mace-opensaml-users - RE: Use SAML Assertion as Kerberos Ticket

Subject: OpenSAML user discussion

List archive

RE: Use SAML Assertion as Kerberos Ticket

From: "Scott Cantor" <>
To: "'Derek Atkins'" <>
Cc: "'Pham Hoai Van'" <>, <>
Subject: RE: Use SAML Assertion as Kerberos Ticket
Date: Wed, 23 Mar 2005 12:51:04 -0500
Organization: The Ohio State University

> How do you do your symmetric key exchange? In particular, how do you get
> the shared secret between the subject (the user) and the SP (the service)?

How does Kerberos do it? By hashing a password into a key, right? Have the
authority issue an assertion with the confirmation key wrapped in the
principal's key, then the principal enters the password, the client decrypts
the confirmation key and uses it to generate the proof of posession to
confirm itself as the subject to the SP.

I'm sure there are lots more details to get right. I'm not advocating doing
it, I'm just saying it's technically possible.

-- Scott

Use SAML Assertion as Kerberos Ticket, Van Hoai, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
  - Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
    - Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
      - RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
    - Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
      - Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
        Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005

List archive

RE: Use SAML Assertion as Kerberos Ticket