OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Kerberos in Shibboleth?

Hi Scott,

Pardon the naive question [if you never put naive questions you will
continue being ignorant which is worse than being called naive]. :-)

You seem to be a very knowledgeable guy so what is your
comments to the additions of kerberos support in Internet
Explorer V6 with respect to Shibboleth?

AFAIK kerberos seems like a good way to authenticate to
the AA but would it really make sense for using it with
RPs as well?  Does not the PKI-bindings do the work you and SAML

Or can kerberos cure then MITM-attack problem inherent in
SAML and Shibboleth?  Without requiring additional OOB-
key information?

To me (working with authentication of "representatives" from
an organization to another organization) it seems not like
universally good idea.  But I'm not a kerberos-expert either...


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC