The Unencrypted Form of Kerberos 5 KRB-CRED Message
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, krb-wg mailing list <email@example.com>, krb-wg chair <firstname.lastname@example.org> Subject: Protocol Action: 'The Unencrypted Form Of Kerberos 5 KRB-CRED Message' to Proposed Standard (draft-ietf-krb-wg-clear-text-cred-03.txt) The IESG has approved the following document: - 'The Unencrypted Form Of Kerberos 5 KRB-CRED Message' (draft-ietf-krb-wg-clear-text-cred-03.txt) as a Proposed Standard This document is the product of the Kerberos Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-krb-wg-clear-text-cred/
Technical Summary The Kerberos 5 KRB-CRED message is used to transfer Kerberos credentials between applications. When used with a secure transport the unencrypted form of the KRB-CRED message may be desirable. This document describes the unencrypted form of the KRB-CRED message. Working Group Summary The Kerberos Working group had consensus to publish this document as a proposed standard. Document Quality The OASIS Security Services TC received a request for a mechanism to transport a Kerberos ticket and associated credential information in the Security Assertion Markup Language. This will be transported over a confidentiality and integrity protected channel. The intent is for a SAML IDP to be able to permit a SAML service to use Kerberos acting on behalf of some subject. As such, the service may have no existing Kerberos keying material but will have SAML keying material. As an implementation accident, at least three Kerberos implementations already had a facility for transporting Kerberos credentials without a key. Previously this was thought to be an unneeded facility that at best was yet another corner case to test. This document standardizes that already widely implemented facility because it happened to meet the needs of the WG in this area. Personnel Sam Hartman is the document shepherd. Stephen Farrell is the responsible AD.