[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: New Issues, Authorities and Domains
>>>>> "PD" == Platt, Darren <dplatt@securant.com> writes: >> What I meant was Security Domain. This might be expressed as a >> DNS domain or in some other way. PD> I agree that we can't limit our definition of domain to a DNS PD> domain. I think of it more as a logical collection of users PD> and resources. Nobody ever liked this, but we differentiated in AuthXML between a Domain = collection of principals and a Realm = collection of resources. Although it seems crystal-clear to me, this was probably one of the biggest complaints about AuthXML. Go figure. B-) >> Can one Authority make assertions about multiple domains? PD> Yes. This would suggest that we need a way to namespace principals and resources by domain. (Yes, I did just use "namespace" as a verb.) >> If I trust an Authority, does that mean I trust their >> assertions on any domain? PD> Yes, if you want. "If you want" being the operational phrase. ~ESP -- Evan Prodromou <evan@outlook.net> Applications Lead Outlook Technologies, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC