[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: New Issues, Authorities and Domains
>>>>> "PD" == Platt, Darren <dplatt@securant.com> writes:
>> What I meant was Security Domain. This might be expressed as a
>> DNS domain or in some other way.
PD> I agree that we can't limit our definition of domain to a DNS
PD> domain. I think of it more as a logical collection of users
PD> and resources.
Nobody ever liked this, but we differentiated in AuthXML between a
Domain = collection of principals and a Realm = collection of
resources.
Although it seems crystal-clear to me, this was probably one of the
biggest complaints about AuthXML. Go figure. B-)
>> Can one Authority make assertions about multiple domains?
PD> Yes.
This would suggest that we need a way to namespace principals and
resources by domain. (Yes, I did just use "namespace" as a verb.)
>> If I trust an Authority, does that mean I trust their
>> assertions on any domain?
PD> Yes, if you want.
"If you want" being the operational phrase.
~ESP
--
Evan Prodromou <evan@outlook.net>
Applications Lead
Outlook Technologies, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC