Thomas Hardjono | 4 Feb 18:41 2009

Towards Kerberizing Web Identity and Services: new MITKC publication & new mailing-list


Towards Kerberizing Web Identity and Services: a new publication from the MIT Kerberos Consortium



One of the major goals of the MIT Kerberos Consortium (KIT-KC) is to establish Kerberos as a ubiquitous authentication mechanism on the Internet and also to make Kerberos appropriate for new environments. One of the key efforts within the MIT-KC directed at this goal is the Kerberos-on-the-Web (Kerb-Web) project.


The Kerberos-on-the-web project seeks initially to investigate the various aspects of the development and deployment of Kerberos within the Web space. This includes, among others:

(a) the use of the Kerberos authentication paradigm within the context of web-authentication and web-services security,

(b) the possible architecture integration and interactions between the Kerberos infrastructure and web-services security infrastructure,

(c) the possible enhancements of the Kerberos authentication protocol and Kerberos token in order to address the requirements for Single-Sign-On (SSO) on the Web and Web Identity Federation, and

(d) the potential re-use of existing Kerberos infrastructure investments in enterprises and other organizations to support the deployment of Kerberos-on-the-Web solutions.


In order to provide a starting point and context for discussions going forward regarding Kerberos-on-the-web, the MIT-KC has issued a new publication entitled “Towards Kerberizing Web Identity and Services”. This publication can be found in the following location:


The MIT-KC is seeking feedback and input specifically on this publication. These can be addressed to the MIT-KC strategic advisor (hardjono <at>, addressed to the authors of the publication and/or posted to the new mitkc-web mailing-list (see below).


Additionally, as an accompaniment to this new publication the MIT-KC has created a new mailing-list dedicated to Kerberos-on-the-Web. This mailing-list aims to be an open venue where issues and challenges in bringing Kerberos to the Web can be discussed.







Kitten mailing list
Kitten <at>
Internet-Drafts | 18 Feb 00:00 2009

I-D ACTION:draft-ietf-kitten-rfc2853bis-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
This draft is a work item of the Kitten (GSS-API Next Generation) Working Group of the IETF.

	Title		: Generic Security Service API Version 2 : Java Bindings Update
	Author(s)	: M. Upadhyay, S. Malkani
	Filename	: draft-ietf-kitten-rfc2853bis-05.txt
	Pages		: 95
	Date		: 2009-2-16
The Generic Security Services Application Program Interface (GSS-API)offers application programmers
uniform access to security services atop a variety of underlying cryptographic mechanisms.  This
document updates the Java bindings for the GSS-API that are specified in
"Generic Security Service API version 2 : Java Bindings" (RFC2853).
This document obsoletes RFC 2853 by making specific and incremental
clarifications and corrections to it in response to identification of
transcription errors and implementation experience.

   The GSS-API is described at a language independent conceptual level
   in "Generic Security Service Application Program Interface Version 2,
   Update 1" (RFC2743).  The GSS-API allows a caller application to
   authenticate a principal identity, to delegate rights to a peer, and
   to apply security services such as confidentiality and integrity on a
   per-message basis.  Examples of security mechanisms defined for GSS-
   API are "The Simple Public-Key GSS-API Mechanism" (RFC2025) and "The
   Kerberos Version 5 GSS-API Mechanism (RFC4121).

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Attachment (draft-ietf-kitten-rfc2853bis-05.txt): message/external-body, 69 bytes
Kitten mailing list
Kitten <at>
Shawn M Emery | 26 Feb 07:04 2009

IETF 74 Agenda

Please review the meeting agenda for IETF 74:
and let us know if you would like to add or change anything.

Shawn and Alexey
kitten co-chairs