[WG-OTTO] Fwd: RE: Re: DNS-based OpenID Discovery

Mike Schwartz mike at gluu.org
Thu Oct 5 17:49:15 UTC 2017


OTTO WG,

This is a very interesting DNS based Discovery proposal from Marcos 
Sanz.
   
https://git.freedom-id.de/DomainId/Documentation/src/master/draft-sanz-openid-dns-discovery-00.txt

Should we perhaps use DNS to publish federation metadata? Is that going 
too far... Instead of API's? In addition to API's? Or just for 
discovery?

In my slides, I referenced Ian Young's comment from our previous 
meeting:
“Exchanging metadata is analogous to DNS v. hosts files. But DNS is 
small--just an IP address--whereas the average SAML IDP metadata is 7k, 
and some may contain multiple certificates.”

But maybe there is no size limitation, and DNS really is the best way to 
do it...

Management of the data is much trickier in DNS... you can't just use 
JSON I guess. Or maybe you can... one also wonders if perhaps DNS format 
isn't just one more metadata format that could be rendered from the 
JSON-LD OTTO vocabulary.

- Mike


-------- Original Message --------
Subject: RE: Re: DNS-based OpenID Discovery
Date: 2017-10-05 09:13
 From: Marcos Sanz <sanz at denic.de>
To: Mike Schwartz <mike at gluu.org>

Hi Mike,

I've moved on and polished up:
  
https://git.freedom-id.de/DomainId/Documentation/src/master/draft-sanz-openid-dns-discovery-00.txt

Best,
Marcos


More information about the WG-OTTO mailing list