From raeburn at MIT.EDU Sun Nov 9 19:06:24 2003 From: raeburn at MIT.EDU (Ken Raeburn) Date: Sun, 09 Nov 2003 19:06:24 -0500 Subject: [Kdc-info] comments on draft-johansson-kerberos-model-00 In-Reply-To: <3F858CCE.9070109@it.su.se> (Leif Johansson's message of "Thu, 09 Oct 2003 18:29:02 +0200") References: <3F858CCE.9070109@it.su.se> Message-ID: Leif Johansson writes: > 4.1.2 Principal: Associations > > Each principal MUST be associated with exactly one KeySet and MAY be > associated with 1 or more Policies. The KeySet is represented as an > object in this model since it has attributes associated with it (the > key version number). We need to support multiple KeySets in at least a couple cases: * KDC needs an old key to renew a renewable ticket issued before the service's key was changed * KDC accepting TGTs issued before the TGS key was changed We may need to support zero KeySets if we want the information model to apply to principals that always authenticate via PKINIT. Ken From leifj at it.su.se Sun Nov 9 19:52:57 2003 From: leifj at it.su.se (Leif Johansson) Date: Mon, 10 Nov 2003 01:52:57 +0100 Subject: [Kdc-info] Re: comments on draft-johansson-kerberos-model-00 In-Reply-To: References: <3F858CCE.9070109@it.su.se> Message-ID: <3FAEE169.8060008@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken Raeburn wrote: | Leif Johansson writes: | | |>4.1.2 Principal: Associations |> |> Each principal MUST be associated with exactly one KeySet and MAY be |> associated with 1 or more Policies. The KeySet is represented as an |> object in this model since it has attributes associated with it (the |> key version number). | | | We need to support multiple KeySets in at least a couple cases: | Agreed. This was an oversight on my part. | * KDC needs an old key to renew a renewable ticket issued before the | service's key was changed | | * KDC accepting TGTs issued before the TGS key was changed | | We may need to support zero KeySets if we want the information model | to apply to principals that always authenticate via PKINIT. Oki. MVH leifj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ruFo8Jx8FtbMZncRAnj9AKCWaq4+L3C3JHOS6pQ7bKxLP6130gCgtP1+ rImgYOAlPygtCXmZ/7o5Kmg= =qVTl -----END PGP SIGNATURE----- From leifj at it.su.se Mon Nov 10 11:07:21 2003 From: leifj at it.su.se (Leif Johansson) Date: Mon, 10 Nov 2003 17:07:21 +0100 Subject: [Kdc-info] face2face Message-ID: <3FAFB7B9.1040409@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If anyone is interested in giving verbal comments and/or discussing the current draft or perhaps having a beer I suggest we congregate after the krb-wg meeting. MVH leifj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/r7e48Jx8FtbMZncRAiGPAKC7cy9M8VJ7+ZhWykgRfp1Hprb0HQCfU8CS krgnE8K6AivjG2+f9c3Ph88= =cHOA -----END PGP SIGNATURE----- From Nicolas.Williams at sun.com Mon Nov 10 12:08:51 2003 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Mon, 10 Nov 2003 09:08:51 -0800 Subject: [Kdc-info] face2face In-Reply-To: <3FAFB7B9.1040409@it.su.se> References: <3FAFB7B9.1040409@it.su.se> Message-ID: <20031110170851.GM887@binky.central.sun.com> Count me in. On Mon, Nov 10, 2003 at 05:07:21PM +0100, Leif Johansson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If anyone is interested in giving verbal comments and/or discussing > the current draft or perhaps having a beer I suggest we congregate > after the krb-wg meeting. > > MVH leifj > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/r7e48Jx8FtbMZncRAiGPAKC7cy9M8VJ7+ZhWykgRfp1Hprb0HQCfU8CS > krgnE8K6AivjG2+f9c3Ph88= > =cHOA > -----END PGP SIGNATURE----- > > _______________________________________________ > kdc-info mailing list > kdc-info at mit.edu > http://mailman.mit.edu/mailman/listinfo/kdc-info From hartmans at MIT.EDU Mon Nov 10 18:17:17 2003 From: hartmans at MIT.EDU (Sam Hartman) Date: Mon, 10 Nov 2003 18:17:17 -0500 Subject: [Kdc-info] face2face In-Reply-To: <20031110170851.GM887@binky.central.sun.com> (Nicolas Williams's message of "Mon, 10 Nov 2003 09:08:51 -0800") References: <3FAFB7B9.1040409@it.su.se> <20031110170851.GM887@binky.central.sun.com> Message-ID: >>>>> "Nicolas" == Nicolas Williams writes: Nicolas> Count me in. I'm interested. However we have had particularly bad luck with meetings about specs