I am not working on Kerberos authentication via SOAP, but it is my understanding that
IBM's and Microsoft's WS-Security adds XML Signature and XML Encryption to SOAP and
that authentication is implicit in each message, and that you will need to explicitly
send KRB_AP_REQ and KRB_AP_REP messages to authenticate before you can send KRB_PRIV
and KRB_SAFE messages via SOAP.
Frank
[EMAIL PROTECTED]
iams.edu (jeremy To: [EMAIL PROTECTED]
redburn) cc:
Sent by: Subject: Kerberos authentication for
Web Services
kerberos-admin@mi
t.edu
07/08/2002 11:04
AM
I am interested in building a system (similar to Microsoft's .Net My
Services) that is a family of web services that clients authenticate
against using Kerberos. The idea is to have clients hit the KDC via
SOAP calls over SSL and get the ticket. Then they ask the KDC for a
ticket to communicate with a specific web service. Once I have that, I
should be able to encrypt all SOAP messages to the web service and
just pass the username.
But this doesn't seem to fit into the idea of how Kerberos
authentication works. Is anyone doing Kerberos authentication via SOAP
calls? What do people recommend for an authentication mechanism for a
family of web services?
thanks.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
