[16764] in Kerberos_V5_Development
Re: Fwd: Delegation and Moonshot
daemon@ATHENA.MIT.EDU (Nico Williams)
Wed Apr 6 16:40:25 2011
MIME-Version: 1.0
In-Reply-To: <A10DD59A-8ADA-451E-81D4-F4CDEC895907@jpl.nasa.gov>
Date: Wed, 6 Apr 2011 15:40:20 -0500
Message-ID: <BANLkTinPL4th_Zy8ZSoLuViS0cnCkYLH3w@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Wed, Apr 6, 2011 at 2:11 PM, Henry B. Hotz <hotz@jpl.nasa.gov> wrote:> On Apr 6, 2011, at 9:06 AM, krbdev-request@mit.edu wrote:>> That seemed to be the case 8 years ago or so when we were working on>> the problem of identity linked service authorization assertions.>> There seemed to be a plethora of issues raised surrounding the>> inability of anything in the ecosystem to handle kerberos tickets>> which enclosed auth_data encoded payloads. If I remember correctly>> the thought of loading any type of XML data as authorization>> information was voiced as profoundly repugnant.>> I will own up to being one of those. I still regard the use of XML instead of ASN.1 as ugly in the context of Kerberos. I would prefer an attribute certificate to a SAML assertion.>> That said, the use of XML and SAML has increased over the years, and I am bowing out of that battle.
XML and SAML are here to stay -- they are now facts of life. Thatsaid, and while we're going on stating personal preferences, I'llstate mine :) :) which is this: I like ASN.1, but I despiseBER/DER/CER -- I really like PER. And as for XML, for encodingmessages it seems like a very poor choice, like a really badre-invention of ASN.1 and BER. (But note that I'm not passingjudgement on XML as a markup language for _documents_.)
Nico--
_______________________________________________krbdev mailing list krbdev@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
