wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [wss] What is a GSS wrapped Kerberos v5 AP-REQ?
- From: Anthony Nadalin <drsecure@us.ibm.com>
- To: Prateek Mishra <prateek.mishra@oracle.com>
- Date: Fri, 9 Sep 2005 21:48:13 -0500
Prateek,
The wrapped refers to a GSSAPI encapsulated Kerberos AP_REP as opposed to a Kerberos AP_REP, so the references to Kerberos and to GSSAPI cover these, if you don't think so, propose some wording as I believe it covered.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Prateek Mishra <prateek.mishra@oracle.com>
Prateek Mishra <prateek.mishra@oracle.com>
09/08/2005 10:52 AM
|
|
The phrase "2005xx-wss-kerberos-token-profile-
A GSS wrapped Kerberos v5 AP-REQ as
defined in the GSSAPI specification." is used in the kerberos profile draft.
However, no reference is provided to support this term. I was not able
to find a reference in the discussion trail either.
Is RFC 1964 meant here?
http://www.faqs.org/rfcs/rfc1964.html
RFC 1964 describes a GSS_wrap method BUT I do not believe its use is
meant here. This method is typically used to transmit data securely
between client and server once a security context is established.
The informal sense of this phrase suggests successful completion
gss_init_sec_context() method, followed by use of the resulting security
context object. If this is what was intended, we need to either point to
a definition or provide one.
- prateek
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
