Status of draft-ietf-kitten-kerb-token-preauth-01

[Emmanuel Lécharny <el...@gmail.com>]

Hi Kai,

what is the status for the draft-ietf-kitten-kerb-token-preauth-0
document ? It's not present in the kitten WG list :
https://tools.ietf.org/wg/kitten/ Network Working Group

Re: Status of draft-ietf-kitten-kerb-token-preauth-01

[Emmanuel Lécharny <el...@gmail.com>]

Le 07/01/16 12:37, Zheng, Kai a écrit :
> Thanks for asking. Well, it's a long story and still a long term effort. Our side has finished the prototype implementation of the new mechanism for the MIT KDC, and in Kerby we wish to provide the reference implementation. The background is, we're working on a workable solution targeted for Hadoop ecosystem and Kerby (before Haox) is part of the effort for the Java client side (as Hadoop is also Java). We had some initial requirements and use cases, but they're far enough for the Kerberos Consortium to push it in the first priority. You see, pushing something isn't easy, even we're working so hard. On the other hand, the stack (Kerberos/Java/Hadoop) is so deep and the involved aspects/parties are so many. So bet we won't be so lucky to put it in the plate in some term soon.
Well, it's not really an isssue, as teh doc is in the project, and as
it's not used atm. I have added some reference in the class header :

/**
 * The AdToken component as defined in "Token Pre-Authentication for
Kerberos", "draft-ietf-kitten-kerb-token-preauth-01"
 * (not yet published, but stored in docs/Token-preauth.pdf) :
 *
 * <pre>
 * 6.4. AD-TOKEN
 *   The new Authorization Data Type AD-TOKEN type contains token
 *   derivation and is meant to be encapsulated into AD-KDC-ISSUED type
 *   and to be put into tgt or service tickets. Application can safely
 *   ignore it if the application doesn't understand it. The token field
 *   SHOULD be ASN.1 encoded of the binary representation of the
 *   serialization result of the derivation token according to [JWT].
 *  
 *         AD-TOKEN ::= SEQUENCE {
 *            token     [0]  OCTET STRING,
 *         }
 * </pre>
 *
 * @author <a href="mailto:dev@directory.apache.org">Apache Directory
Project</a>
 */

That should be helpful for those who want to know where it's coming from.

Thanks Kai !

/me continuing to review the kerby-core code. Atm, everything in
org.apache.kerby.kerberos.kerb.type.ad and
org.apache.kerby.kerberos.kerb.type.ap have been reviewed, I'm reviewing
org.apache.kerby.kerberos.kerb.type.base now (7 classes already reviewed).

RE: Status of draft-ietf-kitten-kerb-token-preauth-01

["Zheng, Kai" <ka...@intel.com>]

Thanks for asking. Well, it's a long story and still a long term effort. Our side has finished the prototype implementation of the new mechanism for the MIT KDC, and in Kerby we wish to provide the reference implementation. The background is, we're working on a workable solution targeted for Hadoop ecosystem and Kerby (before Haox) is part of the effort for the Java client side (as Hadoop is also Java). We had some initial requirements and use cases, but they're far enough for the Kerberos Consortium to push it in the first priority. You see, pushing something isn't easy, even we're working so hard. On the other hand, the stack (Kerberos/Java/Hadoop) is so deep and the involved aspects/parties are so many. So bet we won't be so lucky to put it in the plate in some term soon.

Regards,
Kai

-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, January 07, 2016 6:33 PM
To: kerby@directory.apache.org
Subject: Status of draft-ietf-kitten-kerb-token-preauth-01

Hi Kai,

what is the status for the draft-ietf-kitten-kerb-token-preauth-0
document ? It's not present in the kitten WG list :
https://tools.ietf.org/wg/kitten/ Network Working Group