Kerberos authentication for Web Services
Frank Balluffi
frank.balluffi at db.com
Mon Jul 8 15:03:25 EDT 2002
I am not working on Kerberos authentication via SOAP, but it is my understanding that IBM's and Microsoft's WS-Security adds XML Signature and XML Encryption to SOAP and that authentication is implicit in each message, and that you will need to explicitly send KRB_AP_REQ and KRB_AP_REP messages to authenticate before you can send KRB_PRIV and KRB_SAFE messages via SOAP.
Frank
jredburn at wso.will
iams.edu (jeremy To: kerberos at mit.edu
redburn) cc:
Sent by: Subject: Kerberos authentication for Web Services
kerberos-admin at mi
t.edu
07/08/2002 11:04
AM
I am interested in building a system (similar to Microsoft's .Net My
Services) that is a family of web services that clients authenticate
against using Kerberos. The idea is to have clients hit the KDC via
SOAP calls over SSL and get the ticket. Then they ask the KDC for a
ticket to communicate with a specific web service. Once I have that, I
should be able to encrypt all SOAP messages to the web service and
just pass the username.
But this doesn't seem to fit into the idea of how Kerberos
authentication works. Is anyone doing Kerberos authentication via SOAP
calls? What do people recommend for an authentication mechanism for a
family of web services?
thanks.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
--
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
More information about the Kerberos
mailing list