On Fri, 2015-11-27 at 13:52 +0100, Martin Babinsky wrote: > On 11/27/2015 01:39 PM, Jan Cholasta wrote: > > On 27.11.2015 13:10, Petr Vobornik wrote: > >> On 11/27/2015 12:46 PM, Petr Spacek wrote: > >>> On 27.11.2015 09:00, Jan Cholasta wrote: > >>>> On 27.11.2015 08:33, Martin Kosek wrote: > >>>>> On 11/27/2015 07:05 AM, Jan Cholasta wrote: > >>>>>> On 26.11.2015 17:15, Petr Vobornik wrote: > >>>>>>> New topology management gives names to managed suffixes: > >>>>>>> > >>>>>>> ipaca: o=ipaca > >>>>>>> realm: dc=example,dc=com > >>>>>>> > >>>>>>> We already had several offline discussions to change the names > >>>>>>> because > >>>>>>> they could be better. It would be difficult to change them after > >>>>>>> release > >>>>>>> of 4.3. > >>>>>>> > >>>>>>> New proposals: > >>>>>>> ca for o=ipaca > >>>>>>> domain for dc=example,dc=com > >>>>>>> > >>>>>>> What do you think? > >>>>>> > >>>>>> +1 > >>>>> > >>>>> ca is probably fine. Domain also, although the original realm name > >>>>> is OK > >>>>> with me too, domain has too many meanings and can be confused with DNS > >>>>> domain. > >>>> > >>>> Realm is too Kerberos-specific. The names are visible only in topology > >>>> context, so I don't think it would be confusing. When you say "the > >>>> domain > >>>> suffix", it describes the suffix pretty correctly IMHO. > >>> > >>> Here I agree with Martin that domain is too overloaded term, so I > >>> would prefer > >>> realm or so. > >>> > >>> Also, I do not think that 'Realm is too Kerberos-specific' is a valid > >>> argument > >>> because 'domain is too DNS-centric' :-) > >>> > >> > >> I guess we could find arguments for both 'domain' and 'realm'. :) I > >> don't have strong opinions on any. > >> > >> Actually, DN of the suffix consist of several 'DC' RDNs. DC is an > >> initialism of "domain component". Several components create a domain so > >> domain is correct ;) > > > > "Domain" is also used by AD and in our documentation IIRC. > > > We also have "domain levels" and not "realm levels" and IPA domain level > has very little to do with DNS.
We should use the word "realm" only when dealing specifically with the Kerberos component. MOst people think of "domains" and "domain controllers", for good or bad that's the terminology people kind of standardized on. If we do not like domain I would see acceptable to use: - Ca Tree - Identity Tree Not sure that this is very accurate either and maybe too long. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
