Serialization framework future
Simo Sorce
simo at redhat.com
Thu May 31 14:27:22 EDT 2012
On Thu, 2012-05-31 at 09:41 -0500, Nico Williams wrote:
> On Thu, May 31, 2012 at 7:37 AM, Sam Hartman <hartmans at mit.edu> wrote:
> > I agree with nico that the serialization format for credentials should
> > be the krb-cred we just standardized in the IETF.
>
> Note that KRB-CRED's KrbCredInfo doesn't include authorization-data.
> Is that important? I think it could be!
I think it is important indeed, what;s the point of exporting and then
re-importing a cred if the result is that you lost pieces in the
process ?
> Couldn't we add that to
> KrbCredInfo? The obvious answer is that we can't just modify KRB-CRED
> as senders would have to negotiate recipient support for that. But we
> could have additional fields in KrbCredInfo for serialization
> purposes.
>
> I'd still rather use KRB-CRED.
What about other mechanism than KRB5 ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list