[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Drafts for review: Kerberos & SAML profiles
Thomas Hardjono wrote on 2009-06-29: > Attached is another document that belongs with the recent set of > Kerberos-related documents. We hope it can provide some background to the > other 3 docs that Josh sent out last week. Am I misreading this, or is Step-2 in section 6.3 described incorrectly? It says "The IdP Attribute Authority processes the query, and in-turn sends a S4U2proxy request to the TGS within the KDC. This is in essence a request for a Kerberos service-ticket to itself (i.e. to the IdP) on behalf of the Client Principal (i.e. user)." From the description of S4U2proxy earlier in the document, shouldn't that be "a request for a Kerberos service-ticket to the Kerberized mail-server"? -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]