RE: [security-services] Tech overview: Why the switch to common TLD's in example?

["Philpott, Robert" <rphilpott@rsasecurity.com>]

Oops I really was referring to the second-level domain when I said TLD
(that's what I get for multiplexing while on a con-call :-))...

I agree with Paul - If we switch to another TLD such as .uk, etc and
it's really clear they aren't in the same second-level domain, then I'd
be happy with that.

I'd prefer a country code TLD over .com/.net because very often folks
don't quite notice it.  But if it's a country code, it's harder to miss.

And recognizing international applicability/use is always a good thing!

Rob Philpott
Senior Technologist
RSA, The Security Division of EMC
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
Email: rphilpott@rsasecurity.com


> -----Original Message-----
> From: Paul Madsen [mailto:paulmadsen@rogers.com]
> Sent: Wednesday, February 14, 2007 3:45 PM
> To: Tom Scavo
> Cc: Philpott, Robert; security-services@lists.oasis-open.org
> Subject: Re: [security-services] Tech overview: Why the switch to
common
> TLD's in example?
> 
> I agree with Rob that it was misleading to use addresses that shared a
> second level domain AND top level domain. (furthermore, were we even
> using the 'example' correctly as RFC2606 would have the .example as
the
> TLD and not second level?)
> 
> I do however think we miss an opportunity to (subtlely) demonstrate
> SAML's global reach if we use .com for TLD without exception, i.e.
let's
> see some .ca, .uk, jp etc
> 
> Rob, you think  cars.example.ca  and  airlines.example.com.uk  would
> still be misleading?
> 
> paul
> 
> Tom Scavo wrote:
> > Sorry if I was unclear, Rob.  I was agreeing with Paul and Eve that
> > cars.example.net and airline.example.com were adequate.  Using
> > *.example.* guarantees that there is no clash with an actual TLD.
> > Moreover, I don't think the examples you gave earlier are any more
> > usable than cars.example.net and airline.example.com.
> >
> > Just my two cents worth,
> > Tom
> >
> > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
> >> As I said, I agree that it "works". However, I think we fail to
convey
> >> some of the understanding of how it works by using the same TLD.
Lots
> >> of non-SAML SSO products can do SSO within the same TLD's by
writing a
> >> cookie in the common domain (not to be confused with the Common
Domain
> >> Cookie in IDP discovery).  As I said, the real power is doing
> >> CROSS-DOMAIN SSO and using "example.com" hides the fact that we're
> doing
> >> it cross-domain.
> >>
> >> Rob Philpott
> >> Senior Technologist
> >> RSA, The Security Division of EMC
> >> Tel: 781-515-7115
> >> Mobile: 617-510-0893
> >> Fax: 781-515-7020
> >> Email: rphilpott@rsasecurity.com
> >>
> >>
> >> > -----Original Message-----
> >> > From: Tom Scavo [mailto:trscavo@gmail.com]
> >> > Sent: Wednesday, February 14, 2007 3:06 PM
> >> > To: Philpott, Robert
> >> > Cc: Paul Madsen; security-services@lists.oasis-open.org
> >> > Subject: Re: [security-services] Tech overview: Why the switch to
> >> common
> >> > TLD's in example?
> >> >
> >> > I think using *.example.* is okay.  There might be a small
problem
> >> > with usability but that's outweighed by the following RFC:
> >> >
> >> > http://www.faqs.org/rfcs/rfc2606.html
> >> >
> >> > Just my two cents worth,
> >> > Tom
> >> >
> >> > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
> >> > > I'm okay with avoiding collisions.  But using .net and .com is
too
> >> > > subtle IMO.  I would have completely missed it myself and would
> >> prefer
> >> > > sticking to .coms.
> >> > >
> >> > > What about something like fakeairline.com and fakecarrental.com
or
> >> > > exampleair.com and examplecars.com?
> >> > >
> >> > > Rob Philpott
> >> > > Senior Technologist
> >> > > RSA, The Security Division of EMC
> >> > > Tel: 781-515-7115
> >> > > Mobile: 617-510-0893
> >> > > Fax: 781-515-7020
> >> > > Email: rphilpott@rsasecurity.com
> >> > >
> >> > >
> >> > > > -----Original Message-----
> >> > > > From: Paul Madsen [mailto:paulmadsen@rogers.com]
> >> > > > Sent: Wednesday, February 14, 2007 2:34 PM
> >> > > > To: Philpott, Robert
> >> > > > Cc: security-services@lists.oasis-open.org
> >> > > > Subject: Re: [security-services] Tech overview: Why the
switch to
> >> > > common
> >> > > > TLD's in example?
