RE: [wss] Groups - wss-kerberos-interop.doc uploaded

["Martin Gudgin" <mgudgin@microsoft.com>]

Ramana,

I *think* Rich has made a similar comment. I'm thinking about how to
modify the doc accordingly...

Do Oracle plan on participating in the interop event?

Cheers

Gudge

> -----Original Message-----
> From: Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com] 
> Sent: 08 December 2004 16:45
> To: Martin Gudgin; Rich Salz
> Cc: wss@lists.oasis-open.org; Ken Ballou
> Subject: Re: [wss] Groups - wss-kerberos-interop.doc uploaded
> 
> Martin,
> 
> I am still not sure why the second interop case is required. 
> I am thinking
> that the interop focus is on how to transport keberos AP_REQ 
> within the
> security header ans sign some elements using shared session 
> key. Both these
> scenarios, when you look at on the wire packets do exactly 
> the same thing.
> Isn't getting a AP_REQ from Responder's KDC as opposed to 
> Requestor's KDC
> out side the scope of the interop?
> 
> /t$r
> (Ramana Turlapati)
> 
> ----- Original Message ----- 
> From: "Martin Gudgin" <mgudgin@microsoft.com>
> To: "Rich Salz" <rsalz@datapower.com>
> Cc: <wss@lists.oasis-open.org>; "Ken Ballou" <krb@datapower.com>
> Sent: Monday, November 22, 2004 2:43 AM
> Subject: RE: [wss] Groups - wss-kerberos-interop.doc uploaded
> 
> 
> 
> 
> > -----Original Message-----
> > From: Rich Salz [mailto:rsalz@datapower.com]
> > Sent: 18 November 2004 02:28
> > To: ageller@microsoft.com
> > Cc: wss@lists.oasis-open.org; Ken Ballou
> > Subject: Re: [wss] Groups - wss-kerberos-interop.doc uploaded
> >
> > > Detailed Kerberos interop scenarios
> >
> > Some folks here took a look at this.
> 
> Thanks for the feedback.
> 
> >
> > We understand that only using a single realm makes things
> > simpler; it may
> > in fact reflect the most common use pattern.  Unless the interop is
> > on-site, however, this is going to cause issues as few 
> firewalls will
> > allow UDP traffic.
> 
> I think we were planning to put up a server outside our firewall for
> this interop event.
> 
> >
> > The primary difference between the two scenarios is who
> > "owns" the KDC;
> > this makes sense.  Unfortunately, the phrase used is
> > "manufactured" which
> > doesn't make sense, as it would seem to prevent a broad class of
> > vendors, as well as those running the MIT reference
> > implementation, from
> > participating.  Perhaps "run by" is a better word?
> 
> I'll amend the doc.
> 
> Thanks again,
> 
> Gudge
> 
> 
> >
> > /r$
> >
> > -- 
> > Rich Salz                  Chief Security Architect
> > DataPower Technology       http://www.datapower.com
> > XS40 XML Security Gateway  
> http://www.datapower.com/products/xs40.html
> > XML Security Overview
> > http://www.datapower.com/xmldev/xmlsecurity.html
> >
> >
> > To unsubscribe from this mailing list (and be removed from
> > the roster of the OASIS TC), go to
> > http://www.oasis-open.org/apps/org/workgroup/wss/members/leave
> _workgroup.php.
> >
> >
> 
> To unsubscribe from this mailing list (and be removed from 
> the roster of the
> OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/wss/members/leave
> _workgroup.php.
> 
> 
>