OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Minutes for Telecon, Tuesday 8 June 2004


Tim et al,

This is the text that will appear in the next draft of the 
Authentication Context Specification, regarding the dissemination of 
Kerberos pre-authentication  information by the KDC:


It is possible for the authentication authority to indicate (via this 
context class) any pre-authentication method used by the Kerberos Key 
Distribution Center (see [RFC1510]) in authenticating the Principal. How 
the authentication authority obtains this information is outside of the 
scope of this specification, but it is strongly recommended that a 
trusted method be deployed to pass the pre-authentication type and any 
other Kerberos related context details to the authentication authority.


Does that look OK?

Cheers,

- JohnK

ext Tim Alsop wrote:

>John,
>
>Thanks, yes of course I will be keen to review/help.
>
>Tim.
>
>-----Original Message-----
>From: John Kemp [mailto:john.kemp@nokia.com] 
>Sent: 09 June 2004 06:00
>To: Tim Alsop; john.kemp@nokia.com;
>security-services@lists.oasis-open.org; sanderson@opennetwork.com
>Subject: RE: [security-services] Minutes for Telecon, Tuesday 8 June
>2004
>
>Tim,
>
>I believe the AI is actually for me to massage the text proposal you put
>on the list and put it into the appropriate place in the authentication
>context document - your review is, of course, welcomed.
>
>- JohnK
>
>
>
>))) Message sent using Nokia Access Mobilizer --
>www.nokia.com/accessmobilizer (((
>
>--- Original Message ---
>From: ext Tim Alsop <Tim.Alsop@CyberSafe.Ltd.UK>
>To: "oasis sstc (E-mail)" <security-services@lists.oasis-open.org>,
>Steve Anderson <sanderson@opennetwork.com>
>Date: Tue Jun 08  13:41:58 CDT 2004
>Subject: RE: [security-services] Minutes for Telecon, Tuesday 8 June
>2004
>
>
>All,
>
>Reference my name, and a possible AI assignment in the agenda :
>
>-----
>E) Kerberos profile:
>
>Prateek: Did the mailing list discussion end with a conclusion?
>
>Scott: It seems that there is nothing in the Kerb protocol that can
>carry the kerb preauth data, so in general there is no way to derive
>sophisticated authentication contexts just from a service ticket. Either
>authn context document (or perhaps the kerb profile doc) should discuss
>how preauth could be reflected in the authn context
>
>Unknown: the authn context document should specify that the relevant
>data should be obtained securely.
>
>John K: Rough proposal contained in the last message on the thread
>(message June 2004 #43)
>
>Scott: suggests just taking the first part of the proposed text; tone
>down the part that proposes changes to the KDC
>
>Missed: is John K going to update authn context, or did we nominate Tim
>in absentia?
>
>Tim> I am quite happy to take on this AI, but I need somebody to first
>explain what they expect me to do, and what I am agreeing to ? I am also
>sorry I was not able to take part in second half of con call today so I
>missed this discussion.
>
>Thanks, Tim.
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
>the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/security-services/members/l
>eave_workgroup.php.
>
>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.
>
>
>  
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]