openid.trust_root wildcards
Brad Fitzpatrick
brad at danga.com
Wed May 18 12:09:27 PDT 2005
Starting point, yeah.
Some countries have a flat namespace like *.com:
http://www.google.at/
http://www.google.de/
http://www.google.ca/
I mean, look yourself: :-)
http://www.google.com/language_tools?hl=en
- Brad
On Wed, 18 May 2005, Martin Atkins wrote:
> Brad Fitzpatrick wrote:
> > It's up to the identity server to do the right thing here. It doesn't
> > affect the protocol.
> >
> > I'm sure we'll build a recommended list of domain suffixes which SHOULDN'T
> > be wildcarded.
> >
>
> Netscape's Cookie spec says:
>
> Only hosts within the specified domain can set a cookie for a domain
> and domains must have at least two (2) or three (3) periods in them
> to prevent domains of the form: ".com", ".edu", and "va.us". Any
> domain that fails within one of the seven special top level domains
> listed below only require two periods. Any other domain requires at
> least three. The seven special top level domains are: "COM", "EDU",
> "NET", "ORG", "GOV", "MIL", and "INT".
>
> Limitations of not including "museum" and "coop" aside, this seems like
> a reasonable starting point.
>
>
More information about the yadis
mailing list