This document describes how the Microsoft Internet Explorer (MSIE)
and Internet Information Services (IIS) incorporated in Microsoft
Windows 2000 use Kerberos for security enhancements of web
transactions. The Hypertext Transport Protocol (HTTP) auth-scheme of
"negotiate" is defined here; when the negotiation results in the
selection of Kerberos, the security services of authentication and
optionally impersonation(the IIS server assuming the windows identity
of the principal which has been authenticated) are performed. This
document explains how HTTP authentication utilizes the Simple and
Protected GSS-API Negotiation mechanism. Details of SPNEGO
implementation are not provided in this document.
Working Group Summary
This document is the work of individual submitters who asked the
RFC Editor to publish it as an Informational RFC. Thought it has
been evaluated by the IESG for conflicts with existing IETF work,
it has not been reviewed by an IETF working group.
Scott Hollenbeck and Sam Hartman have reviewed the document for the
IESG. AD evaluation comments can be found in the I-D tracker. The
authors claim that the mechanism described in the document has been
implemented in the Microsoft Internet Explorer (MSIE) and Internet
Information Services (IIS) incorporated in Microsoft Windows 2000.
This RFC is not a candidate for any level of Internet Standard.
The IETF disclaims any knowledge of the fitness of this RFC for
any purpose and in particular notes that the decision to publish
is not based on IETF review for such things as security,
congestion control, or inappropriate interaction with deployed
protocols. The RFC Editor has chosen to publish this document at
its discretion. Readers of this document should exercise caution
in evaluating its value for implementation and deployment. See
RFC 3932 for more information.
Note to the RFC Editor
Please review the IESG evaluation comments found in the datatracker,
including suggestions from multiple Area Directors to change the title
of the document to include "Microsoft" with "Windows".