[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes for Telecon, Tuesday 8 June 2004
Tim et al, This is the text that will appear in the next draft of the Authentication Context Specification, regarding the dissemination of Kerberos pre-authentication information by the KDC: It is possible for the authentication authority to indicate (via this context class) any pre-authentication method used by the Kerberos Key Distribution Center (see [RFC1510]) in authenticating the Principal. How the authentication authority obtains this information is outside of the scope of this specification, but it is strongly recommended that a trusted method be deployed to pass the pre-authentication type and any other Kerberos related context details to the authentication authority. Does that look OK? Cheers, - JohnK ext Tim Alsop wrote: >John, > >Thanks, yes of course I will be keen to review/help. > >Tim. > >-----Original Message----- >From: John Kemp [mailto:john.kemp@nokia.com] >Sent: 09 June 2004 06:00 >To: Tim Alsop; john.kemp@nokia.com; >security-services@lists.oasis-open.org; sanderson@opennetwork.com >Subject: RE: [security-services] Minutes for Telecon, Tuesday 8 June >2004 > >Tim, > >I believe the AI is actually for me to massage the text proposal you put >on the list and put it into the appropriate place in the authentication >context document - your review is, of course, welcomed. > >- JohnK > > > >))) Message sent using Nokia Access Mobilizer -- >www.nokia.com/accessmobilizer ((( > >--- Original Message --- >From: ext Tim Alsop <Tim.Alsop@CyberSafe.Ltd.UK> >To: "oasis sstc (E-mail)" <security-services@lists.oasis-open.org>, >Steve Anderson <sanderson@opennetwork.com> >Date: Tue Jun 08 13:41:58 CDT 2004 >Subject: RE: [security-services] Minutes for Telecon, Tuesday 8 June >2004 > > >All, > >Reference my name, and a possible AI assignment in the agenda : > >----- >E) Kerberos profile: > >Prateek: Did the mailing list discussion end with a conclusion? > >Scott: It seems that there is nothing in the Kerb protocol that can >carry the kerb preauth data, so in general there is no way to derive >sophisticated authentication contexts just from a service ticket. Either >authn context document (or perhaps the kerb profile doc) should discuss >how preauth could be reflected in the authn context > >Unknown: the authn context document should specify that the relevant >data should be obtained securely. > >John K: Rough proposal contained in the last message on the thread >(message June 2004 #43) > >Scott: suggests just taking the first part of the proposed text; tone >down the part that proposes changes to the KDC > >Missed: is John K going to update authn context, or did we nominate Tim >in absentia? > >Tim> I am quite happy to take on this AI, but I need somebody to first >explain what they expect me to do, and what I am agreeing to ? I am also >sorry I was not able to take part in second half of con call today so I >missed this discussion. > >Thanks, Tim. > > > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/security-services/members/l >eave_workgroup.php. > > > > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php. > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]