Getting a type code for AuthorizationData

Greg Hudson ghudson at mit.edu
Fri Oct 5 10:28:30 EDT 2018


On 10/05/2018 04:49 AM, Rick van Rein wrote:
> Is there a registry or registrar for the ad-type values for
> Authorization Data?

https://github.com/krb5/krb5-assignments

There was (and perhaps will be again) an attempt to move these 
registries to IANA, but for now they are managed by me.

https://tools.ietf.org/html/draft-ietf-kitten-kerberos-iana-registries-04

> I assume documentation in a static place is appreciated, perhaps even
> required.  To me, an Internet Draft would seem reasonable.

Sometimes I make a reservation without documentation, but it is better 
to have it.

> Do people generally advise locally meaningful values in ad-data fields,
> even when we intend to make realm-crossing use of it, or is there some
> appreciation for more standardised structures, such as Diameter frames
> or unsigned SAML?  The latter two would make some sense in our project,
> which aims to make secure use of online services simpler and more general.

I don't have anything insightful to say about this.  You might try 
asking this question on the kitten list, perhaps with more context as to 
what authorization data is being used for.


More information about the Kerberos mailing list