Authentication Indicator in Kerberos Tickets

The information below is for an old version of the document
Document Type Expired Internet-Draft (kitten WG)
Authors Anupam Jain  , Nathan Kinder  , Nathaniel McCallum 
Last updated 2015-12-23 (latest revision 2015-02-17)
Replaces draft-jain-kitten-krb-auth-indicator
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document proposes an extension in the Kerberos protocol [RFC4120]. It defines a new Authorization Data Type AD- AUTHENTICATION-INDICATOR. The purpose of introducing this data type is to include an indicator of the strength of a client's authentication in the service tickets so that the application services can use it as an input into policy decisions.


Anupam Jain (
Nathan Kinder (
Nathaniel McCallum (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)