An interesting RFC was recently published -
http://www.ietf.org/rfc/rfc3958.txt
I'd like to quote a part of the text:
"4.2. Service Discovery within a Domain
There are occasions when it is useful to be able to determine the
"authoritative" server for a given application service within a
domain. This is "discovery", as there is no a priori knowledge as to
whether or where the service is offered; it is therefore important to
determine the location and characteristics of the offered service.
For example, there is growing discussion of having a generic
mechanism for locating the keys or certificates associated with
particular application (servers) operated in (or for) a particular
domain."
Now in your mind replace the word "authoritative" with "authorization",
I think you get the picture...
P.S. This is pretty close to META-Auth header, except META-Auth is designed
for use directly in email with no extra lookup where as combination of
NAPTR and SRV records could easily replace it in dns and are a lot more
flexible (requiruing an extra dns lookup,but that maybe a necessaily evil
that mail systems can live with).
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net