[38353] in Kerberos
Re: Getting a type code for AuthorizationData
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Oct 5 10:28:53 2018
To: Rick van Rein <rick@openfortress.nl>,
"kerberos@mit.edu" <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <941f8beb-4aa1-bf34-ac0d-875d8067edb8@mit.edu>
Date: Fri, 5 Oct 2018 10:28:30 -0400
MIME-Version: 1.0
In-Reply-To: <5BB72594.7060501@openfortress.nl>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 10/05/2018 04:49 AM, Rick van Rein wrote:
> Is there a registry or registrar for the ad-type values for
> Authorization Data?
https://github.com/krb5/krb5-assignments
There was (and perhaps will be again) an attempt to move these
registries to IANA, but for now they are managed by me.
https://tools.ietf.org/html/draft-ietf-kitten-kerberos-iana-registries-04
> I assume documentation in a static place is appreciated, perhaps even
> required. To me, an Internet Draft would seem reasonable.
Sometimes I make a reservation without documentation, but it is better
to have it.
> Do people generally advise locally meaningful values in ad-data fields,
> even when we intend to make realm-crossing use of it, or is there some
> appreciation for more standardised structures, such as Diameter frames
> or unsigned SAML? The latter two would make some sense in our project,
> which aims to make secure use of online services simpler and more general.
I don't have anything insightful to say about this. You might try
asking this question on the kitten list, perhaps with more context as to
what authorization data is being used for.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