during lunch time, especially when we aren't able to find seating such that everyone involved can hear each other. If that happens I'll not be interested in the discussion. From leifj at it.su.se Mon Nov 10 18:30:11 2003 From: leifj at it.su.se (Leif Johansson) Date: Tue, 11 Nov 2003 00:30:11 +0100 Subject: [Kdc-info] face2face In-Reply-To: References: <3FAFB7B9.1040409@it.su.se> <20031110170851.GM887@binky.central.sun.com> Message-ID: <3FB01F83.7090301@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sam Hartman wrote: |>>>>>"Nicolas" == Nicolas Williams writes: | | | Nicolas> Count me in. | | I'm interested. However we have had particularly bad luck with | meetings about specs during lunch time, especially when we aren't able | to find seating such that everyone involved can hear each other. If | that happens I'll not be interested in the discussion. | Agreed. Let's try to find a quite corner in the hotel instead. Do people have things they need to go to after krb-wg? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/sB+D8Jx8FtbMZncRAhP9AJ9Olvw0OHCkBJ5qUGhPu4QN8EsHLACfSVRA u7vI4sPuUyLGxbifJmfLrE0= =Jr86 -----END PGP SIGNATURE----- From morteza at infoblox.com Mon Nov 10 20:44:40 2003 From: morteza at infoblox.com (Morteza Ansari) Date: Mon, 10 Nov 2003 17:44:40 -0800 Subject: [Kdc-info] face2face In-Reply-To: <3FB01F83.7090301@it.su.se> References: <3FAFB7B9.1040409@it.su.se> <20031110170851.GM887@binky.central.sun.com> <3FB01F83.7090301@it.su.se> Message-ID: <3FB03F08.90502@infoblox.com> I am in too (and free after Kerberos WG meeting). Cheers, Morteza From leifj at it.su.se Wed Nov 12 16:43:49 2003 From: leifj at it.su.se (Leif Johansson) Date: Wed, 12 Nov 2003 22:43:49 +0100 Subject: [Kdc-info] notes from today Message-ID: <3FB2A995.4000305@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please yell if I got it wrong. This is roughly what transpired today: 1. After some initial confusion about the word 'policy' we decided that the policy part of the model be restructed as follows: A policy has a Human readable name UUID (unique thingy) Description for user Description for admin Policy type OID Optional opaque parameter "DEFINED BY" the type Each principal has a set of policy-references, at most one per type. 2. Nico commented on the need for words about access control. The next version will have such words. 3. We decided not to get into i18n today although we may have to eventually. Question: Did we decide that password quality and password change policy type are separate? Or are there more/fewer types of policy related to passwords? Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/sqmV8Jx8FtbMZncRAh3ZAJ45qb8scIvisyKKCctADgj0JMClqQCfeBEO T347RQHptaz7sQnaMMDy1V8= =IfNB -----END PGP SIGNATURE----- From Nicolas.Williams at sun.com Wed Nov 12 17:20:36 2003 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Wed, 12 Nov 2003 14:20:36 -0800 Subject: [Kdc-info] notes from today In-Reply-To: <3FB2A995.4000305@it.su.se> References: <3FB2A995.4000305@it.su.se> Message-ID: <20031112222036.GO887@binky.central.sun.com> On Wed, Nov 12, 2003 at 10:43:49PM +0100, Leif Johansson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please yell if I got it wrong. This is roughly what transpired > today: > > 1. After some initial confusion about the word 'policy' we > decided that the policy part of the model be restructed as > follows: > > A policy has a > > Human readable name > UUID (unique thingy) > Description for user > Description for admin (localizable, one hopes - I'm not sure how you do that in LDAP :/ ) > Policy type OID > Optional opaque parameter "DEFINED BY" the type "Open type" is the right ASN.1 terminology. > Each principal has a set of policy-references, at most one > per type. per _policy_ type. > 2. Nico commented on the need for words about access control. > The next version will have such words. Yup. And note that we can now have an acl policy type; MIT krb5 would have only one princ acl policy: "default." > 3. We decided not to get into i18n today although we may have > to eventually. Oh, yeah - sorry I mention l10n above then :) > Question: Did we decide that password quality and password > change policy type are separate? Or are there more/fewer types > of policy related to passwords? All [sub-]policies related to password changing should be aggregated under a single policy type for password changes. Min. password life, max. pw life, min. char classes, min. pw len., dictionary check (and _which_ dictionaries...), pw history, etc... all are part of the password quality policy, IMO. Cheers, Nico -- From hartmans at MIT.EDU Wed Nov 12 21:43:03 2003 From: hartmans at MIT.EDU (Sam Hartman) Date: Wed, 12 Nov 2003 21:43:03 -0500 Subject: [Kdc-info] notes from today In-Reply-To: <20031112222036.GO887@binky.central.sun.com> (Nicolas Williams's message of "Wed, 12 Nov 2003 14:20:36 -0800") References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> Message-ID: >>>>> "Nicolas" == Nicolas Williams writes: Nicolas> On Wed, Nov 12, 2003 at 10:43:49PM +0100, Leif Johansson Nicolas> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Please yell if I got it wrong. This is roughly what transpired >> today: >> >> 1. After some initial confusion about the word 'policy' we >> decided that the policy part of the model be restructed as >> follows: >> Policy type OID Optional opaque parameter "DEFINED BY" the type Nicolas> "Open type" is the right ASN.1 terminology. We're not in an ASN.1 world here. Nicolas> per _policy_ type. >> 2. Nico commented on the need for words about access control. >> The next version will have such words. I'm uncomfortable getting into ACLs at all in this document even ACL policy types. I believe that is a major rathole. From Nicolas.Williams at sun.com Wed Nov 12 21:41:40 2003 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Wed, 12 Nov 2003 18:41:40 -0800 Subject: [Kdc-info] notes from today In-Reply-To: References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> Message-ID: <20031113024139.GZ887@binky.central.sun.com> On Wed, Nov 12, 2003 at 09:43:03PM -0500, Sam Hartman wrote: > >>>>> "Nicolas" == Nicolas Williams writes: > > Nicolas> On Wed, Nov 12, 2003 at 10:43:49PM +0100, Leif Johansson > Nicolas> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> > >> Please yell if I got it wrong. This is roughly what transpired > >> today: > >> > >> 1. After some initial confusion about the word 'policy' we > >> decided that the policy part of the model be restructed as > >> follows: > > >> Policy type OID Optional opaque parameter "DEFINED BY" the type > > Nicolas> "Open type" is the right ASN.1 terminology. > > We're not in an ASN.1 world here. Nonethelles Leif used ASN.1 terminology - if we must, then let's use the right terminology pls. "hole," "open type," etc... are good to use. > > Nicolas> per _policy_ type. > > >> 2. Nico commented on the need for words about access control. > >> The next version will have such words. > > I'm uncomfortable getting into ACLs at all in this document even ACL > policy types. I believe that is a major rathole. Noone said anything about managing the ACLs through this model (in fact, I am against it). Nico -- From raeburn at MIT.EDU Wed Nov 12 21:53:57 2003 From: raeburn at MIT.EDU (Ken Raeburn) Date: Wed, 12 Nov 2003 20:53:57 -0600 Subject: [Kdc-info] notes from today In-Reply-To: <20031113024139.GZ887@binky.central.sun.com> Message-ID: On Wednesday, Nov 12, 2003, at 20:41 US/Central, Nicolas Williams wrote: >>>> 2. Nico commented on the need for words about access control. >>>> The next version will have such words. >> >> I'm uncomfortable getting into ACLs at all in this document even ACL >> policy types. I believe that is a major rathole. > > Noone said anything about managing the ACLs through this model (in > fact, > I am against it). Yes, we basically said the security considerations should mention that access control on this critical data is very important, and leave the mechanisms, policies, etc, to the implementors. Ken From leifj at it.su.se Wed Nov 12 22:08:17 2003 From: leifj at it.su.se (Leif Johansson) Date: Thu, 13 Nov 2003 04:08:17 +0100 Subject: [Kdc-info] notes from today In-Reply-To: References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> Message-ID: <3FB2F5A1.1050403@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | Nicolas> per _policy_ type. | | >> 2. Nico commented on the need for words about access control. | >> The next version will have such words. | | I'm uncomfortable getting into ACLs at all in