WS-Security and GSS-API: How do I get the session key?

Max (Weijun) Wang Weijun.Wang at Sun.COM
Sun Mar 8 21:34:36 EDT 2009


On Mar 7, 2009, at 4:54 AM, Michael B Allen wrote:

> On Thu, Mar 5, 2009 at 9:29 PM,  <weijun.wang at sun.com> wrote:
>> Hi Luke
>>
>> On Feb 24, 9:36 pm, Luke Howard <lu... at padl.com> wrote:
>>>> I don't recall offhand if there's been an IETF draft proposing the
>>>> specific extension we've got for extracting the session key.
>>>
>>
>>>    major = gss_inquire_sec_context_by_oid(&minor,
>>>                                          ctx,
>>>                                          GSS_C_INQ_SSPI_SESSION_KEY,
>>>                                          &skey);
>>
>> Cool, we (Java SE Team at Sun) are also preparing to add a new method
>> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
>
> I think it would be better to have a GSSContext method that could
> return an Object that is specific to the OID supplied. For example, in
> the case of the session key, it would return a byte[] array like:
>
>  Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
>  byte[] sessionKey =  
> (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);
>
> Otherwise you're going to end up just adding more methods in an
> already overwhelming API.

Sure, if we are going to support other OIDs, we would use a method  
name like inquireSecContext(Oid).

Weijun

>
> Mike
>
> -- 
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/




More information about the Kerberos mailing list