5

So I've been trying to understand WebFinger (RFC7033) and stumbled upon Web Host Metadata (RFC6415). As far as I can tell, they are both RFCs and solving the same problem in almost the same way.

So if I wanted to lookup information about a person or a thing by their URI, I could do two things:

  • WebFinger suggests that I navigate to /.well-known/webfinger?resource=...
  • Host-Meta suggests I take a look at /.well-known/host-meta which returns a JRD or an XRD with something like <link rel="lrdd" template="http://example.com/lrdd?uri={uri}">

Webfinger just has one less lookup and encourages JRDs. Why can't I just create a host-meta with a template that looks like http://example.com/.well-known/webfinger?resource={uri} and doing both things (albeit redundantly)?

Is there any important difference between the two I'm missing? Should I prefer one over the other?

avinashbot
  • 1,177
  • 1
  • 11
  • 25

2 Answers2

5

Author of RFC 7033 here.

WebFinger was a work-in-progress for several of years and underwent a number of changes during that time. RFC 6415 was the first attempt to standardize the concept of WebFinger, which included host-meta and LRDD. The process of discovery using RFC 6415 was complicated by the fact that one needed to perform two queries and then merge information from each of the queries to create a resulting set of link relations. Also, there had been a move for a while toward JSON. WebFinger had used XML, but RFC 6415 Appendix A introduced a JSON encoding. People wanted that to be the only encoding.

Working with the original authors of RFC 6415 and others in the WebFinger community, a group of us in the IETF worked to simplify the process, make the move to JSON as the content encoding, ensure the solution was secure (HTTPS only), and get agreement on a URI scheme for querying user account information (the "acct" URI).

So with RFC 7033 we have a secure, simple, one-query mechanism for discovery that works basically like this:

$ wfinger paulej@packetizer.com

What this "wfinger" client would do is find the domain "packetizer.com" and then issue the following query (using curl just to make the example clear):

$ curl https://packetizer.com/.well-known/webfinger?resource=acct%3Apaulej%40packetizer.com

Note that any URI scheme may still be used with WebFinger -- that concept was not lost. So as intended with the original WebFinger, it was possible to query for information about web pages (e.g., www.packetizer.com) or other types of content. Here is one example:

$ curl https://packetizer.com/.well-known/webfinger?resource=http%3A%2F%2Fwww.packetizer.com

That would return link relations and other metadata about the page "http://www.packetizer.com".

cweiske
  • 30,033
  • 14
  • 133
  • 194
paulej
  • 94
  • 5
  • Thanks for the answer! So if I were to put `.well-known/webfinger` as an LRDD link in my .host-meta, that would be fine? – avinashbot May 08 '15 at 10:47
  • No, because the procedures and data format have changed. If you are looking for software, there are several packages available. See http://www.packetizer.com/ws/webfinger/software.html for a list. – paulej May 08 '15 at 19:13
0

Although the Webfinger RFC says /.well-known/webfinger? actual implementations use /.well-known/host-meta

See: http://hueniverse.com/2009/09/02/implementing-webfinger/

It seems WF has been superseded by WHM.

David Dossot
  • 33,403
  • 4
  • 38
  • 72
  • 2
    Thanks for the reply, but I've been looking things up since I asked the question and it seems WF was standardized two years *after* WHM, and while some posts mentioned host-meta, they were quite old. It turned out that host-meta was dropped from the third draft (https://tools.ietf.org/html/draft-ietf-appsawg-webfinger-03) for some unknown reason and while it made sense before, the current standards do the same thing... so my question isn't quite answered because both standards are mentioned quite often recently and both seemed valid. – avinashbot May 07 '15 at 20:25