mace-opensaml-users - Re: Use SAML Assertion as Kerberos Ticket
Subject: OpenSAML user discussion
List archive
- From: Derek Atkins <>
- To: "Pham Hoai Van" <>
- Cc: "Tom Scavo" <>, <>
- Subject: Re: Use SAML Assertion as Kerberos Ticket
- Date: Wed, 23 Mar 2005 10:13:57 -0500
A SAML Assertion does not include a Shared Secret with which the
holder of the assertion (the user) can assert real-time possession.
In other words, generally the assertions are single-use (unlike
Kerberos tickets which are multiple use) and you handwave around the
potential attacks by using SSL and assuming that someone on the
network can't grab your packets, read your assertion, and replay the
message before the original message gets to the SP.
-derek
"Pham Hoai Van"
<>
writes:
> Kerberos model:
> http://www.oit.duke.edu/~rob/kerberos/kerbauth.html
>
> Because Kerberos Ticket is not xml-based, so i want a replacement of it
> with
> other xml-based message.
>
> Is it feasible with SAML Assertion ?
>
>
> ----- Original Message -----
> From: "Tom Scavo"
> <>
> To: "Van Hoai"
> <>
> Cc:
> <>
> Sent: Wednesday, March 23, 2005 7:42 PM
> Subject: Re: Use SAML Assertion as Kerberos Ticket
>
>
>> Can you be more specific about what you mean by "follow the Kerberos
>> model"?
>>
>> Tom
>>
>>
>> On Wed, 23 Mar 2005 07:20:03 +0000 (GMT), Van Hoai
>> <>
>> wrote:
>>> hi everybody, i'm new to saml and sourceid.java.
>>>
>>> I wanna build a security system that follow Kerberos
>>> model, but instead of Kerberos Ticket i wanna use SAML
>>> Assertion. Is it feasible ?
>>>
>>> Thanks inadvance.
>>>
>>>
>>> --------------
>>> Pham Hoai Van
>
>
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
PGP key available
- Use SAML Assertion as Kerberos Ticket, Van Hoai, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
Archive powered by MHonArc 2.6.16.