IPP Mail Archive: RE: IPP> TES - Bake-Off Phone conference

RE: IPP> TES - Bake-Off Phone conference

From: pmoore@peerless.com
Date: Wed Aug 16 2000 - 11:33:44 EDT

  • Next message: Wagner,William: "RE: IPP> ADM - IPP Phone Conference - 000816"

    INterop is possible - between a printer and the MS IPP client. Everything they
    are doing follows well defined standards - all you need to know is the name of
    the authentication scheme (Negotiate) and that it does SPNEGO.

    "McDonald, Ira" <imcdonald@sharplabs.com> on 08/15/2000 07:03:13 PM

    To: "'Carl Kugler/Boulder/IBM'" <kugler@us.ibm.com>, pmoore@peerless.com
    cc: Peter.Zehler@usa.xerox.com, ipp@pwg.org (bcc: Paul Moore/AUCO/US)

    Subject: RE: IPP> TES - Bake-Off Phone conference

    Hi Carl,

    Right - your reference below (and I-D) is the best I
    can find in a search - a '-00' level proposal.

    The IETF CAT (Common Authentication Technology) WG
    has done other work with Kerberos and PKI. They'll
    probably wind up the home for Smith's work if it's
    found favorable.

    Interop testing is not possible, I agree.

    Cheers,
    - Ira McDonald, consulting architect at Xerox and Sharp
      High North Inc

    -----Original Message-----
    From: Carl Kugler/Boulder/IBM [mailto:kugler@us.ibm.com]
    Sent: Tuesday, August 15, 2000 2:23 PM
    To: pmoore@peerless.com
    Cc: Peter.Zehler@usa.xerox.com; ipp@pwg.org
    Subject: Re: IPP> TES - Bake-Off Phone conference

    Without a standard, I guess we can't do interop testing, anyway, though
    there is a proposal at

    http://hex.tamu.edu/drafts/draft-smith-http-third-party-authentication-00.tx
    t

    Is there a "de facto" standard documented somewhere?

              -Carl

    pmoore@peerless.com on 08/15/2000 12:26:45 PM

    To: Carl Kugler/Boulder/IBM@IBMUS
    cc: pmoore@peerless.com, Peter.Zehler@usa.xerox.com, ipp@pwg.org
    Subject: Re: IPP> TES - Bake-Off Phone conference

    Correct - there is no standard for Kerberizing HTTP. MS have added a new
    authentiation scheme that triggers a GSSAPI/SPNEGO interaction. This does
    either
    Kerberos or NTLM depending on whether or not the client is capable of
    Kerberos.
    Throw in a bit of Base64 encoding and you're done.

    "Carl Kugler/Boulder/IBM" <kugler@us.ibm.com> on 08/15/2000 11:13:10 AM

    To: pmoore@peerless.com
    cc: Peter.Zehler@usa.xerox.com, ipp@pwg.org (bcc: Paul Moore/AUCO/US)

    Subject: Re: IPP> TES - Bake-Off Phone conference

    Hmm... I wasn't aware of a standard for Kerberos HTTP authentication,
    either, although there has been some recent discussion on the http-wg list
    about "ticket based authentication" (see
    http://www.ics.uci.edu/pub/ietf/http/hypermail/2000/0165.html). How does
    W2K implement this?

         -Carl

    pmoore@peerless.com on 08/15/2000 11:41:16 AM

    To: Carl Kugler/Boulder/IBM@IBMUS
    cc: Peter.Zehler@usa.xerox.com, ipp@pwg.org
    Subject: Re: IPP> TES - Bake-Off Phone conference

    IE5 on Windows 2000, and hence the MS IPP client on Windows 2000, does
    Kerberos
    authentication. IPP just rides on the back of whatever HTTP authentication
    happens to be available.

    "Carl Kugler/Boulder/IBM" <kugler@us.ibm.com> on 08/15/2000 09:27:36 AM

    To: Peter.Zehler@usa.xerox.com
    cc: ipp@pwg.org (bcc: Paul Moore/AUCO/US)

    Subject: Re: IPP> TES - Bake-Off Phone conference

    > 1) A quick walk through the Bake-Off testing outline. The objective is to
    > get some input on specific areas of testing.
    > The document is located at
    > "ftp://www.pwg.org/pub/pwg/ipp/new_TES/IPP-Test-Plan-000814.pdf".

    Peter-

    I see Kerberos listed under Authentication and Security. I didn't know IPP
    had Kerberos authentication. I'm interested in finding out more about
    this. Kerberos has a lot of advantages in a distributed environment, e.g.,
    single sign on and centralized administration.

         -Carl



    This archive was generated by hypermail 2b29 : Wed Aug 16 2000 - 11:57:25 EDT