identity 1.0 documentation

WebFinger

«  Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)   ::   Contents   ::   Simple Web Discovery (SWD)  »

WebFinger

Abstract

This specification defines the WebFinger protocol, which can be used to discover information about people or other entities on the Internet using standard HTTP methods.

Note

  1. About People
  2. About Objects

(Internet Draft 08)

1. Introduction

WebFinger is used to discover information about people or other entities on the Internet that are identified by a URI [6] or IRI [7] using standard Hypertext Transfer Protocol (HTTP) [2] methods over a secure transport [14].

A WebFinger server returns a JavaScript Object Notation (JSON) [5] object that describes a resource that is queried. The JSON object is referred to as the JSON Resource Descriptor (JRD).

Note

  • JWD というJSONを返します

For a person, the kinds of information that might be discoverable via WebFinger include a personal profile address, identity service, telephone number, or preferred avatar.

Note

  • 人に大しては個人属性を返します

For other entities on the Internet, a WebFinger server might return JRDs containing link relations that allow a client to discover, for example, the amount of toner in a printer or the physical location of a server.

Note

  • 物に関しては、リンクリレーションを返します。 (サーバーの場所とか)

Information returned via WebFinger might be for direct human consumption (e.g., looking up someone’s phone number), or it might be used by systems to help carry out some operation (e.g., facilitate logging into a web site by determining a user’s identity service).

Use of WebFinger is illustrated in the examples in Section 3 and described more formally in Section 4.

(Draft 08)

2. Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119 [1].

WebFinger makes heavy use of “Link Relations”.

Briefly, a Link Relation is an attribute and value pair used on the Internet wherein the attribute identifies the type of link to which the associated value refers.

In HTTP and Web Linking [4], the attribute is a “rel” and the value is an “href”.

Note

<link rel="stylesheet" href="default.css" type="text/css" />

WebFinger also uses the “rel” attribute, where the “rel” value is either a single IANA-registered link relation type [10] or a URI [6].

Note

  • JSON(JRD)の中でも rel を使うと言う事

(Internet Draft 08)

3. Example Uses of WebFinger

This non-normative section shows a few sample uses of WebFinger.

( draft 12 , http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-2 )

3.1. Locating a User’s Blog

Assume you receive an email from Bob and he refers to something he posted on his blog, but you do not know where Bob’s blog is located.

It would be simple to discover the address of Bob’s blog if he made that information available via WebFinger.

Assume your email client can discover the blog for you. After receiving the message from Bob (bob@example.com), your email client performs a WebFinger query either automatically or at your command.

It does so by issuing the following HTTPS [14] query to example.com:

::
GET /.well-known/webfinger?
resource=acct%3Abob%40example.com HTTP/1.1

Host: example.com

The server might then respond with a message like this:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/jrd+json

{
  "subject" : "acct:bob@example.com",
  "aliases" :
  [
    "http://www.example.com/~bob/"
  ],
  "properties" :
  {
      "http://example.com/ns/role/" : "employee"
  },
  "links" :
  [
    {
      "rel" : "http://webfinger.example/rel/avatar",
      "type" : "image/jpeg",
      "href" : "http://www.example.com/~bob/bob.jpg"
    },
    {
      "rel" : "http://webfinger.example/rel/profile-page",
      "href" : "http://www.example.com/~bob/"
    },
    {
      "rel" : "http://webfinger.example/rel/blog",
      "type" : "text/html",
      "href" : "http://blogs.example.com/bob/",
      "titles" :
      {
          "en-us" : "The Magical World of Bob",
          "fr" : "Le Monde Magique de Bob"
      }
    },
    {
      "rel" : "http://webfinger.example/rel/businesscard",
      "href" : "https://www.example.com/~bob/bob.vcf"
    }
  ]
}

Note the assumption made in the above example is that there is an “acct” URI for the given “mailto” URI.

This may not always be the case.

The email client would take note of the link relation in the above JRD that refers to Bob’s blog. The blog’s URI would then be presented to you so that you could then visit his blog. The email client might also note that Bob has published an avatar link relation and use that picture to represent Bob inside the email client.

