A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kerberos Working Group of the IETF.
Title : Problem statement on the cross-realm operation of Kerberos
Author(s) : S. Sakane, et al.
Filename : draft-ietf-krb-wg-cross-problem-statement-05.txt
Pages : 13
Date : 2009-10-15
The Kerberos protocol is today one of the most widely deployed
authentication protocols in the Internet. In order for a Kerberos
deployment to operate in a scalable manner, different Kerberos realms
must interoperate in such a way that cross-realm operations can be
performed efficiently and securely.
This document provides background information regarding large scale
Kerberos deployments in the industrial sector, with the aim of
identifying issues in the current Kerberos cross-realm authentication
model as defined in RFC4120.
As industrial automation is moving towards wider adoption of Internet
standards, the Kerberos authentication protocol represents one of the
best alternatives for ensuring the confidentiality and the integrity
of communications in control networks while meeting performance and
security requirements.
However, the use of Kerberos cross-realm operations in large scale
industrial systems may introduce issues that could cause performance
and reliability problems. This document describes some examples of
actual large scale industrial systems, and lists requirements and
restriction regarding authentication operations in such environments.
The current document also identifies a number of requirements derived
from the industrial automation field. Although they are found in the
field of industrial automation, these requirements are general enough
and are applicable to the problem of Kerberos cross-realm operations.
These requirements need to be satisfied by proposed Kerberos cross-
realm frameworks or architectures, as well as specific solutions that
implement those frameworks or architectures.
Conventions used in this document
The reader is assumed to be familiar with the terms and concepts
described in the Kerberos Version 5 [RFC4120].
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-cross-problem-statement-05.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-cross-problem-statement-05.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
