[Ietf-http-auth] Re: [SAML-mechanism] RE:
as in SAML SASLMechanism?
Nicolas.Williams at sun.com
Wed Nov 16 08:09:08 PST 2005
On Wed, Nov 16, 2005 at 11:00:12AM -0500, Cyrus Daboo wrote:
> Hi Jeffrey,
> --On November 16, 2005 10:56:43 AM -0500 Jeffrey Altman
> <jaltman at secure-endpoints.com> wrote:
> >Even though I am pointing out the above, I too would prefer a direct use
> >of GSS for this purpose. I believe the GSS message oriented model is
> >better suited to incorporation in HTTP.
> Could you explain that a little more for those of us who are not as
> familiar with the intricacies of GSS as opposed to SASL?
SASL is stream-oriented -- apps write streams of octets; this is clearly
not suitable to use with any but stream-oriented transports.
The GSS-API is message-oriented and supports out of order message
delievery and processing and replay detection. So clearly the GSS-API
can be used with any transport, whether message- or stream-oriented.
Both, of course, are transport-independent, but SASL is inherently
limited to transports like TCP.
More information about the Ietf-http-auth