Getting a type code for AuthorizationData

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Getting a type code for AuthorizationData

Rick van Rein (OpenFortress)
Hello,

Is there a registry or registrar for the ad-type values for
Authorization Data?

I assume documentation in a static place is appreciated, perhaps even
required.  To me, an Internet Draft would seem reasonable.

Do people generally advise locally meaningful values in ad-data fields,
even when we intend to make realm-crossing use of it, or is there some
appreciation for more standardised structures, such as Diameter frames
or unsigned SAML?  The latter two would make some sense in our project,
which aims to make secure use of online services simpler and more general.


Thanks,
 -Rick
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Getting a type code for AuthorizationData

Greg Hudson
On 10/05/2018 04:49 AM, Rick van Rein wrote:
> Is there a registry or registrar for the ad-type values for
> Authorization Data?

https://github.com/krb5/krb5-assignments

There was (and perhaps will be again) an attempt to move these
registries to IANA, but for now they are managed by me.

https://tools.ietf.org/html/draft-ietf-kitten-kerberos-iana-registries-04

> I assume documentation in a static place is appreciated, perhaps even
> required.  To me, an Internet Draft would seem reasonable.

Sometimes I make a reservation without documentation, but it is better
to have it.

> Do people generally advise locally meaningful values in ad-data fields,
> even when we intend to make realm-crossing use of it, or is there some
> appreciation for more standardised structures, such as Diameter frames
> or unsigned SAML?  The latter two would make some sense in our project,
> which aims to make secure use of online services simpler and more general.

I don't have anything insightful to say about this.  You might try
asking this question on the kitten list, perhaps with more context as to
what authorization data is being used for.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos