<Sam> > Ben> Hi from a Newbe, > > Ben> I am interested in the Kerberos protocol for use with SOAP. > Ben> Not using Kerberos as-is, but using the protocol inside SOAP > Ben> messages. > > Ben> Therefore sending a SOAP message to a 'AS' server behind a > Ben> SOAP server, and getting the encrypted Ticket returned in > Ben> another SOAP message, as the SOAP Body in Base64. > >Seems like a lot of wasted effort to do this; you cannot reuse >existing Kerberos code bases, you get to repeat most of the protocol >design mistakes of the last 10 years, etc. > >I'd recommend that you just use Kerberos if you don't have any >annoying firewall constraints or that you do something that wraps >unmodified Kerberos exchanges if you cannot rely on IP connectivity. > </Sam>
Sam, I totally agree, a complete waist of time. Unfortunatelly I have no choice. Well, little choice. I am behind firewalls and proxy. I am doing EDI, which will involce three layes of firewalls/proxy. (Customer, ISP, Us.) I can only really on http, https, ftp etc. I can use https. This however involves purchacing a certificate anually, and does not give authentication. Although this does allow encrypted plane-text authentication. It also requires a rather complex cleint. With http, I can almost pipe data through telnet, a significant advantage for where I'm going. For this reason, I was thinking about putting a Kerbose client/server of the simplest design possible either side of the termiating SOAP layers. This would give me security and authentication, which is all I need. I notice that XML has a nice Base64 data type, ideal for carrying encrypted data within a <Body> with an xmlns:Kerberos.... I was also thinking, maybe unrealistically, that I can't be the only person in this situation, and producing a Kerberos extension to a SOAP Client/server might be received quite well on the Internet. Thanks for your reply, Ben Clewett. </Sam> > > >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >http://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
