WS-Security and GSS-API: How do I get the session key?
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Sun Mar 8 21:34:36 EDT 2009
On Mar 7, 2009, at 4:54 AM, Michael B Allen wrote:
> On Thu, Mar 5, 2009 at 9:29 PM, <weijun.wang at sun.com> wrote:
>> Hi Luke
>>
>> On Feb 24, 9:36 pm, Luke Howard <lu... at padl.com> wrote:
>>>> I don't recall offhand if there's been an IETF draft proposing the
>>>> specific extension we've got for extracting the session key.
>>>
>>
>>> major = gss_inquire_sec_context_by_oid(&minor,
>>> ctx,
>>> GSS_C_INQ_SSPI_SESSION_KEY,
>>> &skey);
>>
>> Cool, we (Java SE Team at Sun) are also preparing to add a new method
>> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
>
> I think it would be better to have a GSSContext method that could
> return an Object that is specific to the OID supplied. For example, in
> the case of the session key, it would return a byte[] array like:
>
> Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
> byte[] sessionKey =
> (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);
>
> Otherwise you're going to end up just adding more methods in an
> already overwhelming API.
Sure, if we are going to support other OIDs, we would use a method
name like inquireSecContext(Oid).
Weijun
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
More information about the Kerberos
mailing list