PROXY tickets and GSSAPI
Douglas E. Engert
deengert at anl.gov
Thu Jun 27 22:48:00 EDT 2002
Sam Hartman wrote:
> Doug, why are you proposing GSSAPI extensions outside of the IETf
> context? It annoys a lot of people, makes it harder to write
> interoperable software, and reduces the quality of the final spces.
I explained this before how we had tried to talk to the CAT group but got
very little interest. Are you interested now? I would expect that we would
take this to the IETF eventually.
I work 1/2 time for the Globus project and this is what they want to do, and
how they want to handle it via the Global Grid Forum.
There is also a significant group of Globus sites that want to use
Kerberos for authentication, rather then the GSI based on SSL and X509.
They already have substantial Kerberos infrastructures in place.
GSSAPI is the key for this interoperability. The current Kerberos with
GSSAPI does not have the capabilities need to support what they want to
do with Globus. User-to-user in GSSAPI for example. We do have a draft in the
krb-wg. We have the Sandia U2U mods. Would you be open to adding these to
the MIT release?. Some of the other features will also need to be added, and
we would like to get MIT involved.
So rather then complaining about other who are trying to move forward,
consider attending the Global Grid Forum! See: http://www.gridforum.org
there are already 850 people registered.
Also see http://www.gridforum.org/2_SEC/GSI.htm
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev