Fwd: Delegation and Moonshot

Nico Williams nico at cryptonector.com
Wed Apr 6 16:40:20 EDT 2011

On Wed, Apr 6, 2011 at 2:11 PM, Henry B. Hotz <hotz at jpl.nasa.gov> wrote:
> On Apr 6, 2011, at 9:06 AM, krbdev-request at mit.edu wrote:
>> That seemed to be the case 8 years ago or so when we were working on
>> the problem of identity linked service authorization assertions.
>> There seemed to be a plethora of issues raised surrounding the
>> inability of anything in the ecosystem to handle kerberos tickets
>> which enclosed auth_data encoded payloads.  If I remember correctly
>> the thought of loading any type of XML data as authorization
>> information was voiced as profoundly repugnant.
> I will own up to being one of those.  I still regard the use of XML instead of ASN.1 as ugly in the context of Kerberos.  I would prefer an attribute certificate to a SAML assertion.
> That said, the use of XML and SAML has increased over the years, and I am bowing out of that battle.

XML and SAML are here to stay -- they are now facts of life.  That
said, and while we're going on stating personal preferences, I'll
state mine :) :)  which is this: I like ASN.1, but I despise
BER/DER/CER -- I really like PER.  And as for XML, for encoding
messages it seems like a very poor choice, like a really bad
re-invention of ASN.1 and BER.  (But note that I'm not passing
judgement on XML as a markup language for _documents_.)


More information about the krbdev mailing list