OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed Agenda for SSTC Call (29 June 2010)

>>> Secondly, Scott has deployers who want to implement this.  We're not
>>> sure what the use cases with the APREQ are, but the customer demand
>>> that Scott has is for passing actual Kerberos credentials in an
>>> attribute, and he doesn't know how that is best done.
>> By "credential", do we mean "ticket"? If so, that's the point of the
>> AP_REQ message. The AP_REQ is the ticket + authenticator.
> I don't want to speak for CMU, but what we were told is that the  
> normal
> thing to do is to transfer the tickets in some standard format, and  
> then the
> receiver of that can produce new AP_REQ messages as needed.

Do you have any more information about this use-case? A Kerberos  
ticket is always transported in a Kerberos message. I'm sure that  
there's an appropriate message to use for their use-case, and we can  
trivially modify the schema to support that, but given the context  
it's not obvious what that message type should be.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]