Re: [KAML] Re: Chicago bar-BOF summary

Leif Johansson <leifj@it.su.se> Wed, 12 September 2007 07:12 UTC

Return-path: <kaml-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVMOP-0003BZ-Rv; Wed, 12 Sep 2007 03:12:09 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVMOO-0003BU-Rz for kaml@ietf.org; Wed, 12 Sep 2007 03:12:08 -0400
Received: from smtp1.su.se ([130.237.162.112]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IVMOO-0003Bi-G8 for kaml@ietf.org; Wed, 12 Sep 2007 03:12:08 -0400
Received: from localhost (localhost [127.0.0.1]) by smtp1.su.se (Postfix) with ESMTP id 0DF22740B1; Wed, 12 Sep 2007 09:12:07 +0200 (CEST)
Received: from smtp1.su.se ([127.0.0.1]) by localhost (smtp1.su.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 07788-01-13; Wed, 12 Sep 2007 09:12:06 +0200 (CEST)
Received: from [77.238.38.178] (eduroam-vastra-178.publik.su.se [77.238.38.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp1.su.se (Postfix) with ESMTP id B0C2C7409B; Wed, 12 Sep 2007 09:12:05 +0200 (CEST)
Message-ID: <46E79162.2010402@it.su.se>
Date: Wed, 12 Sep 2007 09:12:34 +0200
From: Leif Johansson <leifj@it.su.se>
User-Agent: Thunderbird 1.5.0.13 (X11/20070824)
MIME-Version: 1.0
To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: [KAML] Re: Chicago bar-BOF summary
References: <46DE5CC1.10204@it.su.se> <8158D751-0EE0-4D58-81DB-549C4A413B68@jpl.nasa.gov> <9B9324ACE4CA354EAF122E7D0E0673B64BDF23@NDMSEVS22.ndc.nasa.gov> <D80F0FFA-D9FF-48F1-B410-75078B40E8D7@jpl.nasa.gov> <46E1A274.1080600@anl.gov> <D208EBD0-1182-49C6-9A6F-B3210C4627E5@jpl.nasa.gov>
In-Reply-To: <D208EBD0-1182-49C6-9A6F-B3210C4627E5@jpl.nasa.gov>
X-Enigmail-Version: 0.94.2.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at smtp.su.se
X-Spam-Status: No, hits=-2.058 tagged_above=-99 required=7 tests=[AWL=0.254, BAYES_00=-2.312]
X-Spam-Level:
X-Spam-Score: 0.0 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: "Taylor, Dennis C. \(GSFC-720.0\)\[INDUS\]" <Dennis.C.Taylor@nasa.gov>, kaml@ietf.org
X-BeenThere: kaml@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about SAML and Kerberos intersections <kaml.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kaml>
List-Post: <mailto:kaml@ietf.org>
List-Help: <mailto:kaml-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=subscribe>
Errors-To: kaml-bounces@ietf.org

>
> I would be happier with this solution if the PAC format were at least
> an informational RFC.  The format is now well known and widely
> implemented, but AFAIK the description document isn't available
> without all the old warnings.  People have also found in practice that
> the PAC scales to an unpleasant size in many real deployments.
What we are trying to do here is probably a bit more general than PAC
which afaik
contains information about group membership. By comparison a SAML attribute
assertion is far more portable, based on published standards and equiped
with more
expressive power. In addition SAML is a very short stretch for MSFT to
implement
at least technically.

    Cheers Leif

_______________________________________________
KAML mailing list
KAML@ietf.org
https://www1.ietf.org/mailman/listinfo/kaml