[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Action Item 2005-08-23-01: Kerberos Token Profile and RFC1510 vs RFC 4120
> -----Original Message----- > From: ronald monzillo [mailto:Ronald.Monzillo@Sun.COM] > Sent: 20 September 2005 16:30 > To: Martin Gudgin > Cc: Ronald.Monzillo@Sun.COM; wss@lists.oasis-open.org > Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token > Profile and RFC1510 vs RFC 4120 > > > > Martin Gudgin wrote On 09/20/05 10:42,: > > Ron, > > > > Sorry, I've just found this... I think I agree that we need to say > > something about wsse11:TokenType. > > > > Regarding whether we define values for ValueType, I think > it depends on > > whether you think 1.1 token types can be used with WSS 1.0. > > > thanks - If necessary, I am OK with senders being required to specify > ValueType in addition to TokenType (for this profile) I think my point was that a 1.0 sender might want to use the Kerberos token. Such a sender would not know about wsse11:TokenType. Gudge > > Ron > > Gudge > > > > > >>-----Original Message----- > >>From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] > >>Sent: 06 September 2005 09:16 > >>To: Martin Gudgin > >>Cc: wss@lists.oasis-open.org > >>Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token > >>Profile and RFC1510 vs RFC 4120 > >> > >>Martin, > >> > >>Does the Krb5 token profile require that 1.1 message senders set the > >>wsse:TokenType attribute in STR values? > >> > >>Note that in lines 924 to 928 of the core we recommended that use of > >>the Reference:ValueType attribute to identify the type of a > referenced > >>token be discontinued (and that new profiles should employ > >>the TokenType > >>attribute for this purpose). > >> > >>we expect that this may be an evolutionary process, where for > >>some time, > >>the ValueType attribute may continue to be used in addition to the > >>TokenType attribute. > >> > >>Since the KrB5 profile is being standardized by 1.1, it would > >>seem that > >>we could do without specifying new values to be included in > ValuType, > >>and that these new token type identifying values could and should be > >>introduced as TokenType values. > >> > >>Ron > >> > >> > >> > >>Martin Gudgin wrote: > >> > >>>Having surveyed the vast array of interop participants I > >> > >>believe we have > >> > >>>two possible courses of action; > >>> > >>> > >>>1. Do nothing. > >>> > >>>2. Update the Kerberos Token Profile by making the following > >>>changes; > >>> > >>> a) Add a reference to RFC4120 to Section 5. > >>> > >>> b) Add 4 URIs to the table in Section 3.2 as follows > >>> > >>>URI: > >>> > >> > >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > >>os-token-p > >> > >>>rofile-1.1#Kerberosv5_AP_REQ1510 > >>>Description: Kerberos v5 AP-REQ as defined in RFC1510. This > >> > >>ValueType is > >> > >>>used when the ticket is an AP Request per RFC1510 > >>> > >>>URI: > >>> > >> > >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > >>os-token-p > >> > >>>rofile-1.1#GSS_Kerberosv5_AP_REQ1510 > >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in > >> > >>the GSSAPI > >> > >>>specification. This ValueType is used when the ticket is an > >> > >>AP Request > >> > >>>(ST + Authenticator) per RFC1510. > >>> > >>>URI: > >>> > >> > >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > >>os-token-p > >> > >>>rofile-1.1#Kerberosv5_AP_REQ4120 > >>>Description: Kerberos v5 AP-REQ as defined in RFC4120. This > >> > >>ValueType is > >> > >>>used when the ticket is an AP Request per RFC4120 > >>> > >>>URI: > >>> > >> > >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > >>os-token-p > >> > >>>rofile-1.1#GSS_Kerberosv5_AP_REQ4120 > >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in > >> > >>the GSSAPI > >> > >>>specification. This ValueType is used when the ticket is an > >> > >>AP Request > >> > >>>(ST + Authenticator) per RFC4120. > >>> > >>> c) Amend the descriptions of the first URI currently in Section > >>>3.2 as follows; > >>> > >>>URI: > >>> > >> > >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > >>os-token-p > >> > >>>rofile-1.1#Kerberosv5_AP_REQ > >>>Description: Kerberos v5 AP-REQ as defined in either RFC1510 and > >>>RFC4120. This ValueType is used when the ticket is an AP Request. > >>> > >>> > >>>Regards > >>> > >>>Gudge > >>> > >>> > >> > >>------------------------------------------------------------ > --------- > >> > >>>To unsubscribe from this mail list, you must leave the > OASIS TC that > >>>generates this mail. You may a link to this group and all > >> > >>your TCs in OASIS > >> > >>>at: > >>> > >> > >>https://www.oasis-open.org/apps/org/workgroup/portal/my_work > groups.php > >> > >>-- > >> > >> > >> > > > > > > > --------------------------------------------------------------------- > > To unsubscribe from this mail list, you must leave the OASIS TC that > > generates this mail. You may a link to this group and all > your TCs in OASIS > > at: > > > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > -- > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]