this document even ACL | policy types. I believe that is a major rathole. | That is not the intent. If someone defines a policy type used to represent aci information that is their business. This is indeed a rathole and I think the consensus is to write words in the security considerations and be done with that. MVH leifj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/svWh8Jx8FtbMZncRAj6dAJ4vhJIEob2JhaBfqGNZayGVLITPTwCgmg/y 4hpfcFvvlko8gZvdwlHCWoo= =LM3i -----END PGP SIGNATURE----- From hartmans at MIT.EDU Wed Nov 12 22:15:36 2003 From: hartmans at MIT.EDU (Sam Hartman) Date: Wed, 12 Nov 2003 22:15:36 -0500 Subject: [Kdc-info] notes from today In-Reply-To: <20031113024139.GZ887@binky.central.sun.com> (Nicolas Williams's message of "Wed, 12 Nov 2003 18:41:40 -0800") References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> <20031113024139.GZ887@binky.central.sun.com> Message-ID: >>>>> "Nicolas" == Nicolas Williams writes: >> Nicolas> per _policy_ type. >> >> 2. Nico commented on the need for words about access >> control. >> The next version will have such words. >> >> I'm uncomfortable getting into ACLs at all in this document >> even ACL policy types. I believe that is a major rathole. Nicolas> Noone said anything about managing the ACLs through this Nicolas> model (in fact, I am against it). I'm concerned about letting the ideas of ACLs existing show through into the schema. I'm concerned that it may interact badly with ACL systems people have and will provide insufficient value. What functionality do you want and how will it be useful to you in a cross-vendor environment. From leifj at it.su.se Wed Nov 12 22:56:46 2003 From: leifj at it.su.se (Leif Johansson) Date: Thu, 13 Nov 2003 04:56:46 +0100 Subject: [Kdc-info] notes from today In-Reply-To: References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> <20031113024139.GZ887@binky.central.sun.com> Message-ID: <3FB300FE.2050902@it.su.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | I'm concerned about letting the ideas of ACLs existing show through | into the schema. I'm concerned that it may interact badly with ACL | systems people have and will provide insufficient value. | Me too. | | What functionality do you want and how will it be useful to you in a | cross-vendor environment. | Nothing. It will Not. I am pretty sure this is not an issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/swD+8Jx8FtbMZncRAkx0AJ9P6zLn8hXFq3nlciWXjSfl/s2h6QCbBbij rpEQHpdG1cZyEr5Q/xvdwsg= =A7Cx -----END PGP SIGNATURE----- From Nicolas.Williams at sun.com Thu Nov 13 02:23:29 2003 From: Nicolas.Williams at sun.com (Nicolas Williams) Date: Wed, 12 Nov 2003 23:23:29 -0800 Subject: [Kdc-info] notes from today In-Reply-To: <3FB300FE.2050902@it.su.se> References: <3FB2A995.4000305@it.su.se> <20031112222036.GO887@binky.central.sun.com> <20031113024139.GZ887@binky.central.sun.com> <3FB300FE.2050902@it.su.se> Message-ID: <20031113072329.GB887@binky.central.sun.com> I'm with Leif. Basically, there will be policy _types_, each with a OID, and intances of policy types will have names (and also UUIDs, but that's another story), and, for each policy type there will be at most one policy associated with a principal. Note that dumb clients need not know about policy contents - just policy names. Smart clients may know how to deal with policy contents. This allows for the addition of an acl policy. For a server like MIT's kadmind there would be one and only one instance of an acl policy type (e.g., "default") because there is a single acl (kadm5.acl) for all princs in a realm (more or less :) Nico On Thu, Nov 13, 2003 at 04:56:46AM +0100, Leif Johansson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > | I'm concerned about letting the ideas of ACLs existing show through > | into the schema. I'm concerned that it may interact badly with ACL > | systems people have and will provide insufficient value. > | > > Me too. > > | > | What functionality do you want and how will it be useful to you in a > | cross-vendor environment. > | > > Nothing. It will Not. I am pretty sure this is not an issue. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/swD+8Jx8FtbMZncRAkx0AJ9P6zLn8hXFq3nlciWXjSfl/s2h6QCbBbij > rpEQHpdG1cZyEr5Q/xvdwsg= > =A7Cx > -----END PGP SIGNATURE----- >