwise be returned without the "rel" parameter. When the
"rel" parameter is used, only the link relations that match the "rel" parameter is used, only the link relations that match the
space-separated list of link relations provided via "rel" are space-separated list of link relations provided via "rel" are
included in the list of links returned in the resource descriptor. included in the list of links returned in the resource descriptor.
All other information normally present in a resource descriptor is All other information normally present in a resource descriptor is
present in the resource descriptor, even when "rel" is employed. present in the resource descriptor, even when "rel" is employed.
skipping to change at page 12, line 36 skipping to change at page 14, line 41
In the event that a client requests links for link relations that are In the event that a client requests links for link relations that are
not defined for the specified resource, a resource descriptor MUST be not defined for the specified resource, a resource descriptor MUST be
returned, void of any links. When a JRD is returned, the "links" returned, void of any links. When a JRD is returned, the "links"
array MAY be either absent or empty. The server MUST NOT return a array MAY be either absent or empty. The server MUST NOT return a
404 status code when a particular link relation specified via "rel" 404 status code when a particular link relation specified via "rel"
is not defined for the resource, as a 404 status code is reserved for is not defined for the resource, as a 404 status code is reserved for
indicating that the resource itself (e.g., as indicated via the indicating that the resource itself (e.g., as indicated via the
"resource" parameter) does not exist. "resource" parameter) does not exist.
5. The "acct" URI 5.4. WebFinger and URIs
The Web Host Metadata specification [9] allows for any kind of Requests for both LRDD documents and hostmeta files can include a
resource to be queried, as does WebFinger. However, a specific type parameter specifying the URI of an account, device, or other entity
of resource is needed in order to query information about a human (for LRDD this is the "uri" parameter as defined by the operative XRD
user. or JRD template, for hostmeta this is the "resource" parameter).
WebFinger itself is agnostic regarding the scheme of such a URI: it
could be an "acct" URI as defined in the next section, an "http" or
"https" URI, a "mailto" URI, or some other scheme.
WebFinger uses the "acct" URI to refer to a human user's account on For resources associated with a user account at a domain, use of the
the Internet. While other URI scheme MAY be used to query for "acct" URI scheme is RECOMMENDED, since it explicitly identifies an
information related to a human user, other schemes are not explicitly account accessible via WebFinger. Further, the "acct" URI scheme is
defined for that purpose. not associated other protocols as, by way of example, the "mailto"
URI scheme is associated with email. Since not every domain offers
email service, using the "mailto" URI scheme is not ideal for
identifying user accounts across all domains. That said, use of the
"mailto" URI scheme would be ideal for use with WebFinger to discover
mail server configuration information for a user, for example.
5.1. Using the "acct" URI A domain MAY utilize one or more URIs that serve as aliases for the
user's account, such as URIs that use the "http" URI scheme. A
WebFinger server MUST return substantially the same response to both
an "acct" URI and any alias URI for the account, including the same
set of link relations and properties. In addition, the server SHOULD
include the entire list aliases for the user's account in the XRD or
JRD.
6. The "acct" URI
The "acct" URI takes a familiar form in looking like an email The "acct" URI takes a familiar form in looking like an email
address. However, the account URI is not an email address and should address. However, the account URI is not an email address and should
not be mistaken for one. Quite often, the account URI minus the not be mistaken for one. Quite often, the account URI minus the
"acct:" scheme prefix may be exactly the same as the user's email "acct:" scheme prefix may be exactly the same as the user's email
address. address.
A user MUST NOT be required to enter the "acct" URI scheme name along
with his account identifier into any WebFinger client. Rather, the
WebFinger client MUST accept identifiers that are void of the "acct:"
portion of the identifier. Composing a properly formatted "acct" URI
is the responsibility of the WebFinger client.
A user MAY provide a fully-specified "acct" URI.
5.2. Syntax of "acct" URI
The "acct" URI syntax is defined here in Augmented Backus-Naur Form The "acct" URI syntax is defined here in Augmented Backus-Naur Form
(ABNF) [6] and borrows syntax elements from RFC 3986 [5]: (ABNF) [7] and borrows syntax elements from RFC 3986 [6]:
acctURI = "acct:" userpart "@" domainpart acctURI = "acct:" userpart "@" domainpart
userpart = 1*( unreserved / pct-encoded ) userpart = 1*( unreserved / pct-encoded )
domainpart = domainlabel 1*( "." domainlabel) domainpart = domainlabel 1*( "." domainlabel)
domainlabel = alphanum / alphanum *( alphanum / "-" ) alphanum domainlabel = alphanum / alphanum *( alphanum / "-" ) alphanum
alphanum = ALPHA / DIGIT alphanum = ALPHA / DIGIT
The "acct" URI scheme allows any character from the Unicode [11] The "acct" URI scheme allows any character from the Unicode [12]
character set encoded as a UTF-8 [19] string that is then percent- character set encoded as a UTF-8 [20] string that is then percent-
encoded as necessary into valid ASCII [20]. Characters in the encoded as necessary into valid ASCII [21]. Characters in the
domainpart must be encoded to support internationalized domain names domainpart must be encoded to support internationalized domain names
(IDNs) [12]. (IDNs) [13].
