Getting a type code for AuthorizationData
Greg Hudson
ghudson at mit.edu
Fri Oct 5 10:28:30 EDT 2018
On 10/05/2018 04:49 AM, Rick van Rein wrote:
> Is there a registry or registrar for the ad-type values for
> Authorization Data?
https://github.com/krb5/krb5-assignments
There was (and perhaps will be again) an attempt to move these
registries to IANA, but for now they are managed by me.
https://tools.ietf.org/html/draft-ietf-kitten-kerberos-iana-registries-04
> I assume documentation in a static place is appreciated, perhaps even
> required. To me, an Internet Draft would seem reasonable.
Sometimes I make a reservation without documentation, but it is better
to have it.
> Do people generally advise locally meaningful values in ad-data fields,
> even when we intend to make realm-crossing use of it, or is there some
> appreciation for more standardised structures, such as Diameter frames
> or unsigned SAML? The latter two would make some sense in our project,
> which aims to make secure use of online services simpler and more general.
I don't have anything insightful to say about this. You might try
asking this question on the kitten list, perhaps with more context as to
what authorization data is being used for.
More information about the Kerberos
mailing list