wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token Profile and RFC1510 vsRFC 4120
- From: Anthony Nadalin <drsecure@us.ibm.com>
- To: "Martin Gudgin" <mgudgin@microsoft.com>
- Date: Mon, 5 Sep 2005 11:26:25 -0500
So profile states:
"Kerberos tokens are attached to SOAP messages using WSS: SOAP Message Security by using the <wsse:BinarySecurityToken> described in WSS: SOAP Message Security. When using this element, the @ValueType attribute MUST be specified. This specification defines two values for this token as defined in the table below:"
So I assume that 4120 URIs are optional and that one MUST be able t implement one of the 2 1510 URIs
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Martin Gudgin" <mgudgin@microsoft.com>
"Martin Gudgin" <mgudgin@microsoft.com>
09/05/2005 08:16 AM
|
|
Having surveyed the vast array of interop participants I believe we have
two possible courses of action;
1. Do nothing.
2. Update the Kerberos Token Profile by making the following
changes;
a) Add a reference to RFC4120 to Section 5.
b) Add 4 URIs to the table in Section 3.2 as follows
URI:
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p
rofile-1.1#Kerberosv5_AP_REQ1510
Description: Kerberos v5 AP-REQ as defined in RFC1510. This ValueType is
used when the ticket is an AP Request per RFC1510
URI:
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p
rofile-1.1#GSS_Kerberosv5_AP_REQ1510
Description: A GSS wrapped Kerberos v5 AP-REQ as defined in the GSSAPI
specification. This ValueType is used when the ticket is an AP Request
(ST + Authenticator) per RFC1510.
URI:
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p
rofile-1.1#Kerberosv5_AP_REQ4120
Description: Kerberos v5 AP-REQ as defined in RFC4120. This ValueType is
used when the ticket is an AP Request per RFC4120
URI:
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p
rofile-1.1#GSS_Kerberosv5_AP_REQ4120
Description: A GSS wrapped Kerberos v5 AP-REQ as defined in the GSSAPI
specification. This ValueType is used when the ticket is an AP Request
(ST + Authenticator) per RFC4120.
c) Amend the descriptions of the first URI currently in Section
3.2 as follows;
URI:
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p
rofile-1.1#Kerberosv5_AP_REQ
Description: Kerberos v5 AP-REQ as defined in either RFC1510 and
RFC4120. This ValueType is used when the ticket is an AP Request.
Regards
Gudge
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