Lastly, the client might automatically retrieve the data located at the URI specified by the “businesscard” link relation (which might be a vcard [16]) to update the information about Bob in its internal address book.

In the above example, an “acct” URI [8] is used in the query, though any valid alias for the user might also be used. See Section 4.5 for more information on WebFinger and URIs.

An alias is a URI that is different from the “subject” URI, yet identifies the same entity. In the above example, there is one “http” alias returned, though there might have been more than one. Had the “http:” URI shown as an alias been used to query for information about Bob, the query would have appeared as:

GET /.well-known/webfinger?
         resource=http%3A%2F%2Fwww.example.com%2F~bob%2F HTTP/1.1
Host: www.example.com

Note that the host queried in this example is different than for the acct URI example, since the URI refers to a different host. Either this host would provide a response, or it would redirect the client to another host (e.g., redirect back to example.com). Either way, the response would have been substantially the same, with the subject and alias information changed as necessary.

( draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-3.1 )

3.2. Identity Provider Discovery for OpenID Connect

Suppose Carol wishes to authenticate with a web site she visits using OpenID Connect [18]. She would provide the web site with her OpenID Connect identifier, say carol@example.com. The visited web site would perform a WebFinger query looking for the OpenID Connect Provider.

Since the site is interested in only one particular link relation, the WebFinger resource might utilize the “rel” parameter as described in Section 4.3:

GET /.well-known/webfinger?
       resource=acct%3Acarol%40example.com&
       rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer
       HTTP/1.1
Host: example.com

The server might respond like this:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/jrd+json

{
  "subject" : "acct:carol@example.com",
  "links" :
  [
    {
      "rel" : "http://openid.net/specs/connect/1.0/issuer",
      "href" : "https://openid.example.com"
    }
  ]
}

Since the “rel” parameter only serves to filter the link relations returned by the resource, other name/value pairs in the response, including any aliases or properties, would be returned. Also, since support for the “rel” parameter is not guaranteed, the client must not assume the “links” array will contain only the requested link relation.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-3.2 )

3.3. Auto-Configuration of Email Clients

WebFinger could be used to auto-provision an email client with basic configuration data.

Suppose that sue@example.com wants to configure her email client. Her email client might issue the following query:

GET /.well-known/webfinger?
         resource=mailto%3Asue%40example.com HTTP/1.1
Host: example.com

The returned resource representation would contain entries for the various protocols, transport options, and security options. If there are multiple options, the resource representation might include a link relation for each of the valid options, and the client or Sue might select which option to choose. Since JRDs list link relations in a specific order, then the most-preferred choices could be presented first.

Consider this response:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/jrd+json

{
  "subject" : "mailto:sue@example.com",
  "links" :
  [
    {
      "rel" : "http://webfinger.example/rel/smtp-server",
      "properties" :
      {
        "http://webfinger.example/email/host" : "smtp.example.com",
        "http://webfinger.example/email/port" : "587",
        "http://webfinger.example/email/login-required" : "yes",
        "http://webfinger.example/email/transport" : "starttls"
      }
    },
    {
      "rel" : "http://webfinger.example/rel/imap-server",
      "properties" :
      {
        "http://webfinger.example/email/host" : "imap.example.com",
        "http://webfinger.example/email/port" : "993",
        "http://webfinger.example/email/transport" : "ssl"
      }
    }
  ]
}

In this example, you can see that the WebFinger resource representation advertises an SMTP service and an IMAP service.

In this example, the “href” entries associated with the link relation are absent. This is valid when there is no additional reference that needs to be made.

( draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-3.3 )

3.4. Retrieving Device Information

As another example, suppose there are printers on the network and you would like to check the current toner level for a particular printer identified via the URI device:p1.example.com.

While the “device” URI scheme is not presently specified, we use it here for illustrative purposes.

