You are viewing a plain text version of this content. The canonical link for it is here.

Posted to kerby@directory.apache.org by Emmanuel Lécharny <el...@symas.com> on 2015/12/30 19:08:41 UTC

AdToken usage ?

Hi,

there is a class named org.apache.kerby.kerberos.kerb.type.ad.AdToken.
What is it used for ? (there is no reference to this class anywhere in
Kerby code)

AD-TOKEN ::= SEQUENCE {
      token     [0]  OCTET STRING,
}

Re: AdToken usage ?

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 04/01/16 06:18, Zheng, Kai a écrit :
> Not yet. There were two PDFs in the docs folder that document about it. They're still drafts but we're still pushing on that.

Ah, good to know !!!

I'll add a reference to this draft in the code.

Thanks Kai !

RE: AdToken usage ?

Posted by "Zheng, Kai" <ka...@intel.com>.

Not yet. There were two PDFs in the docs folder that document about it. They're still drafts but we're still pushing on that.
Review comments are welcome. Thanks.

Regards,
Kai

-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, December 31, 2015 4:38 PM
To: kerby@directory.apache.org
Subject: Re: AdToken usage ?

Le 31/12/15 04:19, Zheng, Kai a écrit :
> AD-TOKEN is an authorization data that wraps a token. When ticket is issued to honor a request with token credential, an authorization data in the type can be created and put into the ticket. The token or the token derivation can be wrapped in the data, so in application side, the authz data and the token can be queried and retrieved to enforce fine-grained authorization control using the richful token attributes.

Is there a RFC that describes it ?

Re: AdToken usage ?

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 31/12/15 04:19, Zheng, Kai a écrit :
> AD-TOKEN is an authorization data that wraps a token. When ticket is issued to honor a request with token credential, an authorization data in the type can be created and put into the ticket. The token or the token derivation can be wrapped in the data, so in application side, the authz data and the token can be queried and retrieved to enforce fine-grained authorization control using the richful token attributes.

Is there a RFC that describes it ?

RE: AdToken usage ?

Posted by "Zheng, Kai" <ka...@intel.com>.

AD-TOKEN is an authorization data that wraps a token. When ticket is issued to honor a request with token credential, an authorization data in the type can be created and put into the ticket. The token or the token derivation can be wrapped in the data, so in application side, the authz data and the token can be queried and retrieved to enforce fine-grained authorization control using the richful token attributes.

Yeah, we haven't used it yet. In fact, the whole authorization data part is lacking in current Kerby server side to be implemented. You may find many types defined but not used yet, such are indications we have much work to do. :(

Regards,
Kai

-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@symas.com] 
Sent: Thursday, December 31, 2015 2:09 AM
To: kerby@directory.apache.org
Subject: AdToken usage ?

Hi,

there is a class named org.apache.kerby.kerberos.kerb.type.ad.AdToken.
What is it used for ? (there is no reference to this class anywhere in Kerby code)

AD-TOKEN ::= SEQUENCE {
      token     [0]  OCTET STRING,
}