[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token Profile andRFC1510 vs RFC 4120
Martin, Does the Krb5 token profile require that 1.1 message senders set the wsse:TokenType attribute in STR values? Note that in lines 924 to 928 of the core we recommended that use of the Reference:ValueType attribute to identify the type of a referenced token be discontinued (and that new profiles should employ the TokenType attribute for this purpose). we expect that this may be an evolutionary process, where for some time, the ValueType attribute may continue to be used in addition to the TokenType attribute. Since the KrB5 profile is being standardized by 1.1, it would seem that we could do without specifying new values to be included in ValuType, and that these new token type identifying values could and should be introduced as TokenType values. Ron Martin Gudgin wrote: > Having surveyed the vast array of interop participants I believe we have > two possible courses of action; > > > 1. Do nothing. > > 2. Update the Kerberos Token Profile by making the following > changes; > > a) Add a reference to RFC4120 to Section 5. > > b) Add 4 URIs to the table in Section 3.2 as follows > > URI: > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p > rofile-1.1#Kerberosv5_AP_REQ1510 > Description: Kerberos v5 AP-REQ as defined in RFC1510. This ValueType is > used when the ticket is an AP Request per RFC1510 > > URI: > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p > rofile-1.1#GSS_Kerberosv5_AP_REQ1510 > Description: A GSS wrapped Kerberos v5 AP-REQ as defined in the GSSAPI > specification. This ValueType is used when the ticket is an AP Request > (ST + Authenticator) per RFC1510. > > URI: > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p > rofile-1.1#Kerberosv5_AP_REQ4120 > Description: Kerberos v5 AP-REQ as defined in RFC4120. This ValueType is > used when the ticket is an AP Request per RFC4120 > > URI: > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p > rofile-1.1#GSS_Kerberosv5_AP_REQ4120 > Description: A GSS wrapped Kerberos v5 AP-REQ as defined in the GSSAPI > specification. This ValueType is used when the ticket is an AP Request > (ST + Authenticator) per RFC4120. > > c) Amend the descriptions of the first URI currently in Section > 3.2 as follows; > > URI: > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerberos-token-p > rofile-1.1#Kerberosv5_AP_REQ > Description: Kerberos v5 AP-REQ as defined in either RFC1510 and > RFC4120. This ValueType is used when the ticket is an AP Request. > > > Regards > > Gudge > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > --
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]