OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Kerberos ?


 
I apologize beforehand if I am a little off topic :

We're putting together a prototype to use SAML for general attribute
based access control (ABAC) across multiple platforms with both COTS and
custom applications. I don't want to say single sign-on (SSO) or even
reduced sign on (RSO), but this is the first step towards that vision. 

Unfortunately, we have a changing, very heterogeneous environment that
requires support of software and products which spans 40 years in the
past, and could span to 40 years in the future (I plan to be retired,
before the completion of the lifecycle.)

Because of this requirement for extreme support of legacy, current, and
future systems, I am getting into religious battles of Kerberos vs.
SAML. The point that I have made is that SAML supports Kerberos. The
counterpoint is why add the complexity?

So my questions are: What are the similarities and advantages of SAML
over Kerberos?
			   When is Kerberos more advantageous ?
			   When would I prefer Not to use Kerberos, if
possible?
			   Are there any issues with the Microsoft
implementation?

			   Are there any reference links or other groups
that may help with 				these questions?

Thanks,
Hank Simon


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]