On Jun 21, 2011 8:16 AM, "Peter Gutmann" <[email protected]> wrote: > > Nico Williams <[email protected]> writes: > > >Not so! Please point to some evidence if you wish to insist on this. > > GSS-API is pretty Kerberos-y. It may not have it directly baked in, but you > really have to squint at it pretty funny to go beyond Kerberos. I know you > can pretend it's not a meant-for-Kerberos API, but that doesn't change the > fact that that's effectively what it is.
No, Kerberos was pretty much the only mechanism available for much too long. That may be why you identify GSS with Kerberos. Moreover the GSS-API now has extensions for dealing with complex attributes like SAML's, and though originally inspired by MSFT's PAC, they evolved to be usable with SAML. Nico --
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
