RE: Please review: http gss authentication mech

["Tim Alsop" <Tim.Alsop at CyberSafe.Com>]

Leif,

Have you considered using SASL over HTTP with GSS-API, as described in :

http://tools.ietf.org/wg/sasl/draft-nystrom-http-sasl-12.txt 

I was under the impression that the above draft was the preferred method
to improve on the HTTP negotiate approach.

Thanks,
Tim

-----Original Message-----
From: Leif Johansson [mailto:leifj at it.su.se] 
Sent: 09 November 2006 19:24
To: Kitten
Cc: Lisa Dusseault
Subject: Please review: http gss authentication mech


At the informal bar-bof yesterday in San Diego it was decided that I
should
send my drafts describing a new http gss authentication mechanism to
this list.

Note that these drafts are not intended for inclusion in the kitten
charter at
this or any future time. They are only presented to this list for review
by gss
experts.

By way of background this draft (and the related draft describing
channel
bindings for http+tls) describes a successor (but not update) to  the 
negotiate
http auth mech which hopes to solve some of the drawbacks of this
mechanism.
The orginal motivation for this work was requirements from the calcify
wg who
expressed the need for a better authentication mechanism (than plain
passwords)
for applications using http as a transport but not using a browser as a
client.

Please note that this is a 00 version and new versions with
modifications based
on discussions from yesterday are forthcoming.

http://www.ietf.org/internet-drafts/draft-johansson-http-gss-00.txt
http://www.ietf.org/internet-drafts/draft-johansson-http-tls-cb-00.txt

       Cheers Leif

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten