OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?

Proposed text:

1) For the table on Page 6 (Sec 3.2)
"A GSS wrapped Kerberos v5 AP_REQ as defined in the GSSAPI specification"

be replaced by

"A GSS-API Kerberos V5 mechanism token containing an KRB_AP_REQ message, 
as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. "

2) 2) For the text string in the Kerberos token profile,
"GSS wrapped AP_REQ"  (lines 162, 203,  205-206, 297)

be replaced by

"GSS-API framed KRB_AP_REQ token"

References:
------------
[1964]       J. Linn , The Kerberos Version 5 GSS-API Mechanism, RFC 
1964, June 1996.
[4121]       L, Zhu, K. Jaganathan, S. Hartman, The Kerberos Version 5 
Generic Security Service Application Program Interface (GSS-API) 
Mechanism: Version 2, RFC 4121, July 2005.

>
>
> The wrapped refers to a *GSSAPI* encapsulated Kerberos AP_REP as 
> opposed to a Kerberos AP_REP, so the references to Kerberos and to 
> GSSAPI cover these, if you don't think so, propose some wording as I 
> believe it covered.
>
> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
> Inactive hide details for Prateek Mishra 
> <prateek.mishra@oracle.com>Prateek Mishra <prateek.mishra@oracle.com>
>
>
>                         *Prateek Mishra <prateek.mishra@oracle.com>*
>
>                         09/08/2005 10:52 AM
>
> 	
>
> To
> 	
> wss@lists.oasis-open.org
>
> cc
> 	
> Pratik Datta <pratik.datta@oracle.com>
>
> Subject
> 	
> [wss] What is a GSS wrapped Kerberos v5 AP-REQ?
>
> 	
>
>
> The phrase "2005xx-wss-kerberos-token-profile-
> A GSS wrapped Kerberos v5 AP-REQ as
> defined in the GSSAPI specification." is used in the kerberos profile 
> draft.
>
> However, no reference is provided to support this term. I was not able
> to find a reference in the discussion trail either.
>
> Is RFC 1964 meant here?
>
> http://www.faqs.org/rfcs/rfc1964.html
>
> RFC 1964 describes a GSS_wrap method BUT I do not believe its use is
> meant here. This method is typically used to transmit data securely
> between client and server once a security context is established.
>
> The informal sense of this phrase suggests successful completion
> gss_init_sec_context() method, followed by use of the resulting security
> context object. If this is what was intended, we need to either point to
> a definition or provide one.
>
> - prateek
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in 
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]