Characters in the userpart or domainpart that are not unreserved must Characters in the userpart or domainpart that are not unreserved must
be percent-encoded when used in a protocol or document that only be percent-encoded when used in a protocol or document that only
supports or requires ASCII. When carried in a document (e.g., XRD or supports or requires ASCII. When carried in a document (e.g., XRD or
JRD) or protocol that supports the Unicode character set (e.g., UTF-8 JRD) or protocol that supports the Unicode character set (e.g., UTF-8
or UTF-16 [21]), the URI strings may appear in the protocol or or UTF-16 [22]), the URI strings may appear in the protocol or
document's native encoding without percent-encoding. Such usage of a document's native encoding without percent-encoding. Such usage of a
URI is commonly referred to as an Internationalized Resource URI is commonly referred to as an Internationalized Resource
Identifier (IRI). Conversion between an IRI and URI is described in Identifier (IRI). Conversion between an IRI and URI is described in
Section 3 of RFC 3987 [13]. Section 3 of RFC 3987 [14].
6. The "acct" Link Relation 7. The "acct" Link Relation
6.1. Purpose for the "acct" Link Relation 7.1. Purpose for the "acct" Link Relation
Users of some services might have an "acct" URI that looks Users of some services might have an "acct" URI that looks
significantly different from his or her email address, perhaps using significantly different from his or her email address, perhaps using
an entirely different domain name. It is also possible for a user an entirely different domain name. It is also possible for a user
have multiple accounts that a user wants to advertise and that a have multiple accounts that a user wants to advertise and that a
WebFinger client may want to query. To address both of these needs, WebFinger client may want to query. To address both of these needs,
this specification defines the "acct" link relation. this specification defines the "acct" link relation.
Since an account may make a reference to one or more different Since an account may make a reference to one or more different
accounts, WebFinger clients MUST take steps to avoid loops wherein accounts, WebFinger clients MUST take steps to avoid loops wherein
two accounts, directly or indirectly, refer the client to each other. two accounts, directly or indirectly, refer the client to each other.
There are no limits on the number of "acct" link relations that might There are no limits on the number of "acct" link relations that might
be returned in a WebFinger query. be returned in a WebFinger query.
An "acct" link relation used within the context of a WebFinger query An "acct" link relation used within the context of a WebFinger query
for a user's account MUST NOT return "acct" link relations for for a user's account MUST NOT return "acct" link relations for
another individual. another individual.
6.2. Example Message Exchange Using the "acct" Link Relation 7.2. Example Message Exchange Using the "acct" Link Relation
Consider the following non-normative example. Consider the following non-normative example.
Suppose Alice receives an email from bob@example.net. While Bob's Suppose Alice receives an email from bob@example.net. While Bob's
email identifier might be in the example.net domain, he holds his email identifier might be in the example.net domain, he holds his
account with an "acct" URI in the example.com domain. His email account with an "acct" URI in the example.com domain. His email
provider may provide WebFinger services to enable redirecting Alice provider may provide WebFinger services to enable redirecting Alice
when she queries for acct:bob@example.net. when she queries for acct:bob@example.net.
Suppose Alice's client issues the following request: Suppose Alice's client issues the following request:
skipping to change at page 15, line 9 skipping to change at page 17, line 18
"rel" : "acct", "rel" : "acct",
"href" : "acct:bob@example.org" "href" : "acct:bob@example.org"
} }
] ]
} }
Alice's WebFinger client could then perform queries against the URIs Alice's WebFinger client could then perform queries against the URIs
acct:bob@example.com and acct:bob@example.org in order to get the acct:bob@example.com and acct:bob@example.org in order to get the
information Alice is seeking. information Alice is seeking.
