[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] NameIdentifier proposed change (Sun L3 comment)
Hal, > The history of this is that Stephen Farrell suggested that Domain be a separate element so it > could be encrypted or not independantly from name. > > Some time later, Stephen Farrell asked that Domain be optional because in may cases, such as > Kerberos, it was most natural to make the domain part of the name. If so, mea cupla...if applicable:-). The "splitting" idea, wasn't originally mine though, I think it was in the initial drafts (back to s2ml or authxml?) and I pointed out that name encryption or privacy were possible reasons to keep it that way. This was copied from the Diameter AAA protocol. I've no recollection about the 2nd thing, but there ya go. The apparent discrepency is probably because I constant toggle on whether I think "<n> farrell@baltimore.com </n>" is better or worse than "<n d="baltimore.com"> farrell </n>". "<n d="democrats.com"> bush@republicans.com </n>" can of course cause some problems, but then again, so can valid kerberos names like: "<n> bush@democrats.com/republicans.com </n>". I don't have that strong an opinion on any of these though, Stephen (Farrell). -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC