mace-opensaml-users - RE: Use SAML Assertion as Kerberos Ticket
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: "'Derek Atkins'" <>
- Cc: "'Pham Hoai Van'" <>, <>
- Subject: RE: Use SAML Assertion as Kerberos Ticket
- Date: Wed, 23 Mar 2005 13:55:50 -0500
- Organization: The Ohio State University
> No, there's no pre-shared secret between the user and the SP, just between
> the user and the KDC.
I know. The SAML subject confirmation key would be the session key, it's the
KDC-supplied secret that both the parties can decrypt but nobody else can.
> Sure, but at this point you're re-inventing kerberos; why would you
> want to do that instead of just using RFC1510bis?
Of course, but that's precisely what the person was asking about. So yes,
it's possible, and no, I wouldn't do it.
-- Scott
- Re: Use SAML Assertion as Kerberos Ticket, (continued)
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
Archive powered by MHonArc 2.6.16.