Kerberos for Web Services
4
Kerberos for Web Services Larry Zhu Microsoft IETF67
-
Upload
montana-mcknight -
Category
Documents
-
view
20 -
download
4
description
Kerberos for Web Services. Larry Zhu Microsoft IETF67. Problem Statements. KDC Access. WS KERB. Proxy through GSS-API acceptor WS_KRB_PROXY 05 01 WS-KRB-HEADER ::= SEQUENCE { proxy-data [1] ProxyData , ... } ProxyData :: = SEQUENCE { realm [1] Realm, - PowerPoint PPT Presentation
Transcript of Kerberos for Web Services
Kerberos for Web Services
Larry Zhu Microsoft
IETF67
Problem Statements
• KDC Access
WS KERB
• Proxy through GSS-API acceptor• WS_KRB_PROXY 05 01 WS-KRB-HEADER ::= SEQUENCE { proxy-data [1] ProxyData, ... } ProxyData :: = SEQUENCE { realm [1] Realm, cookie [3] OCTET STRING OPTIONAL ... }
PKU2U
• Public Key based User to User authentication protocol for peer-to-peer systems
• Use PKINIT/RFC4556 and RFC4120 messages• Replace the KDC with the application server• All traffic tunneled using GSS-API messages• Use RFC4121 for all GSS-API primitives