Re: [security-services] Tech overview: Why the switch to common TLD's in example?

["Tom Scavo" <trscavo@gmail.com>]

Sorry if I was unclear, Rob.  I was agreeing with Paul and Eve that
cars.example.net and airline.example.com were adequate.  Using
*.example.* guarantees that there is no clash with an actual TLD.
Moreover, I don't think the examples you gave earlier are any more
usable than cars.example.net and airline.example.com.

Just my two cents worth,
Tom

On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
> As I said, I agree that it "works". However, I think we fail to convey
> some of the understanding of how it works by using the same TLD.  Lots
> of non-SAML SSO products can do SSO within the same TLD's by writing a
> cookie in the common domain (not to be confused with the Common Domain
> Cookie in IDP discovery).  As I said, the real power is doing
> CROSS-DOMAIN SSO and using "example.com" hides the fact that we're doing
> it cross-domain.
>
> Rob Philpott
> Senior Technologist
> RSA, The Security Division of EMC
> Tel: 781-515-7115
> Mobile: 617-510-0893
> Fax: 781-515-7020
> Email: rphilpott@rsasecurity.com
>
>
> > -----Original Message-----
> > From: Tom Scavo [mailto:trscavo@gmail.com]
> > Sent: Wednesday, February 14, 2007 3:06 PM
> > To: Philpott, Robert
> > Cc: Paul Madsen; security-services@lists.oasis-open.org
> > Subject: Re: [security-services] Tech overview: Why the switch to
> common
> > TLD's in example?
> >
> > I think using *.example.* is okay.  There might be a small problem
> > with usability but that's outweighed by the following RFC:
> >
> > http://www.faqs.org/rfcs/rfc2606.html
> >
> > Just my two cents worth,
> > Tom
> >
> > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
> > > I'm okay with avoiding collisions.  But using .net and .com is too
> > > subtle IMO.  I would have completely missed it myself and would
> prefer
> > > sticking to .coms.
> > >
> > > What about something like fakeairline.com and fakecarrental.com or
> > > exampleair.com and examplecars.com?
> > >
> > > Rob Philpott
> > > Senior Technologist
> > > RSA, The Security Division of EMC
> > > Tel: 781-515-7115
> > > Mobile: 617-510-0893
> > > Fax: 781-515-7020
> > > Email: rphilpott@rsasecurity.com
> > >
> > >
> > > > -----Original Message-----
> > > > From: Paul Madsen [mailto:paulmadsen@rogers.com]
> > > > Sent: Wednesday, February 14, 2007 2:34 PM
> > > > To: Philpott, Robert
> > > > Cc: security-services@lists.oasis-open.org
> > > > Subject: Re: [security-services] Tech overview: Why the switch to
> > > common
> > > > TLD's in example?
> > > >
> > > > Hi Rob, the change was motivated by concerns over collisions, i.e.
> > > > http://www.airlineinc.com/
> > > >
> > > > We could go to cars.example.net and airline.example.com to avoid
> your
> > > > concern (I think Eve actually had implemented this but I must have
> > > > switched from 'net' to 'com' to avoid changing existing graphics)
> > > >
> > > > paul
> > > >
> > > > Philpott, Robert wrote:
> > > > > Sorry if I missed some explicit discussion on this, but I
> noticed in
> > > > > this draft, the example web site names were changed.
> > > "AirlineInc.com"
> > > > > was changed to "airline.example.com" and "CarRentalInc.com" was
> > > changed
> > > > > to "cars.example.com".  I don't think this was a good change to
> > > make.
> > > > >
> > > > > The new example sites are now sharing the same top-level domain
> name
> > > > > "example.com".  While it's true that SAML will work in such an
> > > > > environment, it is not a requirement that sites share the same
> TLD
> > > and
> > > > > we may mislead/confuse readers.  The real power is our ability
> to
> > > SSO
> > > > > across systems in *different* TLD's.
> > > > >
> > > > > I recommend switching back to unique TLD's.
> > > > >
> > > > > Rob Philpott
> > > > > Senior Technologist
> > > > > RSA, The Security Division of EMC
> > > > > Tel: 781-515-7115
> > > > > Mobile: 617-510-0893
> > > > > Fax: 781-515-7020
> > > > > Email: rphilpott@rsasecurity.com
> > > > >
> > > > >
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: paulmadsen@ntt-at.com [mailto:paulmadsen@ntt-at.com]
> > > > >> Sent: Wednesday, February 14, 2007 2:04 PM
> > > > >> To: security-services@lists.oasis-open.org
> > > > >> Subject: [security-services] Groups - sstc-saml-tech-overview-2
> > > > >>
> > > > > 0-draft-
> > > > >
> > > > >> 12.pdf uploaded
> > > > >>
> > > > >> The document revision named sstc-saml-tech-overview-2
> > > 0-draft-12.pdf
> > > > >>
> > > > > has
> > > > >
> > > > >> been submitted by Paul Madsen to the OASIS Security Services
> (SAML)
> > > TC
> > > > >> document repository.  This document is revision #1 of
> > > > >> sstc-saml-tech-overview-2 0-draft-11.pdf.
> > > > >>
> > > > >> Document Description:
> > > > >> Applied most of the edits requested at the 10 Oct 2006 SSTC
> > > telecon.
> > > > >>
> > > > > More
> > > > >
> > > > >> to come.
> > > > >>
> > > > >> View Document Details:
> > > > >> http://www.oasis-
> > > > >>
> open.org/apps/org/workgroup/security/document.php?document_id=22454
> > > > >>
> > > > >> Download Document:
> > > > >> http://www.oasis-
> > > > >>
> > > > >>
> > > > >
> > >
> open.org/apps/org/workgroup/security/download.php/22454/sstc-saml-tech-
> > > > >
> > > > >> overview-2%200-draft-12.pdf
> > > > >>
> > > > >> Revision:
> > > > >> This document is revision #1 of sstc-saml-tech-overview-2
> > > > >>
> > > > > 0-draft-11.pdf.
> > > > >
> > > > >> The document details page referenced above will show the
> complete
> > > > >>
> > > > > revision
> > > > >
> > > > >> history.
> > > > >>
> > > > >>
> > > > >> PLEASE NOTE:  If the above links do not work for you, your
> email
> > > > >> application
> > > > >> may be breaking the link into two pieces.  You may be able to
> copy
> > > and
> > > > >> paste
> > > > >> the entire link address into the address field of your web
> browser.
> > > > >>
> > > > >> -OASIS Open Administration
> > > > >>
> > > > >
> > > > >
> > > >
> > > > --
> > > > Paul Madsen             e:paulmadsen @ ntt-at.com
> > > > NTT                     p:613-482-0432
> > > >                         m:613-302-1428
> > > >                         aim:PaulMdsn5
> > > >                         web:connectid.blogspot.com
> > > >
> > >
> > >
>