Following the procedures similar to those above, a query may be issued to get link relations specific to this URI like this:

GET /.well-known/webfinger?
                  resource=device%3Ap1.example.com HTTP/1.1
Host: p1.example.com

The link relations that are returned for a device may be quite different than those for user accounts.

Perhaps we may see a response like this:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/jrd+json

{
  "subject" : "device:p1.example.com",
  "links" :
  [
    {
      "rel" : "http://webfinger.example/rel/tipsi",
      "href" : "http://192.168.1.5/npap/"
    }
  ]
}

While this example is fictitious, you can imagine that perhaps the Transport Independent, Printer/System Interface [17] may be enhanced with a web interface enabling a device that understands the TIP/SI web interface specification to query the printer for toner levels.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-3.4 )

4. WebFinger Protocol

A WebFinger resource is a well-known URI [3] using the HTTPS scheme. WebFinger resources MUST NOT be served with any other URI scheme (such as HTTP).

A WebFinger resource is always given a query target, which is another URI that identifies the entity whose information is sought. GET requests to a WebFinger resource convey the query target in the “resource” parameter in the WebFinger URI’s query string; see Section 4.1 for details.

The WebFinger resource returns a JSON Resource Descriptor (JRD) as the resource representation to convey information about an entity on the Internet. Also, the Cross-Origin Resource Sharing (CORS) [9] specification is utilized to facilitate queries made via a web browser.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4 )

4.1. Constructing a WebFinger Request URI

This specification defines parameters that can be passed from the client to the WebFinger resource when issuing a request. These parameters, “resource” and “rel”, and the parameter values are included in the query component of the URI (see Section 3.4 of RFC 3986). To construct the query component, the client performs the following steps. First, each parameter value is percent-encoded, as per Section 2.1 of RFC 3986. The encoding is done to conform to the query production in Section 3.4 of that specification, with the addition that any instances of the “=” and “&” characters within the parameter values are also percent-encoded. Next, the client constructs a string to be placed in the query component by concatenating the name of the first parameter together with an equal sign (“=”) and the percent-encoded parameter value. For any subsequent parameters, the client appends an ampersand (“&”) to the string, the name of the next parameter, an equal sign, and the parameter value. The client MUST NOT insert any spaces while constructing the string. The order in which the client places each attribute-and-value pair within the query component does not matter in the interpretation of the query component.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.1 )

4.2. Performing a WebFinger Query

A WebFinger client issues a query to the well-known [3] resource identified by the URI whose path component begins with “/.well- known/webfinger” and whose query component MUST include the “resource” parameter exactly once and set to the value of the URI for which information is being sought. If the “resource” parameter is absent or malformed, the WebFinger resource MUST indicate that the request is bad as per Section 10.4.1 of RFC 2616 [2].

A client MUST query the WebFinger resource using HTTPS only. If the client determines that the resource has an invalid certificate, the resource returns a 4xx or 5xx status code, or the HTTPS connection cannot be established for any reason, then the client MUST accept that the WebFinger query has failed and MUST NOT attempt to reissue the WebFinger request using HTTP over a non-secure connection.

A WebFinger resource MUST return a JRD as the representation for the resource if the client requests no other supported format explicitly via the HTTP “Accept” header. The client MAY include the “Accept” header to indicate a desired representation; representations other than JRD might be defined in future specifications. The WebFinger resource MUST silently ignore any requested representations that it does not understand and support. The media type used for the JSON Resource Descriptor (JRD) is “application/jrd+json” (see Section 9.2).

Jones, et al. Expires September 28, 2013 [Page 9]

Internet-Draft WebFinger March 2013

A WebFinger resource MAY redirect the client; if it does, the redirection MUST only be to an “https” URI.

A WebFinger resource can include cache validators in a response to enable conditional requests by the client and/or expiration times as per Section 13 of RFC 2616.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.2 )

4.3. The “rel” Parameter

When issuing a request to a WebFinger resource, the client MAY utilize the “rel” parameter to request only a subset of the information that would otherwise be returned without the “rel” parameter. When the “rel” parameter is used and accepted, only the link relation types that match the link relation types provided via the “rel” parameter are included in the array of links returned in the JRD. If there are no matching link relation types defined for the resource, the “links” array in the JRD will either be absent or empty. All other information present in a resource descriptor remains present, even when “rel” is employed.

