Re: KITTEN: IETF 75 - 76

To: Nicolas.Williams at sun.com (Nicolas Williams)
Subject: Re: KITTEN: IETF 75 - 76
From: Martin Rex <Martin.Rex at sap.com>
Date: Wed, 19 Aug 2009 21:23:58 +0200 (MEST)
Cc: kitten at ietf.org, Shawn.Emery at sun.com
Delivered-to: kitten at core3.amsl.com
In-reply-to: <20090819163215.GD1043 at Sun.COM> from "Nicolas Williams" at Aug 19, 9 11:32:15 am
List-archive: <http://www.ietf.org/mail-archive/web/kitten>
List-help: <mailto:kitten-request@ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-post: <mailto:kitten@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Nicolas Williams wrote:
> 
> > GSS-API is part of the identity selection problem since its the holder  
> > of credentials.
> > 
> > The application/framework will need to drive authentication and select/ 
> > try credentials as it seems approproate and remember what of them was  
> > useful.
> > 
> > This would work today, if it was possible to get initial credentials  
> > and list existing/configured credentials
> 
> Sure.  An iterator following the same design principles as
> gss_display_status() would look like:
> 
> OM_unit32 gss_list_default_cred_names(
> 	OM_uint32 *minor_status,
> 	gss_name_t  *name,
> 	int	    *more
> );

That call looks somewhat restricted to me.

How about something like this:

OM_uint32 gss_list_default_cred_names(
	OM_uint32    * minor_status,
	gss_name_t   * name,
	gss_OID_set  * mech_oids,
	int          * is_default,
	OM_uint32    * cred_context
);

That would also match what you have to feed into an
explicit call to gss_acquire_cred() in order to reliably
get a credentials handle for exactly and each one listed.

-Martin

Follow-Ups:
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams

References:
- Re: KITTEN: IETF 75 - 76
  - From: Nicolas Williams

Prev by Date: Re: KITTEN: IETF 75 - 76
Next by Date: Re: KITTEN: IETF 75 - 76
Previous by thread: Re: KITTEN: IETF 75 - 76
Next by thread: Re: KITTEN: IETF 75 - 76
Index(es):
- Date
- Thread

Re: KITTEN: IETF 75 - 76

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.