Serialization framework future
Nico Williams
nico at cryptonector.com
Thu May 31 14:45:17 EDT 2012
On Thu, May 31, 2012 at 1:25 PM, Simo Sorce <simo at redhat.com> wrote:
> I see exclusively talking about krb5 here, I would hope that an export
> cred format would be able to transfer other cred types too if available.
As with GSS exported name tokens there would be a token type ID and a
mechanism OID prefixed to the mechanism-specific data.
Note that GSS credentials can have elements for multiple GSS
mechanisms, so there must be some additional structure at the glue
layer.
Presumably these token formats will be private, but in practice we'll
likely have MIT, Heimdal, and JGSS wishing to interact with the same
exported cred tokens.
Nico
--
More information about the krbdev
mailing list