WebISO: the killer kerberos app?

Russ Allbery rra at stanford.edu
Mon Mar 8 12:58:49 EST 2004


Sam Hartman <hartmans at mit.edu> writes:
>>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at sun.com> writes:

>     Wyllys> Isn't this very similar to the what Passport and Project
>     Wyllys> Liberty propose to use?  Basically, its a variation of the
>     Wyllys> "secure cookie" scheme.  Netegrity does something similar
>     Wyllys> as well.

> There's also the free software pubcookie.

WebAuth v3 is also free software.  We consider it superior to pubcookie,
or we wouldn't have written it.  :)  But others are certainly welcome to
make up their own minds on that score.

Contributions to WebAuth are gratefully appreciated, incidentally.  My
intention is to maintain it like any other free software project, taking
contributions from the community and releasing it on a periodic basis.

> My personal recommendation for webauth right now seems to be supporting
> both gssapi negotiate and pubcookie.  I'd prefer a stronger solution
> than gssapi negotiate.  The HTTP SASL draft is being last called, so
> perhaps we'll get our wish.

I would love it if all cookie-based Kerberos authentication mechanisms
would go the way of the dodo because real SASL support showed up in HTTP
servers and clients.  The client part is going to be the hard bit, but I
would love it if WebAuth became obsolete because my Mozilla just spoke
Kerberos all by itself.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list