Naming constraints in Federation

Comments (6)

1. 

   Giuseppe De Marco

   1. we may need a wildcard char like * (not sure following RFC5280 https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10)
   2. the value is a URI and not a FQDN

   ‌

   • 2022-08-09T15:22:00+00:00
2. 

   Michael Jones

   I will create a PR making the description consistent with the examples and https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10.

   • 2022-08-09T15:28:49+00:00
3. 

   Michael Jones

   • changed status to open

   • 2022-08-11T16:10:25+00:00
4. 

   Michael Jones

   • assigned issue to
     
     Michael Jones

   • 2022-08-11T16:10:43+00:00
5. 

   Michael Jones

   There are two subtle points here. First, Section 5.2 says that naming constraints restrict the allowable Entity Identifiers, not that they are Entity Identifiers.

   Second, the fully-qualified domain names language comes from https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.10, which also includes example domain names such as .example.com. It’s fully-qualified because it ends in a top-level domain (TLD) name (in this case com).

   An example of a non-fully-qualified domain name would be horta, which was the local hostname of my primary machine in graduate school. The fully-qualified domain name for that machine was horta.cs.cmu.edu.

   I also created https://bitbucket.org/openid/connect/pull-requests/279/clarified-naming-constraints to clarify the description of naming constraints, and in particular, domain name constraints.

   • 2022-08-16T22:29:49+00:00
6. 

   Giuseppe De Marco

   • changed status to resolved

   Fixed by https://bitbucket.org/openid/connect/pull-requests/279

   • 2022-08-19T15:34:05+00:00
7. Log in to comment