[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Tech overview: Why the switch to common TLD's in example?
Sorry if I was unclear, Rob. I was agreeing with Paul and Eve that cars.example.net and airline.example.com were adequate. Using *.example.* guarantees that there is no clash with an actual TLD. Moreover, I don't think the examples you gave earlier are any more usable than cars.example.net and airline.example.com. Just my two cents worth, Tom On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote: > As I said, I agree that it "works". However, I think we fail to convey > some of the understanding of how it works by using the same TLD. Lots > of non-SAML SSO products can do SSO within the same TLD's by writing a > cookie in the common domain (not to be confused with the Common Domain > Cookie in IDP discovery). As I said, the real power is doing > CROSS-DOMAIN SSO and using "example.com" hides the fact that we're doing > it cross-domain. > > Rob Philpott > Senior Technologist > RSA, The Security Division of EMC > Tel: 781-515-7115 > Mobile: 617-510-0893 > Fax: 781-515-7020 > Email: rphilpott@rsasecurity.com > > > > -----Original Message----- > > From: Tom Scavo [mailto:trscavo@gmail.com] > > Sent: Wednesday, February 14, 2007 3:06 PM > > To: Philpott, Robert > > Cc: Paul Madsen; security-services@lists.oasis-open.org > > Subject: Re: [security-services] Tech overview: Why the switch to > common > > TLD's in example? > > > > I think using *.example.* is okay. There might be a small problem > > with usability but that's outweighed by the following RFC: > > > > http://www.faqs.org/rfcs/rfc2606.html > > > > Just my two cents worth, > > Tom > > > > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote: > > > I'm okay with avoiding collisions. But using .net and .com is too > > > subtle IMO. I would have completely missed it myself and would > prefer > > > sticking to .coms. > > > > > > What about something like fakeairline.com and fakecarrental.com or > > > exampleair.com and examplecars.com? > > > > > > Rob Philpott > > > Senior Technologist > > > RSA, The Security Division of EMC > > > Tel: 781-515-7115 > > > Mobile: 617-510-0893 > > > Fax: 781-515-7020 > > > Email: rphilpott@rsasecurity.com > > > > > > > > > > -----Original Message----- > > > > From: Paul Madsen [mailto:paulmadsen@rogers.com] > > > > Sent: Wednesday, February 14, 2007 2:34 PM > > > > To: Philpott, Robert > > > > Cc: security-services@lists.oasis-open.org > > > > Subject: Re: [security-services] Tech overview: Why the switch to > > > common > > > > TLD's in example? > > > > > > > > Hi Rob, the change was motivated by concerns over collisions, i.e. > > > > http://www.airlineinc.com/ > > > > > > > > We could go to cars.example.net and airline.example.com to avoid > your > > > > concern (I think Eve actually had implemented this but I must have > > > > switched from 'net' to 'com' to avoid changing existing graphics) > > > > > > > > paul > > > > > > > > Philpott, Robert wrote: > > > > > Sorry if I missed some explicit discussion on this, but I > noticed in > > > > > this draft, the example web site names were changed. > > > "AirlineInc.com" > > > > > was changed to "airline.example.com" and "CarRentalInc.com" was > > > changed > > > > > to "cars.example.com". I don't think this was a good change to > > > make. > > > > > > > > > > The new example sites are now sharing the same top-level domain > name > > > > > "example.com". While it's true that SAML will work in such an > > > > > environment, it is not a requirement that sites share the same > TLD > > > and > > > > > we may mislead/confuse readers. The real power is our ability > to > > > SSO > > > > > across systems in *different* TLD's. > > > > > > > > > > I recommend switching back to unique TLD's. > > > > > > > > > > Rob Philpott > > > > > Senior Technologist > > > > > RSA, The Security Division of EMC > > > > > Tel: 781-515-7115 > > > > > Mobile: 617-510-0893 > > > > > Fax: 781-515-7020 > > > > > Email: rphilpott@rsasecurity.com > > > > > > > > > > > > > > > > > > > >> -----Original Message----- > > > > >> From: paulmadsen@ntt-at.com [mailto:paulmadsen@ntt-at.com] > > > > >> Sent: Wednesday, February 14, 2007 2:04 PM > > > > >> To: security-services@lists.oasis-open.org > > > > >> Subject: [security-services] Groups - sstc-saml-tech-overview-2 > > > > >> > > > > > 0-draft- > > > > > > > > > >> 12.pdf uploaded > > > > >> > > > > >> The document revision named sstc-saml-tech-overview-2 > > > 0-draft-12.pdf > > > > >> > > > > > has > > > > > > > > > >> been submitted by Paul Madsen to the OASIS Security Services > (SAML) > > > TC > > > > >> document repository. This document is revision #1 of > > > > >> sstc-saml-tech-overview-2 0-draft-11.pdf. > > > > >> > > > > >> Document Description: > > > > >> Applied most of the edits requested at the 10 Oct 2006 SSTC > > > telecon. > > > > >> > > > > > More > > > > > > > > > >> to come. > > > > >> > > > > >> View Document Details: > > > > >> http://www.oasis- > > > > >> > open.org/apps/org/workgroup/security/document.php?document_id=22454 > > > > >> > > > > >> Download Document: > > > > >> http://www.oasis- > > > > >> > > > > >> > > > > > > > > > open.org/apps/org/workgroup/security/download.php/22454/sstc-saml-tech- > > > > > > > > > >> overview-2%200-draft-12.pdf > > > > >> > > > > >> Revision: > > > > >> This document is revision #1 of sstc-saml-tech-overview-2 > > > > >> > > > > > 0-draft-11.pdf. > > > > > > > > > >> The document details page referenced above will show the > complete > > > > >> > > > > > revision > > > > > > > > > >> history. > > > > >> > > > > >> > > > > >> PLEASE NOTE: If the above links do not work for you, your > email > > > > >> application > > > > >> may be breaking the link into two pieces. You may be able to > copy > > > and > > > > >> paste > > > > >> the entire link address into the address field of your web > browser. > > > > >> > > > > >> -OASIS Open Administration > > > > >> > > > > > > > > > > > > > > > > > > -- > > > > Paul Madsen e:paulmadsen @ ntt-at.com > > > > NTT p:613-482-0432 > > > > m:613-302-1428 > > > > aim:PaulMdsn5 > > > > web:connectid.blogspot.com > > > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]