OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only
  • 1.  Authentication Usecases

    Posted 12-01-2010 16:51
    For each, I list:
     the name, 
     the per entity information required to authenticate the subject, 
     any other information required to authenticate the subject and 
     any optional, but likely to be needed information.
    
    username/password
    hashed password
    none
    none
    
    Kerberos
    none
    Kerberos ID including secret key (keytab)
    none
    
    SAML/SSO
    Id of Trusted IdP
    Root certificate or shared secret to verify signature or TLS keys & certificates
    none
    
    Open ID
    none
    Id of Trusted IdP's
    Means to authenticate
    
    X.509 PKI
    none
    Trusted Root Certificates
    Certificate and private key to authenticate
    
    Hardware token
    none
    Access to authentication server, typically with RADIUS
    none
    
    -------
    
    I suggest that the category of WS Security Token be dropped from the list. A WSS Token is one of several things, including username, X.509 Certificate, Kerberos Ticket and SAML Assertion. All of these should be covered individually.
    
    Hal