>Recently, I had a couple of my student employees work up a >proof-of-concept using SAML (with a kerb auth as part of the payload) >as the protocol -- since SAML seems like a more likely future direction >for a standardized auth protocol than something I threw together one >night in 1990 :)
I am not that sure, actually. Every time I look at SAML, I re-remember my biggest issue with it - the spec is frickin' huge (379 pages for all of the documents for SAML 2.0). Also, it's rather "webby" ... I mean, the protocol is based on HTTP? You need an XML library? And it seems that you probably need SOAP in there as well. Every example I've seen of it clearly is web-oriented. I guess I see the advantage to using it when you have an already-bloated web server, but cramming all of that into sshd? Ugh. Okay, you'll bring up points about code reuse, complying with a standard, having someone else design the protocol, etc etc ... yeah, I don't disagree with you on all that. But it just seems like a whole mess of baggage you're getting when a home-grown protocol will be simpler to understand, easier to maintain, and overall less work. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