> >> > > >
> >> > > > Hi Rob, the change was motivated by concerns over collisions,
> i.e.
> >> > > > http://www.airlineinc.com/
> >> > > >
> >> > > > We could go to cars.example.net and airline.example.com to
avoid
> >> your
> >> > > > concern (I think Eve actually had implemented this but I must
> have
> >> > > > switched from 'net' to 'com' to avoid changing existing
graphics)
> >> > > >
> >> > > > paul
> >> > > >
> >> > > > Philpott, Robert wrote:
> >> > > > > Sorry if I missed some explicit discussion on this, but I
> >> noticed in
> >> > > > > this draft, the example web site names were changed.
> >> > > "AirlineInc.com"
> >> > > > > was changed to "airline.example.com" and "CarRentalInc.com"
was
> >> > > changed
> >> > > > > to "cars.example.com".  I don't think this was a good
change to
> >> > > make.
> >> > > > >
> >> > > > > The new example sites are now sharing the same top-level
domain
> >> name
> >> > > > > "example.com".  While it's true that SAML will work in such
an
> >> > > > > environment, it is not a requirement that sites share the
same
> >> TLD
> >> > > and
> >> > > > > we may mislead/confuse readers.  The real power is our
ability
> >> to
> >> > > SSO
> >> > > > > across systems in *different* TLD's.
> >> > > > >
> >> > > > > I recommend switching back to unique TLD's.
> >> > > > >
> >> > > > > Rob Philpott
> >> > > > > Senior Technologist
> >> > > > > RSA, The Security Division of EMC
> >> > > > > Tel: 781-515-7115
> >> > > > > Mobile: 617-510-0893
> >> > > > > Fax: 781-515-7020
> >> > > > > Email: rphilpott@rsasecurity.com
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >> -----Original Message-----
> >> > > > >> From: paulmadsen@ntt-at.com [mailto:paulmadsen@ntt-at.com]
> >> > > > >> Sent: Wednesday, February 14, 2007 2:04 PM
> >> > > > >> To: security-services@lists.oasis-open.org
> >> > > > >> Subject: [security-services] Groups -
sstc-saml-tech-overview-
> 2
> >> > > > >>
> >> > > > > 0-draft-
> >> > > > >
> >> > > > >> 12.pdf uploaded
> >> > > > >>
> >> > > > >> The document revision named sstc-saml-tech-overview-2
> >> > > 0-draft-12.pdf
> >> > > > >>
> >> > > > > has
> >> > > > >
> >> > > > >> been submitted by Paul Madsen to the OASIS Security
Services
> >> (SAML)
> >> > > TC
> >> > > > >> document repository.  This document is revision #1 of
> >> > > > >> sstc-saml-tech-overview-2 0-draft-11.pdf.
> >> > > > >>
> >> > > > >> Document Description:
> >> > > > >> Applied most of the edits requested at the 10 Oct 2006
SSTC
> >> > > telecon.
> >> > > > >>
> >> > > > > More
> >> > > > >
> >> > > > >> to come.
> >> > > > >>
> >> > > > >> View Document Details:
> >> > > > >> http://www.oasis-
> >> > > > >>
> >> open.org/apps/org/workgroup/security/document.php?document_id=22454
> >> > > > >>
> >> > > > >> Download Document:
> >> > > > >> http://www.oasis-
> >> > > > >>
> >> > > > >>
> >> > > > >
> >> > >
> >>
open.org/apps/org/workgroup/security/download.php/22454/sstc-saml-tech-
> >> > > > >
> >> > > > >> overview-2%200-draft-12.pdf
> >> > > > >>
> >> > > > >> Revision:
> >> > > > >> This document is revision #1 of sstc-saml-tech-overview-2
> >> > > > >>
> >> > > > > 0-draft-11.pdf.
> >> > > > >
> >> > > > >> The document details page referenced above will show the
> >> complete
> >> > > > >>
> >> > > > > revision
> >> > > > >
> >> > > > >> history.
> >> > > > >>
> >> > > > >>
> >> > > > >> PLEASE NOTE:  If the above links do not work for you, your
> >> email
> >> > > > >> application
> >> > > > >> may be breaking the link into two pieces.  You may be able
to
> >> copy
> >> > > and
> >> > > > >> paste
> >> > > > >> the entire link address into the address field of your web
> >> browser.
> >> > > > >>
> >> > > > >> -OASIS Open Administration
> >> > > > >>
> >> > > > >
> >> > > > >
> >> > > >
> >> > > > --
> >> > > > Paul Madsen             e:paulmadsen @ ntt-at.com
> >> > > > NTT                     p:613-482-0432
> >> > > >                         m:613-302-1428
> >> > > >                         aim:PaulMdsn5
> >> > > >                         web:connectid.blogspot.com
> >> > > >
> >> > >
> >> > >
> >>
> >
> 
> --
> Paul Madsen             e:paulmadsen @ ntt-at.com
> NTT                     p:613-482-0432
>                         m:613-302-1428
>                         aim:PaulMdsn5
>                         web:connectid.blogspot.com
>