[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Tech overview: Why the switch to common TLD's in example?
Oops I really was referring to the second-level domain when I said TLD (that's what I get for multiplexing while on a con-call :-))... I agree with Paul - If we switch to another TLD such as .uk, etc and it's really clear they aren't in the same second-level domain, then I'd be happy with that. I'd prefer a country code TLD over .com/.net because very often folks don't quite notice it. But if it's a country code, it's harder to miss. And recognizing international applicability/use is always a good thing! Rob Philpott Senior Technologist RSA, The Security Division of EMC Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 Email: rphilpott@rsasecurity.com > -----Original Message----- > From: Paul Madsen [mailto:paulmadsen@rogers.com] > Sent: Wednesday, February 14, 2007 3:45 PM > To: Tom Scavo > Cc: Philpott, Robert; security-services@lists.oasis-open.org > Subject: Re: [security-services] Tech overview: Why the switch to common > TLD's in example? > > I agree with Rob that it was misleading to use addresses that shared a > second level domain AND top level domain. (furthermore, were we even > using the 'example' correctly as RFC2606 would have the .example as the > TLD and not second level?) > > I do however think we miss an opportunity to (subtlely) demonstrate > SAML's global reach if we use .com for TLD without exception, i.e. let's > see some .ca, .uk, jp etc > > Rob, you think cars.example.ca and airlines.example.com.uk would > still be misleading? > > paul > > Tom Scavo wrote: > > Sorry if I was unclear, Rob. I was agreeing with Paul and Eve that > > cars.example.net and airline.example.com were adequate. Using > > *.example.* guarantees that there is no clash with an actual TLD. > > Moreover, I don't think the examples you gave earlier are any more > > usable than cars.example.net and airline.example.com. > > > > Just my two cents worth, > > Tom > > > > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote: > >> As I said, I agree that it "works". However, I think we fail to convey > >> some of the understanding of how it works by using the same TLD. Lots > >> of non-SAML SSO products can do SSO within the same TLD's by writing a > >> cookie in the common domain (not to be confused with the Common Domain > >> Cookie in IDP discovery). As I said, the real power is doing > >> CROSS-DOMAIN SSO and using "example.com" hides the fact that we're > doing > >> it cross-domain. > >> > >> Rob Philpott > >> Senior Technologist > >> RSA, The Security Division of EMC > >> Tel: 781-515-7115 > >> Mobile: 617-510-0893 > >> Fax: 781-515-7020 > >> Email: rphilpott@rsasecurity.com > >> > >> > >> > -----Original Message----- > >> > From: Tom Scavo [mailto:trscavo@gmail.com] > >> > Sent: Wednesday, February 14, 2007 3:06 PM > >> > To: Philpott, Robert > >> > Cc: Paul Madsen; security-services@lists.oasis-open.org > >> > Subject: Re: [security-services] Tech overview: Why the switch to > >> common > >> > TLD's in example? > >> > > >> > I think using *.example.* is okay. There might be a small problem > >> > with usability but that's outweighed by the following RFC: > >> > > >> > http://www.faqs.org/rfcs/rfc2606.html > >> > > >> > Just my two cents worth, > >> > Tom > >> > > >> > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote: > >> > > I'm okay with avoiding collisions. But using .net and .com is too > >> > > subtle IMO. I would have completely missed it myself and would > >> prefer > >> > > sticking to .coms. > >> > > > >> > > What about something like fakeairline.com and fakecarrental.com or > >> > > exampleair.com and examplecars.com? > >> > > > >> > > Rob Philpott > >> > > Senior Technologist > >> > > RSA, The Security Division of EMC > >> > > Tel: 781-515-7115 > >> > > Mobile: 617-510-0893 > >> > > Fax: 781-515-7020 > >> > > Email: rphilpott@rsasecurity.com > >> > > > >> > > > >> > > > -----Original Message----- > >> > > > From: Paul Madsen [mailto:paulmadsen@rogers.com] > >> > > > Sent: Wednesday, February 14, 2007 2:34 PM > >> > > > To: Philpott, Robert > >> > > > Cc: security-services@lists.oasis-open.org > >> > > > Subject: Re: [security-services] Tech overview: