Sub-domain per Entity
cantor.2 at osu.edu
Mon Feb 25 13:26:45 EST 2013
> Thanks, Scott. It's important that the URL's be separate so that we can
> automatically determine each user's tenant ID based on the URL. Given
> that fact, what would be a better way to configure it?
There isn't one, really. We need signed requests in place of URL registration, but getting that supported at scale will take years.
I suppose one answer is to punt worrying about the security implications of a common domain. Given that a truly federated service shouldn't be doing discovery based on URL anyway, the trend would be to have unified domains. The segregated domain thing breaks down horribly as soon as you federate a resource to multiple clients. Google docs, Box, etc. have horrible user experiences because they're domain-based silos.
But in terms of actually deploying across thousands of domains, this isn't a great software solution for that problem. It wasn't a goal.
More information about the users