Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-comment] Comments on Kerberos Token Profile 1.1 draft 07
>The TC seems to have responded by adding a plethora of choices.
There are folks that will use the GSS-API and folks that will use raw Kerberos, so we responded and support both, so I guess I don't understand your issue now unless you only want GSS-API and that approach was not accepted by the TC.
>I'm also still very curious as to how Kerberos V session keys are used or how AP-REQ and/or GSS initial context >tokens are bound to session protection provided by other layers.
The session keys from the Kerberos Token Profile are not used by or bound to other session layers.
>Also, I'd appreciate a pointer to the complete set of OASIS documents (i.e., not including W3C or IETF docs) one >must read in order to perform a security analysis of this profile.
Not sure what you mean by "perform a security analysis of this profile" but since you have seem to have read the profile you will see a reference section, you can start with these and if you find that there are missing references please send a comment back to this list.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Nicolas Williams <Nicolas.Williams@Sun.COM>
12/06/2005 05:31 PM |
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]