Without a standard, I guess we can't do interop testing, anyway, though
there is a proposal at
http://hex.tamu.edu/drafts/draft-smith-http-third-party-authentication-00.txt
Is there a "de facto" standard documented somewhere?
-Carl
pmoore@peerless.com on 08/15/2000 12:26:45 PM
To: Carl Kugler/Boulder/IBM@IBMUS
cc: pmoore@peerless.com, Peter.Zehler@usa.xerox.com, ipp@pwg.org
Subject: Re: IPP> TES - Bake-Off Phone conference
Correct - there is no standard for Kerberizing HTTP. MS have added a new
authentiation scheme that triggers a GSSAPI/SPNEGO interaction. This does
either
Kerberos or NTLM depending on whether or not the client is capable of
Kerberos.
Throw in a bit of Base64 encoding and you're done.
"Carl Kugler/Boulder/IBM" <kugler@us.ibm.com> on 08/15/2000 11:13:10 AM
To: pmoore@peerless.com
cc: Peter.Zehler@usa.xerox.com, ipp@pwg.org (bcc: Paul Moore/AUCO/US)
Subject: Re: IPP> TES - Bake-Off Phone conference
Hmm... I wasn't aware of a standard for Kerberos HTTP authentication,
either, although there has been some recent discussion on the http-wg list
about "ticket based authentication" (see
http://www.ics.uci.edu/pub/ietf/http/hypermail/2000/0165.html). How does
W2K implement this?
-Carl
pmoore@peerless.com on 08/15/2000 11:41:16 AM
To: Carl Kugler/Boulder/IBM@IBMUS
cc: Peter.Zehler@usa.xerox.com, ipp@pwg.org
Subject: Re: IPP> TES - Bake-Off Phone conference
IE5 on Windows 2000, and hence the MS IPP client on Windows 2000, does
Kerberos
authentication. IPP just rides on the back of whatever HTTP authentication
happens to be available.
"Carl Kugler/Boulder/IBM" <kugler@us.ibm.com> on 08/15/2000 09:27:36 AM
To: Peter.Zehler@usa.xerox.com
cc: ipp@pwg.org (bcc: Paul Moore/AUCO/US)
Subject: Re: IPP> TES - Bake-Off Phone conference
> 1) A quick walk through the Bake-Off testing outline. The objective is to
> get some input on specific areas of testing.
> The document is located at
> "ftp://www.pwg.org/pub/pwg/ipp/new_TES/IPP-Test-Plan-000814.pdf".
Peter-
I see Kerberos listed under Authentication and Security. I didn't know IPP
had Kerberos authentication. I'm interested in finding out more about
this. Kerberos has a lot of advantages in a distributed environment, e.g.,
single sign on and centralized administration.
-Carl
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 17:31:32 EDT