[30840] in Kerberos
Re: WS-Security and GSS-API: How do I get the session key?
daemon@ATHENA.MIT.EDU (Max (Weijun) Wang)
Mon Mar 9 15:54:22 2009
MIME-version: 1.0
Date: Mon, 09 Mar 2009 09:34:36 +0800
From: "Max (Weijun) Wang" <Weijun.Wang@Sun.COM>
In-reply-to: <78c6bd860903061254u15f3c76l8792158564ec1b1@mail.gmail.com>
To: Michael B Allen <ioplex@gmail.com>
Message-id: <BA3C5700-62F4-4571-8AE8-0937241C28E3@Sun.COM>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mar 7, 2009, at 4:54 AM, Michael B Allen wrote:
> On Thu, Mar 5, 2009 at 9:29 PM, <weijun.wang@sun.com> wrote:
>> Hi Luke
>>
>> On Feb 24, 9:36 pm, Luke Howard <lu...@padl.com> wrote:
>>>> I don't recall offhand if there's been an IETF draft proposing the
>>>> specific extension we've got for extracting the session key.
>>>
>>
>>> major = gss_inquire_sec_context_by_oid(&minor,
>>> ctx,
>>> GSS_C_INQ_SSPI_SESSION_KEY,
>>> &skey);
>>
>> Cool, we (Java SE Team at Sun) are also preparing to add a new method
>> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.
>
> I think it would be better to have a GSSContext method that could
> return an Object that is specific to the OID supplied. For example, in
> the case of the session key, it would return a byte[] array like:
>
> Oid sspiSessionKeyOid = new Oid("1.2.840.113554.1.2.2.5.5");
> byte[] sessionKey =
> (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);
>
> Otherwise you're going to end up just adding more methods in an
> already overwhelming API.
Sure, if we are going to support other OIDs, we would use a method
name like inquireSecContext(Oid).
Weijun
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
