[kitten] CredUI
Luke Howard <lukeh@padl.com> Sat, 01 February 2014 02:07 UTC
Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 119A81ACCF4 for <kitten@ietfa.amsl.com>; Fri, 31 Jan 2014 18:07:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s338sJ5u21rR for <kitten@ietfa.amsl.com>; Fri, 31 Jan 2014 18:07:07 -0800 (PST)
Received: from us.padl.com (us.padl.com [216.154.215.154]) by ietfa.amsl.com (Postfix) with ESMTP id 21CD71ACCE3 for <kitten@ietf.org>; Fri, 31 Jan 2014 18:07:06 -0800 (PST)
Received: by us.padl.com with ESMTP id s1126dG6018264; Fri, 31 Jan 2014 21:06:52 -0500
From: Luke Howard <lukeh@padl.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 01 Feb 2014 13:06:38 +1100
Message-Id: <22979F1F-33E3-4073-88EF-A491965B01B7@padl.com>
To: "kitten@ietf.org" <kitten@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
X-Mailer: Apple Mail (2.1822)
X-SMTP-Vilter-Version: 1.3.6
X-Spamd-Symbols: ALL_TRUSTED, AWL, BAYES_00, TVD_SPACED_SUBJECT_WORD3, USER_IN_WHITELIST
X-SMTP-Vilter-Spam-Backend: spamd
X-Spam-Threshold: 5.0
X-Spam-Probability: -20.6
Cc: Love Hörnquist Åstrand <lha@h5l.org>
Subject: [kitten] CredUI
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Feb 2014 02:07:09 -0000
Announcing a new open source project is pretty off-topic for ietf-kitten so I'll keep it brief and to a URL: https://github.com/PADL/CredUI On-topic is that it does offer a way (much inspired by the equivalent SSPI APIs) to do interactive credential acquisition with prompting with very limited changes to GSS-API. Essentially the changes are: * a new supplementary status code, GSS_S_PROMPTED_NEEDED, indicated the prompting is needed (this can be combined with other GSS-API error codes). This can be returned by gss_init_sec_context(). * an API/SPI to acquire a credential given an arbitrary dictionary (currently we implemented this using gss_set_cred_option(), as that can output a credential, but a new entry point would be cleaner) * a new, independent, API and plugin abstraction for prompting the user, generating said dictionary, etc Now, the CredUI implementation above is very OS X-specific, but one could certainly generalise the interaction with GSS-API (which would mostly come down to defining a GSS-API dictionary type, accessors, and well known keys). -- Luke
- [kitten] CredUI Luke Howard
- Re: [kitten] CredUI Nico Williams
- Re: [kitten] CredUI Greg Hudson
- Re: [kitten] CredUI Luke Howard