W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Misconceptions about the GSS-API

From: Nico Williams <nico@cryptonector.com>
Date: Fri, 13 Jul 2012 17:10:00 -0500
Message-ID: <CAK3OfOgkmOXnLwehgVzmwwy8AX3au_u7Ojn_Kse72viHTV-U9Q@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Maybe we should rename the bloody thing...  One more misconception
seems to be that "API" means you must have a library and use _it_.
But GSS is an *abstract* API and there's no need to either have a
complete implementation, nor to have C or any other bindings of the
abstract API.  Microsoft, for example, has been using SSPI instead of
GSS for ages, yet interops on the wire.  Samba has implemented GSS
without using the API at all.  Those are existence proofs...

We created SASL/GS2 (which is what REST-GSS actually uses) in large
part to simplify things.  I should have called it REST-SASL..  Maybe I
still can!

Nico
--
Received on Friday, 13 July 2012 22:10:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 July 2012 22:10:31 GMT