IETF Logo Mail Archive

Re: KITTEN: IETF 75 - 76

Nicolas Williams <Nicolas.Williams@sun.com> Wed, 19 August 2009 16:42 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74CC53A69FB for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 09:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.774
X-Spam-Level:
X-Spam-Status: No, score=-5.774 tagged_above=-999 required=5 tests=[AWL=-0.028, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMAekLPeht0w for <kitten@core3.amsl.com>; Wed, 19 Aug 2009 09:42:58 -0700 (PDT)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 884D53A68A6 for <kitten@ietf.org>; Wed, 19 Aug 2009 09:42:57 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n7JGh0kw022002 for <kitten@ietf.org>; Wed, 19 Aug 2009 16:43:00 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n7JGgw1K048877 for <kitten@ietf.org>; Wed, 19 Aug 2009 10:42:58 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n7JGWGrk004034; Wed, 19 Aug 2009 11:32:16 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n7JGWFeJ004033; Wed, 19 Aug 2009 11:32:15 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 19 Aug 2009 11:32:15 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: KITTEN: IETF 75 - 76
Message-ID: <20090819163215.GD1043@Sun.COM>
References: <4A87A69A.3050408@sun.com> <20090816235122.GP1043@Sun.COM> <77312362-85D0-4BDC-AD16-28450B38C5CB@kth.se> <20090817172632.GT1043@Sun.COM> <9CC1B781-EA9D-4FAB-8675-5BB47F6BE094@kth.se>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9CC1B781-EA9D-4FAB-8675-5BB47F6BE094@kth.se>
User-Agent: Mutt/1.5.7i
Cc: "kitten@ietf.org" <kitten@ietf.org>, Shawn M Emery <Shawn.Emery@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 16:42:59 -0000

On Tue, Aug 18, 2009 at 10:59:59AM -0700, Love Hörnquist Åstrand wrote:
> >Yes, this problem affects initiators too.  If you want to solve the
> >Identity Selection problem _above_ the GSS-API (and I agree that the
> >solutions do belong outside the GSS-API), then you need to solve the
> >CREDENTIAL HANDLE issue first.
> 
> The credential handle problem is already solved for init sec context,  
> if you just can get hold of them.

True.

> GSS-API is part of the identity selection problem since its the holder  
> of credentials.
> 
> The application/framework will need to drive authentication and select/ 
> try credentials as it seems approproate and remember what of them was  
> useful.
> 
> This would work today, if it was possible to get initial credentials  
> and list existing/configured credentials

Sure.  An iterator following the same design principles as
gss_display_status() would look like:

OM_unit32 gss_list_default_cred_names(
	OM_uint32 *minor_status,
	gss_name_t  *name,
	int	    *more
);

v2.23.0 | Report a Bug | By Email