[543] in Kerberos
Re: [Ted Anderson: principal name standards]
daemon@TELECOM.MIT.EDU (John T Kohl)
Mon Dec 12 15:59:18 1988
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: Kerberos Users <kerberos@ATHENA.MIT.EDU>,
Cc: Bill Sommerfeld <wesommer@ATHENA.MIT.EDU>,
In-Reply-To: Jennifer Steiner's message of Mon, 12 Dec 88 11:16:07 EST,
There has been some discussion about combining the name and instance
fields together in the next revision of the Kerberos protocol.
I'm not completely convinced that this is necessarily worthwhile.
some arguments for:
-forces less policy on non-MIT sites, making import more likely
-removes (weak) constraint on the format of authentication names
some arguments against:
-makes some access control and authorization functions much hairier
(such as those being considered for use at MIT)
-makes compartmentalization of user "work space" more difficult
It would be possible to retain the concept of instances by providing
a programming interface supporting it, and following conventions in
principal naming such that this interface works correctly. This seems
to me to be the best way to go right now. It makes instances just an
interpretation convention followed by a given Kerberos site, freeing the
hands of those sites wanting free hands, and letting those sites
desiring instance-type authorization compartments to provide it.
[Of course, all this depends on the KDC manager being trusted not to
register principals breaking local conventions]
Opinions, questions?
John Kohl <jtkohl@ATHENA.MIT.EDU>
Digital Equipment Corporation/MIT Project Athena
(As usual, the opinions expressed above do not necessarily reflect the
opinions of my employer. :-)
