[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?
Proposed text: 1) For the table on Page 6 (Sec 3.2) "A GSS wrapped Kerberos v5 AP_REQ as defined in the GSSAPI specification" be replaced by "A GSS-API Kerberos V5 mechanism token containing an KRB_AP_REQ message, as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. " 2) 2) For the text string in the Kerberos token profile, "GSS wrapped AP_REQ" (lines 162, 203, 205-206, 297) be replaced by "GSS-API framed KRB_AP_REQ token" References: ------------ [1964] J. Linn , The Kerberos Version 5 GSS-API Mechanism, RFC 1964, June 1996. [4121] L, Zhu, K. Jaganathan, S. Hartman, The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2, RFC 4121, July 2005. > > > The wrapped refers to a *GSSAPI* encapsulated Kerberos AP_REP as > opposed to a Kerberos AP_REP, so the references to Kerberos and to > GSSAPI cover these, if you don't think so, propose some wording as I > believe it covered. > > Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 > Inactive hide details for Prateek Mishra > <prateek.mishra@oracle.com>Prateek Mishra <prateek.mishra@oracle.com> > > > *Prateek Mishra <prateek.mishra@oracle.com>* > > 09/08/2005 10:52 AM > > > > To > > wss@lists.oasis-open.org > > cc > > Pratik Datta <pratik.datta@oracle.com> > > Subject > > [wss] What is a GSS wrapped Kerberos v5 AP-REQ? > > > > > The phrase "2005xx-wss-kerberos-token-profile- > A GSS wrapped Kerberos v5 AP-REQ as > defined in the GSSAPI specification." is used in the kerberos profile > draft. > > However, no reference is provided to support this term. I was not able > to find a reference in the discussion trail either. > > Is RFC 1964 meant here? > > http://www.faqs.org/rfcs/rfc1964.html > > RFC 1964 describes a GSS_wrap method BUT I do not believe its use is > meant here. This method is typically used to transmit data securely > between client and server once a security context is established. > > The informal sense of this phrase suggests successful completion > gss_init_sec_context() method, followed by use of the resulting security > context object. If this is what was intended, we need to either point to > a definition or provide one. > > - prateek > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]