OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] NameIdentifier proposed change (Sun L3 comment)


> The history of this is that Stephen Farrell suggested that Domain be a separate element so it
> could be encrypted or not independantly from name.
> Some time later, Stephen Farrell asked that Domain be optional because in may cases, such as
> Kerberos, it was most natural to make the domain part of the name.

If so, mea cupla...if applicable:-).

The "splitting" idea, wasn't originally mine though, I think it was in 
the initial drafts (back to s2ml or authxml?) and I pointed out that name 
encryption or privacy were possible reasons to keep it that way. This 
was copied from the Diameter AAA protocol. I've no recollection about 
the 2nd thing, but there ya go.

The apparent discrepency is probably because I constant toggle on 
whether I think "<n> farrell@baltimore.com </n>" is better or worse 
than "<n d="baltimore.com"> farrell </n>". 

"<n d="democrats.com"> bush@republicans.com </n>" can of course cause 
some problems, but then again, so can valid kerberos names like:
"<n> bush@democrats.com/republicans.com </n>".

I don't have that strong an opinion on any of these though, 

Stephen (Farrell).

Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC