Technical Summary
The Kerberos 5 KRB-CRED message is used to transfer Kerberos
credentials between applications. When used with a secure transport
the unencrypted form of the KRB-CRED message may be desirable. This
document describes the unencrypted form of the KRB-CRED message.
Working Group Summary
The Kerberos Working group had consensus to publish this document as a
proposed standard.
Document Quality
The OASIS Security Services TC received a request for a mechanism to
transport a Kerberos ticket and associated credential information in
the Security Assertion Markup Language. This will be transported over
a confidentiality and integrity protected channel. The intent is for a
SAML IDP to be able to permit a SAML service to use Kerberos acting on
behalf of some subject. As such, the service may have no existing
Kerberos keying material but will have SAML keying material. As an
implementation accident, at least three Kerberos implementations
already had a facility for transporting Kerberos credentials without a
key. Previously this was thought to be an unneeded facility that at
best was yet another corner case to test. This document standardizes
that already widely implemented facility because it happened to meet
the needs of the WG in this area.
Personnel
Sam Hartman is the document shepherd.
Stephen Farrell is the responsible AD.