The “rel” parameter MAY be included multiple times in order to request multiple link relation types.

The purpose of the “rel” parameter is to return a subset of “link relation objects” (see Section 4.4.4) that would otherwise be returned in the resource descriptor. Use of the parameter might reduce processing requirements on either the client or server, and it might also reduce the bandwidth required to convey the partial resource descriptor, especially if there are numerous link relation values to convey for a given “resource” value.

WebFinger resources SHOULD support the “rel” parameter. If the resource does not support the “rel” parameter, it MUST ignore the parameter and process the request as if no “rel” parameter values were present.

The following example presents the same example as found in Section 3.1, but uses the “rel” parameter to select two link relations:

GET /.well-known/webfinger?
resource=acct%3Abob%40example.com& rel=http%3A%2F%2Fwebfinger.example%2Frel%2Fprofile-page& rel=http://webfinger.example/rel/businesscard HTTP/1.1

Host: example.com

In this example, the client requests the link relations of type “http://webfinger.example/rel/profile-page” and “http://webfinger.example/rel/businesscard”. The server then responds with a message like this:

Jones, et al. Expires September 28, 2013 [Page 10]

Internet-Draft WebFinger March 2013

HTTP/1.1 200 OK Access-Control-Allow-Origin: * Content-Type: application/jrd+json

{

“subject” : “acct:bob@example.com”, “aliases” : [

], “properties” : {

http://example.com/ns/role/” : “employee”

}, “links” : [

]

}

As you can see in the response, the resource representation contains only the link relations requested by the client, but the other parts of the JRD are still present.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.3 )

4.4. The JSON Resource Descriptor (JRD)

The JSON Resource Descriptor (JRD), originally introduced in RFC 6415 [19] and based on the Extensible Resource Descriptor (XRD) format [20], is a JSON object that comprises the following name/value pairs:

o subject o aliases o properties o links

The member “subject” is a name/value pair whose value is a string, “aliases” is an array of strings, “properties” is an object comprising name/value pairs whose values are strings, and “links” is an array of objects that contain link relation information.

When processing a JRD, the client MUST ignore any unknown member and not treat the presence of an unknown member as an error.

Jones, et al. Expires September 28, 2013 [Page 11]

Internet-Draft WebFinger March 2013

Below, each of these members of the JRD is described in more detail.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.4 )

4.4.1. subject

The value of the “subject” member is a URI that identifies the entity that the JRD describes.

The “subject” value returned by a WebFinger resource MAY differ from the value of the “resource” parameter used in the client’s request. This might happen, for example, when the subject’s identity changes (e.g., a user moves his or her account to another service) or when the resource prefers to express URIs in canonical form.

The “subject” member MUST be present in the JRD.

(draft12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.4.1 )

4.4.2. aliases

The “aliases” array is an array of zero or more URI strings that identify the same entity as the “subject” URI. Each URI must be an absolute URI.

The “aliases” array is OPTIONAL in the JRD.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.4.2 )

4.4.3. properties

The “properties” object comprises zero or more name/value pairs whose names are absolute URIs and whose values are strings or null. Properties are used to convey additional information about the subject of the JRD. As an example, consider this use of “properties”:

“properties” : { “http://webfinger.example/ns/name” : “Bob Smith” }

The “properties” member is OPTIONAL in the JRD.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.4.3 )

4.5. WebFinger and URIs

WebFinger requests include a “resource” parameter (see Section 4.1) specifying the URI of an account, device, or other entity. WebFinger is neutral regarding the scheme of such a URI: it could be an “acct” URI [7], an “http” or “https” URI, a “mailto” URI [21], or some other scheme.

