Fwd: Delegation and Moonshot
nico at cryptonector.com
Wed Apr 6 16:40:20 EDT 2011
On Wed, Apr 6, 2011 at 2:11 PM, Henry B. Hotz <hotz at jpl.nasa.gov> wrote:
> On Apr 6, 2011, at 9:06 AM, krbdev-request at mit.edu wrote:
>> That seemed to be the case 8 years ago or so when we were working on
>> the problem of identity linked service authorization assertions.
>> There seemed to be a plethora of issues raised surrounding the
>> inability of anything in the ecosystem to handle kerberos tickets
>> which enclosed auth_data encoded payloads. If I remember correctly
>> the thought of loading any type of XML data as authorization
>> information was voiced as profoundly repugnant.
> I will own up to being one of those. I still regard the use of XML instead of ASN.1 as ugly in the context of Kerberos. I would prefer an attribute certificate to a SAML assertion.
> That said, the use of XML and SAML has increased over the years, and I am bowing out of that battle.
XML and SAML are here to stay -- they are now facts of life. That
said, and while we're going on stating personal preferences, I'll
state mine :) :) which is this: I like ASN.1, but I despise
BER/DER/CER -- I really like PER. And as for XML, for encoding
messages it seems like a very poor choice, like a really bad
re-invention of ASN.1 and BER. (But note that I'm not passing
judgement on XML as a markup language for _documents_.)
More information about the krbdev