Re: KITTEN: IETF 75 - 76

To: Love Hörnquist Åstrand <lha at kth.se>
Subject: Re: KITTEN: IETF 75 - 76
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Wed, 19 Aug 2009 11:32:15 -0500
Cc: "kitten at ietf.org" <kitten at ietf.org>, Shawn M Emery <Shawn.Emery at sun.com>
Delivered-to: kitten at core3.amsl.com
In-reply-to: <9CC1B781-EA9D-4FAB-8675-5BB47F6BE094 at kth.se>
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
References: <4A87A69A.3050408 at sun.com> <20090816235122.GP1043 at Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB at kth.se> <20090817172632.GT1043 at Sun.COM> <9CC1B781-EA9D-4FAB-8675-5BB47F6BE094 at kth.se>
User-agent: Mutt/1.5.7i

On Tue, Aug 18, 2009 at 10:59:59AM -0700, Love Hörnquist Åstrand wrote:
> >Yes, this problem affects initiators too.  If you want to solve the
> >Identity Selection problem _above_ the GSS-API (and I agree that the
> >solutions do belong outside the GSS-API), then you need to solve the
> >CREDENTIAL HANDLE issue first.
> 
> The credential handle problem is already solved for init sec context,  
> if you just can get hold of them.

True.

> GSS-API is part of the identity selection problem since its the holder  
> of credentials.
> 
> The application/framework will need to drive authentication and select/ 
> try credentials as it seems approproate and remember what of them was  
> useful.
> 
> This would work today, if it was possible to get initial credentials  
> and list existing/configured credentials

Sure.  An iterator following the same design principles as
gss_display_status() would look like:

OM_unit32 gss_list_default_cred_names(
	OM_uint32 *minor_status,
	gss_name_t  *name,
	int	    *more
);

Follow-Ups:
- Re: KITTEN: IETF 75 - 76
  - From: Martin Rex

References:
- KITTEN: IETF 75 - 76
  - From: Shawn M Emery
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams
- Re: KITTEN: IETF 75 - 76
  - From: Love Hörnquist Åstrand
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams
- Re: KITTEN: IETF 75 - 76
  - From: Love Hörnquist Åstrand

Prev by Date: Re: KITTEN: IETF 75 - 76
Next by Date: Re: KITTEN: IETF 75 - 76
Previous by thread: Re: KITTEN: IETF 75 - 76
Next by thread: Re: KITTEN: IETF 75 - 76
Index(es):
- Date
- Thread

Re: KITTEN: IETF 75 - 76

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.