To perform a WebFinger lookup on an account specific to the host being queried, use of the “acct” URI scheme is recommended, since it explicitly identifies an account accessible via WebFinger. Further, the “acct” URI scheme is not associated with other protocols as, by way of example, the “mailto” URI scheme is associated with email.

Since not every host offers email service, using the “mailto” URI scheme is not ideal for identifying user accounts on all hosts. That said, use of the “mailto” URI scheme would be ideal for use with WebFinger to discover mail server configuration information for a user.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-4.5 )

5. Cross-Origin Resource Sharing (CORS)

WebFinger resources might not be accessible from a web browser due to “Same-Origin” policies. The current best practice is to make resources available to browsers through Cross-Origin Resource Sharing (CORS) [9], and servers MUST include the Access-Control-Allow-Origin HTTP header in responses. Servers SHOULD support the least restrictive setting by allowing any domain access to the WebFinger resource:

Access-Control-Allow-Origin: *

There are cases where defaulting to the least restrictive setting is not appropriate, for example a server on an intranet that provides sensitive company information SHOULD NOT allow CORS requests from any domain, as that could allow leaking of that sensitive information. A server that wishes to restrict access to information from external entities SHOULD use a more restrictive Access-Control-Allow-Origin header.

(draft12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-5 )

6. Access Control

As with all web resources, access to the WebFinger resource could require authentication. Further, failure to provide required credentials might result in the server forbidding access or providing a different response than had the client authenticated with the server.

Likewise, a WebFinger resource MAY provide different responses to different clients based on other factors, such as whether the client is inside or outside a corporate network.

Note

  • リクエスタごとに別のディスクリプターを返してもいいよ

As a concrete example, a query performed on the internal corporate network might return link relations to employee pictures, whereas link relations for employee pictures might not be provided to external entities.

Further, link relations provided in a WebFinger resource representation might point to web resources that impose access restrictions. For example, the aforementioned corporate server may provide both internal and external entities with URIs to employee pictures, but further authentication might be required in order for the client to access the picture resources if the request comes from outside the corporate network.

The decisions made with respect to what set of link relations a WebFinger resource provides to one client versus another and what resources require further authentication, as well as the specific authentication mechanisms employed, are outside the scope of this document.

(draft12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-6 )

7. Hosted WebFinger Services

As with most services provided on the Internet, it is possible for a domain owner to utilize “hosted” WebFinger services. By way of example, a domain owner might control most aspects of their domain, but use a third-party hosting service for email. In the case of email, MX records identify mail servers for a domain. An MX record points to the mail server to which mail for the domain should be delivered. It does not matter to the sending mail server whether those MX records point to a server in the destination domain or a different domain.

Likewise, a domain owner might utilize the services of a third party to provide WebFinger services on behalf of its users. Just as a domain owner was required to insert MX records into DNS to allow for hosted email serves, the domain owner is required to redirect HTTP queries to its domain to allow for hosted WebFinger services.

When a query is issued to the WebFinger resource, the web server MUST return a response with a redirection status code that includes a Location header pointing to the location of the hosted WebFinger service URI. This WebFinger service URI does not need to point to the well-known WebFinger location on the hosting service provider server.

As an example, assume that example.com’s WebFinger services are hosted by wf.example.net. Suppose a client issues a query for acct:alice@example.com like this:

Jones, et al. Expires September 28, 2013 [Page 16]

Internet-Draft WebFinger March 2013

GET /.well-known/webfinger?
resource=acct%3Aalice%40example.com HTTP/1.1

Host: example.com

The server might respond with this:

HTTP/1.1 307 Temporary Redirect Access-Control-Allow-Origin: * Location: https://wf.example.net/example.com/webfinger?

resource=acct%3Aalice%40example.com

The client can then follow the redirection, re-issuing the request to the URI provided in the Location header. Note that the server will include any required URI parameters in the Location header value, which could be different than the URI parameters the client originally used.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-7 )

9. Controlling Access to Information

As with all web resources, access to the Host Metadata resource and the LRDD resource MAY require authentication. Further, failure to provide required credentials MAY result in the server forbidding access or providing a different response than had the client authenticated with the server.

