Re: GGF evidently needs stackable pseudo-mechs

To: Von Welch <vwelch at ncsa.uiuc.edu>
Subject: Re: GGF evidently needs stackable pseudo-mechs
From: Jeffrey Altman <jaltman at columbia.edu>
Date: Thu, 21 Jul 2005 14:05:57 -0400
Cc: kitten at ietf.org, Nicolas Williams <Nicolas.Williams at sun.com>
In-reply-to: <17119.57294.385654.917723@gargle.gargle.HOWL>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
Organization: No Longer Affiliated with Columbia University in the City of New York
References: <20050719180604.GT4303@binky.Central.Sun.COM> <20050719180929.GA5809@binky.Central.Sun.COM> <17117.17450.881204.232069@gargle.gargle.HOWL> <42DFACE9.2010406@columbia.edu> <20050721162507.GG8002@binky.Central.Sun.COM> <17119.57294.385654.917723@gargle.gargle.HOWL>
Sender: kitten-bounces at lists.ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511

SAML is not used for authentication.   As you point out it is used
for authorization assertions.   I think the most relevant part of
the document for GSS will be the interface used to pull out
the assertions.   Kitten should work to define a generic interface
that would work equally well with assertions stored as X.509 extensions
or authz-data stored in a Kerberos ticket.

Jeffrey Altman

Von Welch wrote:

> Still not entirely sure what you're looking for.
> 
> We don't do any SAML-based authentication, we do PKI (with a GSS
> interface) for authentication and use SAML assertions to convey
> attributes or authorization assertions.
> 
> We use a hack of putting SAML assertions into X509 extensions as a
> way to convey those assertions through TLS and other protocols and
> then use GSS extensions described in the GGF document to pull those
> assertions out.
> 
> Von
> 
> 
> Nicolas Williams writes (11:25 July 21, 2005):
>  > On Thu, Jul 21, 2005 at 10:10:49AM -0400, Jeffrey Altman wrote:
>  > > I believe that Nico is interested in the binding between GSS
>  > > authentication and SAML data.
>  > 
>  > Indeed.
>  > 
>  > Nico
>  > --

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

Follow-Ups:
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Nicolas Williams

References:
- GGF evidently needs stackable pseudo-mechs
  - From: Nicolas Williams
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Nicolas Williams
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Von Welch
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Jeffrey Altman
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Nicolas Williams
- Re: GGF evidently needs stackable pseudo-mechs
  - From: Von Welch

Prev by Date: Re: GGF evidently needs stackable pseudo-mechs
Next by Date: Re: GGF evidently needs stackable pseudo-mechs
Previous by thread: Re: GGF evidently needs stackable pseudo-mechs
Next by thread: Re: GGF evidently needs stackable pseudo-mechs
Index(es):
- Date
- Thread

Re: GGF evidently needs stackable pseudo-mechs

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.