OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - draft-sstc-solution-profile-kerb eros-04.sxw uploaded

Title: RE: [security-services] Groups - draft-sstc-solution-profile-kerberos-04.sxw uploaded
I'd like to raise a few points regarding this document. 
It's unclear to me why two new profiles (Browser/Artifact Kerberos and Browser/POST Kerberos) need to be defined, rather than describing how to use existing profiles with Kerberos authentication technology.  Generally, I think it's appropriate to seek a model where profiles can be independent of authentication mechanism choices, and can be augmented by specific discussions of the relatively few mechanism-specific characteristics, rather than replicating and separately maintaining the general profile descriptions (which are at least largely invariant) for each mechanism with which the profile may be used.
At line 494, it seems inappropriate to describe an expired Informational status Internet-Draft under the heading of "standards ... available to authenticate a user", or, later, to cite it as a normative reference.  Is there an expectation that this document will be published on the IETF standards track, or as any form of RFC?
I believe that some clarification would be helpful in Sec. 4.3.1.  As it stands, the phrasing ("The Kerberos protocol can then be used to ... Requesting SAML Assertions") can be read to suggest that RFCs 2743 and 1964 will be used directly as a method to acquire SAML assertions, but the Kerberos GSS mechanism is unaware of SAML.  Rather than defining a SAML-aware Kerberos GSS mechanism, I assume that the intent is to establish a security context using Kerberos, and then to use that channel to carry assertion requests and responses.   
-----Original Message-----
From: Tim Alsop [mailto:Tim.Alsop@CyberSafe.Ltd.UK]
Sent: Monday, March 15, 2004 9:46 AM
To: security-services@lists.oasis-open.org
Cc: Tim Alsop
Subject: RE: [security-services] Groups - draft-sstc-solution-profile-kerb eros-04.sxw uploaded


As you will notice from the email below we (John and I) have completed the draft-04 version of the Kerberos Solution Profile documentation. We believe this version is ready to be merged into the normative documents (core, bindings, etc.) so that further work on Kerberos support in SAML 2.0 can then be progressed.

Thanks, Tim.

-----Original Message-----
From: Tim.Alsop@cybersafe.ltd.uk [mailto:Tim.Alsop@cybersafe.ltd.uk]
Sent: 15 March 2004 15:00
To: security-services@lists.oasis-open.org
Subject: [security-services] Groups - draft-sstc-solution-profile-kerberos-04.sxw uploaded

The document draft-sstc-solution-profile-kerberos-04.sxw has been submitted by Tim Alsop (Tim.Alsop@CyberSafe.Ltd.UK) to the OASIS Security Services TC document repository.

Document Description:
Kerberos Solution Profile - including Kerberos profiles, bindings and technical overview content.

Download Document: 

View Document Details:

PLEASE NOTE:  If the above links do not work for you, your email application may be breaking the link into two pieces.  You may be able to copy and paste the entire link address into the address field of your web browser.

To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]