OpenSAML user discussion

["Pham Hoai Van" <>]

Relace Kerberos Ticket by SAML Assertion may not feasible. Ok, but using 
publickey is really slow down performce of the system. And I really like the 
security model of Kerberos with the use of symmetric key. I will think about 
defining the format of Kerberos based on XML.
Thanks all.

----- Original Message ----- 
From: "Tom Scavo" <>
To: "Pham Hoai Van" 
<>
Cc: 
<>
Sent: Wednesday, March 23, 2005 10:34 PM
Subject: Re: Use SAML Assertion as Kerberos Ticket


> On Wed, 23 Mar 2005 20:00:53 +0700, Pham Hoai Van
> <>
>  wrote:
> > Because Kerberos Ticket is not xml-based, so i want a replacement of it 
> > with
> > other xml-based message.
> >
> > Is it feasible with SAML Assertion ?
>
> A Kerberos principal name can be used to identity a SAML subject (cf.
> section 8.3.5 of [SAML2Core]) so yes, a SAML assertion can be
> associated with a Kerberos ticket.  I'm not sure what you're up to,
> however.  If you're more interested in web services than browsers, you
> might want to take a look at [WSSKerberosProfile] as well.
>
> Hope that helps,
> Tom
>
> [SAML2Core] 
> http://www.oasis-open.org/committees/download.php/11898/saml-core-2.0-os.pdf
>
> [WSSKerberosProfile]
> http://www.oasis-open.org/committees/download.php/8266/oasis-xxxxxx-wss-kerberos-token-profile-1%200.pdf