View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000262510000-004: ServicesSpecpublic2013-09-30 11:422018-03-02 18:54
Reporterrandyarmstrong Assigned ToMatthias Damm  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionwon't fix 
Product Version1.02 
Summary0002625: Need a non-XML Kerberos Token
Description

We have agreed that the WS- implementations will be depreciated, however, kerberos user authentication still requires WS- XML wrappers for what is basically binary data. This makes implementing Kerberos user token significantly more difficult on embedded systems without an XML parser (see addition info for specifics of the problems created).

For this reason we need a new UserTokenType = Kerberos that contains the raw binary Kerberos ticket. This would be in addition to the WS-* ticket and .NET implementations will be able to easily support both (this has been prototyped).

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0002678 closedKarl Deiretsbacher 10000-007: Profiles Kerberos User Token added 
related to 0004186 closedPaul Hunkar 10000-002: Security Kerberos support 

Activities

Matthias Damm

2013-10-01 16:41

developer   ~0005033

Discussed in Telco today.
Matthias to prepare a proposal for discussion in the F2F next week.

Matthias Damm

2013-10-09 19:08

developer   ~0005043

Added new UserIdentityToken KerberosToken
Resolved in document IEC 62541-4 - Services [Pre-CDV] 1.02.06.doc

Jim Luth

2013-11-25 18:05

administrator   ~0005142

Agreed to changes in doc. Waiting for Matthias to create a related issue for Part 7 before I close it.

Jim Luth

2014-03-11 18:07

administrator   ~0005321

Agreed to back these changes out of IEC version. Then later solve this problem another way using an opaque blob for the token who's format us defined by the corresponding URI.

Matthias Damm

2014-11-20 21:49

developer   ~0005649

Integrated Kerberos user token definition back into document after IEC release

Jim Luth

2014-12-09 16:19

administrator   ~0005678

Randy couldn't get interop to work with the KerberosToken as defined in the draft. We will leave this Mantis issue resolved until we have can validate the spec is right.

Jim Luth

2015-07-14 15:46

administrator   ~0006233

Remove this from 1.03. (To be verified and added back in for 1.04)

Jim Luth

2015-07-20 16:57

administrator   ~0006241

I removed this from 1.03 before the final release.

Matthias Damm

2016-12-20 17:34

developer   ~0007678

During prototyping we did not find an interoperable way to use Kerberos.
It is possible to use Kerberos through IssuedToken.

The expectation is that the general requirement behind this feature request will be solved with support of OAuth2 in the future.

Jim Luth

2016-12-20 17:35

administrator   ~0007679

agreed to no fix in telecon.

Issue History

Date Modified Username Field Change
2013-09-30 11:42 randyarmstrong New Issue
2013-10-01 16:35 Matthias Damm Status new => assigned
2013-10-01 16:35 Matthias Damm Assigned To => Matthias Damm
2013-10-01 16:41 Matthias Damm Note Added: 0005033
2013-10-09 19:08 Matthias Damm Status assigned => resolved
2013-10-09 19:08 Matthias Damm Resolution open => fixed
2013-10-09 19:08 Matthias Damm Note Added: 0005043
2013-11-25 18:05 Jim Luth Note Added: 0005142
2013-11-25 21:19 Matthias Damm Relationship added related to 0002678
2013-12-03 18:04 Jim Luth Status resolved => closed
2013-12-03 18:04 Jim Luth Fixed in Version => 1.03
2014-03-11 18:07 Jim Luth Status closed => feedback
2014-03-11 18:07 Jim Luth Resolution fixed => reopened
2014-03-11 18:07 Jim Luth Note Added: 0005321
2014-03-11 18:07 Jim Luth Status feedback => assigned
2014-11-18 17:42 Jim Luth Category (No Category) => Spec
2014-11-18 17:43 Jim Luth Issue cloned: 0002890
2014-11-18 18:55 Jim Luth Target Version => 1.03
2014-11-19 09:25 Nathan Pocock Additional Information Updated
2014-11-19 09:27 Nathan Pocock Additional Information Updated
2014-11-20 21:49 Matthias Damm Note Added: 0005649
2014-11-20 21:49 Matthias Damm Status assigned => resolved
2014-11-20 21:49 Matthias Damm Resolution reopened => fixed
2014-12-09 16:19 Jim Luth Note Added: 0005678
2015-07-14 15:46 Jim Luth Note Added: 0006233
2015-07-14 15:46 Jim Luth Status resolved => feedback
2015-07-14 15:46 Jim Luth Resolution fixed => reopened
2015-07-14 15:46 Jim Luth Status feedback => assigned
2015-07-20 16:57 Jim Luth Note Added: 0006241
2015-07-20 16:57 Jim Luth Target Version 1.03 => 1.04
2016-12-20 17:34 Matthias Damm Note Added: 0007678
2016-12-20 17:34 Matthias Damm Status assigned => resolved
2016-12-20 17:34 Matthias Damm Resolution reopened => won't fix
2016-12-20 17:35 Jim Luth Note Added: 0007679
2016-12-20 17:35 Jim Luth Status resolved => closed
2016-12-20 17:35 Jim Luth Fixed in Version 1.03 =>
2018-03-02 18:54 Paul Hunkar Relationship added related to 0004186