Likewise, a server MAY provide different responses to different clients based on other factors, such as whether the client is inside or outside a corporate network. As a concrete example, a query performed on the internal corporate network might return link relations to employee pictures whereas link relations for employee pictures might not be provided to external entities.

Further, link relations provided in a WebFinger server response MAY point to web resources that impose access restrictions. For example, it is possible that the aforementioned corporate server may provide both internal and external entities with URIs to employee pictures, but further authentication MAY be required in order for the WebFinger client to access those resources if the request comes from outside the corporate network.

The decisions made with respect to what set of link relations a WebFinger server provides to one client versus another and what resources require further authentication, as well as the specific authentication mechanisms employed, are outside the scope of this document.

(Internet Draft 06)

  1. Implementation Notes (Non-Normative)

A user should not be required to enter the “acct” URI scheme name along with his account identifier into any WebFinger client. Rather, the WebFinger client should accept identifiers that are void of the “acct:” portion of the identifier. Composing a properly formatted “acct” URI is the responsibility of the WebFinger client.

(Internet Draft 06)

11. References

(Draft 08)

11.1. Normative References

[1]
Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, March 1997.
[2]
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol – HTTP/1.1”, RFC 2616, June 1999.
[3]
Nottingham, M., Hammer-Lahav, E., “Defining Well-Known Uniform Resource Identifiers (URIs)”, RFC 5785, April 2010.
[4]
Nottingham, M., “Web Linking”, RFC 5988, October 2010.
[5]
Crockford, D., “The application/json Media Type for JavaScript Object Notation (JSON)”, RFC 4627, July 2006.
[6]
Berners-Lee, T., Fielding, R., and Masinter, L., “Uniform Resource Identifier (URI): Generic Syntax”, STD 66, RFC 3986, January 2005.
[7]
Duerst, M., “Internationalized Resource Identifiers (IRIs)”, RFC 3987, January 2005.
[8]
Saint-Andre, P., “The ‘acct’ URI Scheme”, draft-ietf-appsawg- acct-uri-03, February 2013.
[9]
Van Kesteren, A., “Cross-Origin Resource Sharing”, W3C CORS http://www.w3.org/TR/cors/, July 2010.
[10]
IANA, “Link Relations”, http://www.iana.org/assignments/link- relations/.
[11]
IANA, “MIME Media Types”, http://www.iana.org/assignments/media-types/index.html.
[12]
Freed, N., Klensin, J., Hansen, T., “Media Type Specifications and Registration Procedures”, RFC 6838, January 2013.
[13]
Phillips, A., Davis, M., “Tags for Identifying Languages”, RFC 5646, January 2009.
[14]
Rescorla, E., “HTTP Over TLS”, RFC 2818, May 2000.
[15]
Klyne, G., Newman, C., “Date and Time on the Internet: Timestamps”, RFC 3339, July 2002.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-11.1 )

orphan:

11.2. Informative References

[16]
1Perreault, S., “vCard Format Specification”, RFC 6350, August 2011.
[17]
“Transport Independent, Printer/System Interface”, IEEE Std 1284.1-1997, 1997.
[18]
Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C., and E. Jay, “OpenID Connect Messages 1.0”, January 2013, http://openid.net/specs/openid-connect-messages-1_0.html.
[19]
Hammer-Lahav, E. and Cook, B., “Web Host Metadata”, RFC 6415, October 2011.
[20]
Hammer-Lahav, E. and W. Norris, “Extensible Resource Descriptor (XRD) Version 1.0”, http://docs.oasis- open.org/xri/xrd/v1.0/xrd-1.0.html.
[21]
Duerst, M., Masinter, L., and J. Zawinski, “The ‘mailto’ URI Scheme”, RFC 6068, October 2010.

(draft 12, http://tools.ietf.org/html/draft-ietf-appsawg-webfinger-12#section-11.2 )

«  Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)   ::   Contents   ::   Simple Web Discovery (SWD)  »