Why the switch to > >> > > common > >> > > > TLD's in example? > >> > > > > >> > > > Hi Rob, the change was motivated by concerns over collisions, > i.e. > >> > > > http://www.airlineinc.com/ > >> > > > > >> > > > We could go to cars.example.net and airline.example.com to avoid > >> your > >> > > > concern (I think Eve actually had implemented this but I must > have > >> > > > switched from 'net' to 'com' to avoid changing existing graphics) > >> > > > > >> > > > paul > >> > > > > >> > > > Philpott, Robert wrote: > >> > > > > Sorry if I missed some explicit discussion on this, but I > >> noticed in > >> > > > > this draft, the example web site names were changed. > >> > > "AirlineInc.com" > >> > > > > was changed to "airline.example.com" and "CarRentalInc.com" was > >> > > changed > >> > > > > to "cars.example.com". I don't think this was a good change to > >> > > make. > >> > > > > > >> > > > > The new example sites are now sharing the same top-level domain > >> name > >> > > > > "example.com". While it's true that SAML will work in such an > >> > > > > environment, it is not a requirement that sites share the same > >> TLD > >> > > and > >> > > > > we may mislead/confuse readers. The real power is our ability > >> to > >> > > SSO > >> > > > > across systems in *different* TLD's. > >> > > > > > >> > > > > I recommend switching back to unique TLD's. > >> > > > > > >> > > > > Rob Philpott > >> > > > > Senior Technologist > >> > > > > RSA, The Security Division of EMC > >> > > > > Tel: 781-515-7115 > >> > > > > Mobile: 617-510-0893 > >> > > > > Fax: 781-515-7020 > >> > > > > Email: rphilpott@rsasecurity.com > >> > > > > > >> > > > > > >> > > > > > >> > > > >> -----Original Message----- > >> > > > >> From: paulmadsen@ntt-at.com [mailto:paulmadsen@ntt-at.com] > >> > > > >> Sent: Wednesday, February 14, 2007 2:04 PM > >> > > > >> To: security-services@lists.oasis-open.org > >> > > > >> Subject: [security-services] Groups - sstc-saml-tech-overview- > 2 > >> > > > >> > >> > > > > 0-draft- > >> > > > > > >> > > > >> 12.pdf uploaded > >> > > > >> > >> > > > >> The document revision named sstc-saml-tech-overview-2 > >> > > 0-draft-12.pdf > >> > > > >> > >> > > > > has > >> > > > > > >> > > > >> been submitted by Paul Madsen to the OASIS Security Services > >> (SAML) > >> > > TC > >> > > > >> document repository. This document is revision #1 of > >> > > > >> sstc-saml-tech-overview-2 0-draft-11.pdf. > >> > > > >> > >> > > > >> Document Description: > >> > > > >> Applied most of the edits requested at the 10 Oct 2006 SSTC > >> > > telecon. > >> > > > >> > >> > > > > More > >> > > > > > >> > > > >> to come. > >> > > > >> > >> > > > >> View Document Details: > >> > > > >> http://www.oasis- > >> > > > >> > >> open.org/apps/org/workgroup/security/document.php?document_id=22454 > >> > > > >> > >> > > > >> Download Document: > >> > > > >> http://www.oasis- > >> > > > >> > >> > > > >> > >> > > > > > >> > > > >> open.org/apps/org/workgroup/security/download.php/22454/sstc-saml-tech- > >> > > > > > >> > > > >> overview-2%200-draft-12.pdf > >> > > > >> > >> > > > >> Revision: > >> > > > >> This document is revision #1 of sstc-saml-tech-overview-2 > >> > > > >> > >> > > > > 0-draft-11.pdf. > >> > > > > > >> > > > >> The document details page referenced above will show the > >> complete > >> > > > >> > >> > > > > revision > >> > > > > > >> > > > >> history. > >> > > > >> > >> > > > >> > >> > > > >> PLEASE NOTE: If the above links do not work for you, your > >> email > >> > > > >> application > >> > > > >> may be breaking the link into two pieces. You may be able to > >> copy > >> > > and > >> > > > >> paste > >> > > > >> the entire link address into the address field of your web > >> browser. > >> > > > >> > >> > > > >> -OASIS Open Administration > >> > > > >> > >> > > > > > >> > > > > > >> > > > > >> > > > -- > >> > > > Paul Madsen e:paulmadsen @ ntt-at.com > >> > > > NTT p:613-482-0432 > >> > > > m:613-302-1428 > >> > > > aim:PaulMdsn5 > >> > > > web:connectid.blogspot.com > >> > > > > >> > > > >> > > > >> > > > > -- > Paul Madsen e:paulmadsen @ ntt-at.com > NTT p:613-482-0432 > m:613-302-1428 > aim:PaulMdsn5 > web:connectid.blogspot.com >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]