Newbe with SOAP question

Ben Clewett ben at clewett.org.uk
Wed Jul 3 15:09:26 EDT 2002 

<Sam>

>    Ben> Hi from a Newbe,
>
>    Ben> I am interested in the Kerberos protocol for use with SOAP.
>    Ben> Not using Kerberos as-is, but using the protocol inside SOAP
>    Ben> messages.
>
>    Ben> Therefore sending a SOAP message to a 'AS' server behind a
>    Ben> SOAP server, and getting the encrypted Ticket returned in
>    Ben> another SOAP message, as the SOAP Body in Base64.
>
>Seems like a lot of wasted effort to do this; you cannot reuse
>existing Kerberos code bases, you get to repeat most of the protocol
>design mistakes of the last 10 years, etc.
>
>I'd recommend that you just use Kerberos if you don't have any
>annoying firewall constraints or that you do something that wraps
>unmodified Kerberos exchanges if you cannot rely on IP connectivity.
>
</Sam>

Sam,

I totally agree, a complete waist of time.  Unfortunatelly I have no 
choice.  Well, little choice.

I am behind firewalls and proxy.  I am doing EDI, which will involce 
three layes of firewalls/proxy.  (Customer, ISP, Us.)  I can only really 
on http, https, ftp etc.

I can use https.  This however involves purchacing a certificate 
anually, and does not give authentication.  Although this does allow 
encrypted plane-text authentication.  It also requires a rather complex 
cleint.  With http, I can almost pipe data through telnet, a significant 
advantage for where I'm going.

For this reason, I was thinking about putting a Kerbose client/server of 
the simplest design possible either side of the termiating SOAP layers.  
This would give me security and authentication, which is all I need.  I 
notice that XML has a nice Base64 data type, ideal for carrying 
encrypted data within a <Body> with an xmlns:Kerberos....

I was also thinking, maybe unrealistically, that I can't be the only 
person in this situation, and producing a Kerberos extension to a SOAP 
Client/server might be received quite well on the Internet.

Thanks for your reply,  

Ben Clewett.

</Sam>



>
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>http://mailman.mit.edu/mailman/listinfo/kerberos
>
>  
>

More information about the Kerberos mailing list