[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Was a smartcard used to get the ticket?

To: heimdal-discuss@sics.se, Leif Johansson <leifj@it.su.se>
Subject: Re: Was a smartcard used to get the ticket?
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 9 Aug 2007 16:54:07 -0700
Cc: Love Hörnquist Åstrand <lha@kth.se>, "Douglas E. Engert" <deengert@anl.gov>, Phil Fisher <philip_fisher@hotmail.co.uk>
In-Reply-To: <46BB80D1.5090306@it.su.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <BAY119-F23AD10B864069D3DF5C32CCAE70@phx.gbl> <46B9D5B5.7060706@anl.gov> <A4D1CC86-1978-4ED8-BEBE-28331154DD9D@kth.se> <529226C2-4D6F-4F50-8BA1-194C2EA3DD85@jpl.nasa.gov> <46BB80D1.5090306@it.su.se>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>


On Aug 9, 2007, at 2:02 PM, Leif Johansson wrote:

> Henry B. Hotz wrote:
>
> <snip>
>
>> Wish I had been able to listen in to the IETF discussion.  The  
>> meeting
>> notes are a bit skimpy.
>>
>
> One mechanism that was discussed was to use SAML authentication  
> contexts to
> communicate information about how the authentication was done.  
> Would that
> carry enough information to solve the problem for you?
>
>     Cheers Leif

Most likely.  OTOH I can't have the KDC waiting on an external SAML  
engine to provide the extra bit of authZ info before issuing a ticket.

There's a certain simplicity to the idea of just copying the original  
authN cert that I like.  In a sense that does nothing to solve the  
problem.  OTOH maybe that's a good thing since complex authZ  
decisions usually need to be made close to the specific service  
rather than centrally in my experience.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Was a smartcard used to get the ticket?
  - From: Leif Johansson <leifj@it.su.se>

References:
- Was a smartcard used to get the ticket?
  - From: "Phil Fisher" <philip_fisher@hotmail.co.uk>
- Re: Was a smartcard used to get the ticket?
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Was a smartcard used to get the ticket?
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Was a smartcard used to get the ticket?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Was a smartcard used to get the ticket?
  - From: Leif Johansson <leifj@it.su.se>

Prev by Date: Re: Was a smartcard used to get the ticket?
Next by Date: Re: Was a smartcard used to get the ticket?
Prev by thread: Re: Was a smartcard used to get the ticket?
Next by thread: Re: Was a smartcard used to get the ticket?
Index(es):
- Date
- Thread