[Openid-specs-ab] Discovery for hosted domains using domain prefixes

Mike Jones Michael.Jones at microsoft.com
Fri Sep 21 00:47:11 UTC 2012


Hi guys,

One idea we've been kicking around to enable discovery for hosted domains is using a specific domain prefix in cases where writing a .well-known file into the root of the hosted domain is inconvenient/impossible.  So for instance, rather than doing Simple Web Discovery at:
               https://example.com/.well-known/simple-web-discovery
one might fall back to (or start with)
               https://simple-web-discovery.example.com/.well-known/simple-web-discovery

Then, rather than having to create a file in the domain root to do discovery, instead one could create a DNS record pointing to a hosted SWD service.  This is logically no harder than creating a DNS record for other domains such as www.example.com or mail.example.com.

First, what are your thoughts about that possible approach?  It may be easier to widely deploy than approaches that rely on DNS SRV records, for instance.

The one hesitation we've discussed is that just because you have a certificate for example.com, that doesn't necessarily make it easy to create a certificate for simple-web-discovery.example.com.  Do any of you have an experience with SSL certificates for subdomains?  Do any of your services presently use them?  And if so, how are they created/managed?

Your thoughts would be greatly appreciated.

                                                            Thanks,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120921/c6bb404c/attachment-0001.html>


More information about the Openid-specs-ab mailing list