OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: SAML attributes for Kerberos

> Scott's proposal sounds very practical if it is reasonable for the
> parties to obtain the key in the way he suggests. Alternatively, use
> HTTP Negotiate and the K5 mechanism at the transport layer during the
> SP's request to the IdP in order to establish the key?

One issue with that would be the requirement for the SP to have a Kerberos
identity that it could use against the IdP. I don't think just shipping the
service ticket + key to the SP strictly requires that the SP itself have an
independent identity in Kerberos.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]