Project review: response sets
Nathaniel McCallum
npmccallum at redhat.com
Fri Jul 13 10:39:16 EDT 2012
On Thu, 2012-07-12 at 18:45 -0400, Greg Hudson wrote:
> If we want more commonality and less glue code here, we could either try
> to make response sets more like cred stores or we could do the reverse.
> I think making response sets more like cred stores would probably make
> more sense. Specifically:
>
> * Response item keys become URIs.
No problem.
> * Instead of arbitrary contracts, response items have question blobs and
> answer blobs.
>
> * Answer blobs can be pushed by the caller without having to provide a
> responder callback, via a generalization of krb5_get_init_creds_password.
I don't like either of these for one important reason: the responder
interface as it stands can specify callback functions to validate the
input data. In OTP for instance we definitely want to validate the data
provided and provide intelligent errors for the UI.
Nathaniel
More information about the krbdev
mailing list