Re: GSS-APIv3 sketch
Nicolas Williams <Nicolas.Williams@sun.com> Wed, 11 November 2009 19:14 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF6593A6825 for <kitten@core3.amsl.com>; Wed, 11 Nov 2009 11:14:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.878
X-Spam-Level:
X-Spam-Status: No, score=-5.878 tagged_above=-999 required=5 tests=[AWL=-0.132, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XM5df4omuM0j for <kitten@core3.amsl.com>; Wed, 11 Nov 2009 11:14:05 -0800 (PST)
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by core3.amsl.com (Postfix) with ESMTP id C75D43A6814 for <kitten@ietf.org>; Wed, 11 Nov 2009 11:14:05 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id nABJEXQH010545 for <kitten@ietf.org>; Wed, 11 Nov 2009 19:14:33 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id nABJEXNQ033547 for <kitten@ietf.org>; Wed, 11 Nov 2009 12:14:33 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nABItTWV013821; Wed, 11 Nov 2009 12:55:29 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nABItT18013820; Wed, 11 Nov 2009 12:55:29 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 11 Nov 2009 12:55:29 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Love Hörnquist Åstrand <lha@apple.com>
Subject: Re: GSS-APIv3 sketch
Message-ID: <20091111185529.GO1105@Sun.COM>
References: <20091111181140.GC10501@Sun.COM> <C111F570-A844-4782-B561-08B6685D7E09@apple.com> <20091111184244.GN1105@Sun.COM> <68453834-10E4-48A2-8147-D26969FF37C9@apple.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <68453834-10E4-48A2-8147-D26969FF37C9@apple.com>
User-Agent: Mutt/1.5.7i
Cc: "kitten@ietf.org" <kitten@ietf.org>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 19:14:06 -0000
On Wed, Nov 11, 2009 at 10:57:30AM -0800, Love Hörnquist Åstrand wrote: > > 11 nov 2009 kl. 10:42 skrev Nicolas Williams: > > > On Wed, Nov 11, 2009 at 10:40:50AM -0800, Love Hörnquist Åstrand wrote: > >> > >> I have so many comments that I don't know where to start. > >> > >> First out: any work that doesn't include async is dead in the water. > > > > Oh, I forgot to mention that. It does include async. > > If the api requires calling sane function serveral times with the same arguments, the API is broken. > > >> Its not mentioned how this is gss3 objects relates to gss2 object. > > > > They are distinct. The compat shims take care of that. > > > >> Well-defined SPI will force everything to reimplemnent GSS-API > >> semantics in all layer, this sucks and duplicates code. > > > > No, see the compat shims. > > That doesn't answer my question, making the SPI look like the API is the problem. Actually, I have options to set the SPI symbol prefix to anything you like, so as long as you don't have additional SPI arguments (as we do in OpenSolaris) you're OK. But ALSO, I did answer your question: providers that don't support he new SPI can be accessed via v2u1 mechglues used through the v3 mechglue (that's what the note about shims was about).
- GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Jeffrey Hutzelman
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Andrew Bartlett
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Stefan (metze) Metzmacher
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Tom Yu