7. Cross-Origin Resource Sharing (CORS) 8. Cross-Origin Resource Sharing (CORS)
WebFinger is most useful when it is accessible without restrictions WebFinger is most useful when it is accessible without restrictions
on the Internet, and that includes web browsers. Therefore, on the Internet, and that includes web browsers. Therefore,
WebFinger servers MUST support Cross-Origin Resource Sharing (CORS) WebFinger servers MUST support Cross-Origin Resource Sharing (CORS)
[7] when serving content intended for public consumption. [8] when serving content intended for public consumption.
Specifically, all queries to /.well-known/host-meta, /.well- Specifically, all queries to /.well-known/host-meta, /.well-
known/host-meta.json, and to the LRDD URI must include the following known/host-meta.json, and to the LRDD URI must include the following
HTTP header in the response: HTTP header in the response:
Access-Control-Allow-Origin: * Access-Control-Allow-Origin: *
Enterprise WebFinger servers that wish to restrict access to Enterprise WebFinger servers that wish to restrict access to
information from external entities SHOULD use a more restrictive information from external entities SHOULD use a more restrictive
Access-Control-Allow-Origin header and MAY exclude the header Access-Control-Allow-Origin header and MAY exclude the header
entirely. entirely.
8. Controlling Access to Information 9. Controlling Access to Information
As with all web resources, access to the Host Metadata resource and As with all web resources, access to the Host Metadata resource and
the LRDD resource MAY require authentication. Further, failure to the LRDD resource MAY require authentication. Further, failure to
provide required credentials MAY result in the server forbidding provide required credentials MAY result in the server forbidding
access or providing a different response than had the client access or providing a different response than had the client
authenticated with the server. authenticated with the server.
Likewise, a server MAY provide different responses to different Likewise, a server MAY provide different responses to different
clients based on other factors, such as whether the client is inside clients based on other factors, such as whether the client is inside
or outside a corporate network. As a concrete example, a query or outside a corporate network. As a concrete example, a query
skipping to change at page 16, line 5 skipping to change at page 18, line 15
but further authentication MAY be required in order for the WebFinger but further authentication MAY be required in order for the WebFinger
client to access those resources if the request comes from outside client to access those resources if the request comes from outside
the corporate network. the corporate network.
The decisions made with respect to what set of link relations a The decisions made with respect to what set of link relations a
WebFinger server provides to one client versus another and what WebFinger server provides to one client versus another and what
resources require further authentication, as well as the specific resources require further authentication, as well as the specific
authentication mechanisms employed, are outside the scope of this authentication mechanisms employed, are outside the scope of this
document. document.
9. Security Considerations 10. Implementation Notes (Non-Normative)
A user should not be required to enter the "acct" URI scheme name
along with his account identifier into any WebFinger client. Rather,
the WebFinger client should accept identifiers that are void of the
"acct:" portion of the identifier. Composing a properly formatted
"acct" URI is the responsibility of the WebFinger client.
11. Security Considerations
All of the security considerations applicable to Web Host Metadata All of the security considerations applicable to Web Host Metadata
[9] and Cross-Origin Resource Sharing [7] are also applicable to this [10] and Cross-Origin Resource Sharing [8] are also applicable to
specification. Of particular importance is the recommended use of this specification. Of particular importance is the recommended use
HTTPS to ensure that information is not modified during transit. of HTTPS to ensure that information is not modified during transit.
Clients should verify that the certificate used on an HTTPS Clients should verify that the certificate used on an HTTPS
connection is valid. connection is valid.
When using HTTP to request an XRD document, WebFinger clients SHOULD When using HTTP to request an XRD document, WebFinger clients SHOULD
verify the XRD document's signature, if present, to ensure that the verify the XRD document's signature, if present, to ensure that the
XRD document has not been modified. Additionally, WebFinger servers XRD document has not been modified. Additionally, WebFinger servers
SHOULD include a signature for XRD documents served over HTTP. SHOULD include a signature for XRD documents served over HTTP.
Service providers and users should be aware that placing information Service providers and users should be aware that placing information
on the Internet accessible through WebFinger means that any user can on the Internet accessible through WebFinger means that any user can
skipping to change at page 16, line 48 skipping to change at page 19, line 18
of the protocol, not a limitation. If one wishes to limit access to of the protocol, not a limitation. If one wishes to limit access to
information available via WebFinger, such as a WebFinger server for information available via WebFinger, such as a WebFinger server for
use inside a corporate network, the network administrator must take use inside a corporate network, the network administrator must take
measures necessary to limit access from outside the network. Using measures necessary to limit access from outside the network. Using
standard methods for securing web resources, network administrators standard methods for securing web resources, network administrators
do have the ability to control access to resources that might return do have the ability to control access to resources that might return
sensitive information. Further, WebFinger servers can be employed in sensitive information. Further, WebFinger servers can be employed in
such a way as to require authentication and prevent disclosure of such a way as to require authentication and prevent disclosure of
information to unauthorized entities. information to unauthorized entities.
