IDN names for servers
Christopher Bongaarts
cab at umn.edu
Tue Nov 13 11:09:55 EST 2012
On 11/12/2012 3:45 PM, Cantor, Scott wrote:
> On 11/12/12 4:38 PM, "Christopher Bongaarts" <cab at umn.edu> wrote:
>
>> I have an SP that is planning to use an internationalized domain name
>> (cyrillic characters).dept.umn.edu for their server. Any special
>> concerns about this? Do they need an extra set of endpoints for the
>> punycode version of the hostname? Will either server choke on it?
>> Anyone actually tried it?
>
> I think some older bugs were found by somebody who tried it, so I suspect
> it mostly works now, but I've never tried it myself.
>
> All I can say about the endpoints is that you need the endpoints that your
> clients will use. If that includes punycode, then so be it, but there's
> nothing special about it.
I didn't see anything specific about matching rules for Location URLs in
the SAML2 Metadata and Bindings specs, so I presume that that is left to
the underlying URI RFCs' equivalence rules.
IIRC the IDNA URI matching rules specify that the URLs match iff the
punycode versions match.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list