mace-opensaml-users - RE: Use SAML Assertion as Kerberos Ticket

Subject: OpenSAML user discussion

List archive

RE: Use SAML Assertion as Kerberos Ticket

From: "Scott Cantor" <>
To: "'Derek Atkins'" <>
Cc: "'Pham Hoai Van'" <>, <>
Subject: RE: Use SAML Assertion as Kerberos Ticket
Date: Wed, 23 Mar 2005 13:55:50 -0500
Organization: The Ohio State University

> No, there's no pre-shared secret between the user and the SP, just between
> the user and the KDC.

I know. The SAML subject confirmation key would be the session key, it's the
KDC-supplied secret that both the parties can decrypt but nobody else can.

> Sure, but at this point you're re-inventing kerberos; why would you
> want to do that instead of just using RFC1510bis?

Of course, but that's precisely what the person was asking about. So yes,
it's possible, and no, I wouldn't do it.

-- Scott

Re: Use SAML Assertion as Kerberos Ticket, (continued)
- Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
  - Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
    - Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
      - RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
    - Re: Use SAML Assertion as Kerberos Ticket, Tom Scavo, 03/23/2005
      - Re: Use SAML Assertion as Kerberos Ticket, Pham Hoai Van, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
        
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005
        Re: Use SAML Assertion as Kerberos Ticket, Derek Atkins, 03/23/2005
        RE: Use SAML Assertion as Kerberos Ticket, Scott Cantor, 03/23/2005

List archive

RE: Use SAML Assertion as Kerberos Ticket