OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?

I agree with Prateek that GSS_Wrap (a message protection operation,
applied once a GSS security context has been established) doesn't appear
to be the intent here.  Instead, I believe the phrase "GSS wrapped" is
being used to describe the GSS-API token framing (used to tag an
enclosed token with an identifier in order to indicate a particular
mechanism), as defined in the GSS-API RFCs and restated in RFC-1964,
Sec. 1.1 and its successor RFC-4121, Sec. 4.1. 


-----Original Message-----
From: Prateek Mishra [mailto:prateek.mishra@oracle.com] 
Sent: Thursday, September 08, 2005 11:52 AM
To: wss@lists.oasis-open.org
Cc: Pratik Datta
Subject: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?

The phrase "2005xx-wss-kerberos-token-profile-
A GSS wrapped Kerberos v5 AP-REQ as
defined in the GSSAPI specification." is used in the kerberos profile

However, no reference is provided to support this term. I was not able 
to find a reference in the discussion trail either.

Is RFC 1964 meant here?


RFC 1964 describes a GSS_wrap method BUT I do not believe its use is 
meant here. This method is typically used to transmit data securely 
between client and server once a security context is established.

The informal sense of this phrase suggests successful completion 
gss_init_sec_context() method, followed by use of the resulting security

context object. If this is what was intended, we need to either point to

a definition or provide one.

- prateek

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]