10. IANA Considerations 12. IANA Considerations
RFC Editor: Please replace QQQQ in the following two sub-sections RFC Editor: Please replace QQQQ in the following two sub-sections
with a reference to this RFC. with a reference to this RFC.
10.1. Registration of the "acct" URI scheme name 12.1. Registration of the "acct" URI scheme name
This specification requests IANA to register the "acct" URI scheme in This specification requests IANA to register the "acct" URI scheme in
the "Permanent URI Schemes" sub-registry in the "Uniform Resource the "Permanent URI Schemes" sub-registry in the "Uniform Resource
Identifier (URI) Schemes" IANA registry [17]. This registration Identifier (URI) Schemes" IANA registry [18]. This registration
follows the URI Scheme Registration Template detailed in Section 5.4 follows the URI Scheme Registration Template detailed in Section 5.4
of RFC 4395 [15]. of RFC 4395 [16].
URI scheme name: acct URI scheme name: acct
Status: Permanent Status: Permanent
URI scheme syntax: see Section 5.2 of RFC QQQQ URI scheme syntax: see Section 5.2 of RFC QQQQ
URI scheme semantics: see Section 5 of RFC QQQQ URI scheme semantics: see Section 5 of RFC QQQQ
Encoding considerations: The "acct" URI scheme allows any character Encoding considerations: The "acct" URI scheme allows any character
from the Unicode character set encoded as a UTF-8 string that is from the Unicode character set encoded as a UTF-8 string that is
then percent-encoded as necessary to result in an internal then percent-encoded as necessary to result in an internal
representation in US-ASCII [10] representation in US-ASCII [11]
Applications/protocols that use this URI scheme name: WebFinger Applications/protocols that use this URI scheme name: WebFinger
Security considerations: see Section 7 of RFC QQQQ Security considerations: see Section 7 of RFC QQQQ
Contact: Gonzalo Salgueiro <gsalguei@cisco.com> Contact: Gonzalo Salgueiro <gsalguei@cisco.com>
Author/Change controller: IETF <ietf@ietf.org> Author/Change controller: IETF <ietf@ietf.org>
References: See Section 10 of RFC QQQQ References: See Section 10 of RFC QQQQ
10.2. Registration of the "acct" Link Relation Type 12.2. Registration of the "acct" Link Relation Type
Relation Name: acct Relation Name: acct
Description: A link relation that refers to a user's WebFinger Description: A link relation that refers to a user's WebFinger
account identifier. account identifier.
Reference: RFC QQQQ Reference: RFC QQQQ
Notes: Notes:
Application Data: Application Data:
11. Acknowledgments 13. Acknowledgments
The authors would like to acknowledge Eran Hammer-Lahav, Blaine Cook, The authors would like to acknowledge Eran Hammer-Lahav, Blaine Cook,
Brad Fitzpatrick, Laurent-Walter Goix, and Joe Clarke for their Brad Fitzpatrick, Laurent-Walter Goix, Joe Clarke, Mike Jones, and
invaluable input. Peter Saint-Andre for their invaluable input.
12. References 14. References
12.1. Normative References 14.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [2] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[3] Nottingham, M., "Web Linking", RFC 5988, October 2010. [3] Nottingham, M., Hammer-Lahav, E., "Defining Well-Known Uniform
Resource Identifiers (URIs)", RFC 5785, April 2010.
[4] Crockford, D., "The application/json Media Type for [4] Nottingham, M., "Web Linking", RFC 5988, October 2010.
[5] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627, July 2006. JavaScript Object Notation (JSON)", RFC 4627, July 2006.
[5] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform [6] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
January 2005. January 2005.
[6] Crocker, D. and P. Overell, "Augmented BNF for Syntax [7] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
[7] Van Kesteren, A., "Cross-Origin Resource Sharing", W3C CORS [8] Van Kesteren, A., "Cross-Origin Resource Sharing", W3C CORS
http://www.w3.org/TR/cors/, July 2010. http://www.w3.org/TR/cors/, July 2010.
[8] Hammer-Lahav, E. and W. Norris, "Extensible Resource Descriptor [9] Hammer-Lahav, E. and W. Norris, "Extensible Resource Descriptor
(XRD) Version 1.0", http://docs.oasis- (XRD) Version 1.0", http://docs.oasis-
open.org/xri/xrd/v1.0/xrd-1.0.html. open.org/xri/xrd/v1.0/xrd-1.0.html.
