openid.trust_root wildcards

Brad Fitzpatrick brad at
Wed May 18 12:09:27 PDT 2005

Starting point, yeah.

Some countries have a flat namespace like *.com:

I mean, look yourself:  :-)

- Brad

On Wed, 18 May 2005, Martin Atkins wrote:

> Brad Fitzpatrick wrote:
> > It's up to the identity server to do the right thing here.  It doesn't
> > affect the protocol.
> >
> > I'm sure we'll build a recommended list of domain suffixes which SHOULDN'T
> > be wildcarded.
> >
> Netscape's Cookie spec says:
>      Only hosts within the specified domain can set a cookie for a domain
>      and domains must have at least two (2) or three (3) periods in them
>      to prevent domains of the form: ".com", ".edu", and "". Any
>      domain that fails within one of the seven special top level domains
>      listed below only require two periods. Any other domain requires at
>      least three. The seven special top level domains are: "COM", "EDU",
>      "NET", "ORG", "GOV", "MIL", and "INT".
> Limitations of not including "museum" and "coop" aside, this seems like
> a reasonable starting point.

More information about the yadis mailing list