[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?
I agree with Prateek that GSS_Wrap (a message protection operation, applied once a GSS security context has been established) doesn't appear to be the intent here. Instead, I believe the phrase "GSS wrapped" is being used to describe the GSS-API token framing (used to tag an enclosed token with an identifier in order to indicate a particular mechanism), as defined in the GSS-API RFCs and restated in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. --jl -----Original Message----- From: Prateek Mishra [mailto:prateek.mishra@oracle.com] Sent: Thursday, September 08, 2005 11:52 AM To: wss@lists.oasis-open.org Cc: Pratik Datta Subject: [wss] What is a GSS wrapped Kerberos v5 AP-REQ? The phrase "2005xx-wss-kerberos-token-profile- A GSS wrapped Kerberos v5 AP-REQ as defined in the GSSAPI specification." is used in the kerberos profile draft. However, no reference is provided to support this term. I was not able to find a reference in the discussion trail either. Is RFC 1964 meant here? http://www.faqs.org/rfcs/rfc1964.html RFC 1964 describes a GSS_wrap method BUT I do not believe its use is meant here. This method is typically used to transmit data securely between client and server once a security context is established. The informal sense of this phrase suggests successful completion gss_init_sec_context() method, followed by use of the resulting security context object. If this is what was intended, we need to either point to a definition or provide one. - prateek --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]