[9] Hammer-Lahav, E. and Cook, B., "Web Host Metadata", RFC 6415, [10] Hammer-Lahav, E. and Cook, B., "Web Host Metadata", RFC 6415,
October 2011. October 2011.
[10] American National Standards Institute, "Coded Character Set - [11] American National Standards Institute, "Coded Character Set -
7-bit American Standard Code for Information Interchange", ANSI 7-bit American Standard Code for Information Interchange", ANSI
X3.4, 1986. X3.4, 1986.
[11] The Unicode Consortium. The Unicode Standard, Version 6.1.0, [12] The Unicode Consortium. The Unicode Standard, Version 6.1.0,
(Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1- (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-
936213-02-3) http://www.unicode.org/versions/Unicode6.1.0/. 936213-02-3) http://www.unicode.org/versions/Unicode6.1.0/.
[12] Klensin, J., "Internationalized Domain Names in Applications [13] Klensin, J., "Internationalized Domain Names in Applications
(IDNA): Protocol", RFC 5891, August 2010. (IDNA): Protocol", RFC 5891, August 2010.
[13] Duerst, M., "Internationalized Resource Identifiers (IRIs)", [14] Duerst, M., "Internationalized Resource Identifiers (IRIs)",
RFC 3987, January 2005. RFC 3987, January 2005.
12.2. Informative References 14.2. Informative References
[14] Zimmerman, D., "The Finger User Information Protocol", RFC [15] Zimmerman, D., "The Finger User Information Protocol", RFC
1288, December 1991. 1288, December 1991.
[15] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and [16] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and
Registration Procedures for New URI Schemes", BCP 35, RFC 4395, Registration Procedures for New URI Schemes", BCP 35, RFC 4395,
February 2006. February 2006.
[16] Perreault, S., "vCard Format Specification", RFC 6350, August [17] Perreault, S., "vCard Format Specification", RFC 6350, August
2011. 2011.
[17] Internet Assigned Numbers Authority (IANA) Registry, "Uniform [18] Internet Assigned Numbers Authority (IANA) Registry, "Uniform
Resource Identifier (URI) Schemes", Resource Identifier (URI) Schemes",
<http://www.iana.org/assignments/uri-schemes.html>. <http://www.iana.org/assignments/uri-schemes.html>.
[18] "Transport Independent, Printer/System Interface", IEEE Std [19] "Transport Independent, Printer/System Interface", IEEE Std
1284.1-1997, 1997. 1284.1-1997, 1997.
[19] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC [20] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
3629, November 2003. 3629, November 2003.
[20] Information Systems -- Coded Character Sets 7-Bit American [21] Information Systems -- Coded Character Sets 7-Bit American
National Standard Code for Information Interchange (7-Bit National Standard Code for Information Interchange (7-Bit
ASCII), ANSI X3.4-1986, December 30, 1986. ASCII), ANSI X3.4-1986, December 30, 1986.
[21] Hoffman, P., Yergeau, F., "UTF-16, an encoding of ISO 10646", [22] Hoffman, P., Yergeau, F., "UTF-16, an encoding of ISO 10646",
RFC 2781, February 2000. RFC 2781, February 2000.
Author's Addresses Author's Addresses
Paul E. Jones Paul E. Jones
Cisco Systems, Inc. Cisco Systems, Inc.
7025 Kit Creek Rd. 7025 Kit Creek Rd.
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
USA USA
skipping to change at page 21, line 8 skipping to change at page 23, line 8
IM: xmpp:gsalguei@cisco.com IM: xmpp:gsalguei@cisco.com
Joseph Smarr Joseph Smarr
Google Google
Email: jsmarr@google.com Email: jsmarr@google.com
Change Log (To Be Deleted Before Publication) Change Log (To Be Deleted Before Publication)
============================================= =============================================
-06 Draft
* Added an overview section
* Made changes to example to show use of aliases
* Added text to highlight that WebFinger may use various URI schemes
* Reduced the text in the "acct" URI scheme section
* Added an Implementation Notes section
-05 Draft -05 Draft
* Minor editorial corrections * Minor editorial corrections
* Removed last paragraph from Section 6.1 * Removed last paragraph from Section 6.1
* Clarified use of CORS and how it may differ for enterprise use * Clarified use of CORS and how it may differ for enterprise use
-04 Draft -04 Draft
 End of changes. 79 change blocks. 
124 lines changed or deleted 253 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/