SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: RFC Editor <firstname.lastname@example.org> Cc: The IESG <email@example.com>, <firstname.lastname@example.org>, email@example.com Subject: Re: Informational RFC to be: draft-jaganathan-kerberos-http-02.txt The IESG has no problem with the publication of 'Kerberos based HTTP Authentication in Windows' <draft-jaganathan-kerberos-http-02.txt> as an Informational RFC. The IESG would also like the IRSG or RFC-Editor to review the comments in the datatracker (https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=13247&rfc_flag=0) related to this document and determine whether or not they merit incorporation into the document. Comments may exist in both the ballot and the comment log. The IESG contact person is Scott Hollenbeck. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-jaganathan-kerberos-http-02.txt The process for such documents is described at http://www.rfc-editor.org/indsubs.html. Thank you, The IESG Secretary
Technical Summary This document describes how the Microsoft Internet Explorer (MSIE) and Internet Information Services (IIS) incorporated in Microsoft Windows 2000 use Kerberos for security enhancements of web transactions. The Hypertext Transport Protocol (HTTP) auth-scheme of "negotiate" is defined here; when the negotiation results in the selection of Kerberos, the security services of authentication and optionally impersonation(the IIS server assuming the windows identity of the principal which has been authenticated) are performed. This document explains how HTTP authentication utilizes the Simple and Protected GSS-API Negotiation mechanism. Details of SPNEGO implementation are not provided in this document. Working Group Summary This document is the work of individual submitters who asked the RFC Editor to publish it as an Informational RFC. Thought it has been evaluated by the IESG for conflicts with existing IETF work, it has not been reviewed by an IETF working group. Protocol Quality Scott Hollenbeck and Sam Hartman have reviewed the document for the IESG. AD evaluation comments can be found in the I-D tracker. The authors claim that the mechanism described in the document has been implemented in the Microsoft Internet Explorer (MSIE) and Internet Information Services (IIS) incorporated in Microsoft Windows 2000. IESG Note This RFC is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this RFC for any purpose and in particular notes that the decision to publish is not based on IETF review for such things as security, congestion control, or inappropriate interaction with deployed protocols. The RFC Editor has chosen to publish this document at its discretion. Readers of this document should exercise caution in evaluating its value for implementation and deployment. See RFC 3932 for more information. Note to the RFC Editor Please review the IESG evaluation comments found in the datatracker, including suggestions from multiple Area Directors to change the title of the document to include "Microsoft" with "Windows".