[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Issues and proposed edits to Kerberos 'Whatever' document
So far few changes due to complete lack of comments. I do not propose to cycle the draft until after the title vote result is announced. Issue [K1] Lines 116, 120 state 'the value of the xx key is the value of the Kerberos shared secret' Questions; 1) Is this correct terminology Kerberos wise? 2) Does this result in the same key being used for different messages? 3) Should we add a mandatory random XOR value to the spec to be used to freshen the key? Issue [K2] Line 125 I believe that we should address the use of Kerberos tickets as a source of authorization information - this will make the reading of the XrML and SAML tokens much easier. What components of a Kerberos ticket might be used as a source of Authorization data - i.e. providing attributes beyond strict identity. Windows NT uses attributes for an extended unique identifier, are there instances of extensions being used for other purposes such as specifying group membership, roles etc? Issue [K3] What are the issues involved when a ticket granting ticket is used? it it appropriate to use a ticket granting ticket in this way for any purpose other than obtaining another ticket? Misc edits Lines 2, 3, 4, 6, 160 Misc editorial version changes Update title to comply with vote Line 71: 2.3 Terminology Ticket Granting Ticket Service Ticket
Attachment:
smime.p7s
Description: application/pkcs7-signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC