CSIv2 1.0 NO IDEA Avatar
  1. OMG Issue

CSIV2 — GSSUP Names are inconsistent other security mechanisms.

Open Closed All
  • Key: CSIV2-2
  • Legacy Issue Number: 3922
  • Status: closed  
  • Source: Syracuse University ( Polar Humenn)
  • Summary:

    Document: orbos/2000-08-04 CSIv2 Joint Submission
    Subject: GSSUP Names are inconsistent other security mechanisms.
    Severity: Medium

    Summary:
    The names supplied in the InitialContextToken for the UserName password
    scheme invents a name type called a Security::ScopedName. This is just yet
    another name type that must be dealt with and is completely inconsistent
    with anything else used for names. The contents of the scope and the name
    are underspecified.

    Discussion:
    The structure should allow for all forms of name types. The easiest
    way to do accomplish consistency is to use a GSS exported Name type.

    struct InitialContextToken

    { Security::GSS_NT_ExportedName username; Security::UTF8String password; }

    ;

    That way a password database can even store names that are DN's,
    X509GeneneralNames, Kerberos Names, NT Usernames, etc.
  • Reported: CSIv2 1.0b1 — Thu, 28 Sep 2000 04:00 GMT
  • Disposition: Resolved — CSIv2 1.0
  • Disposition Summary:

    Close issue with revised text
  • Updated: Fri, 6 Mar 2015 20:58 GMT