Added protocol description for GSS Web authentication.

author Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>

Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)

committer Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>

Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)
author Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>
Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)
committer Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>
Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)
diff --git a/protocol.txt b/protocol.txt

new file mode 100644 (file)

index 0000000..846802e
--- /dev/null
+++ b/protocol.txt
@@ -0,0 +1,22 @@
+This file describes the protocol used for GSSWeb authentication.
+
+The client goes to /<app>/gss and does a POST containing:
+
+token: <Base64-encoded GSS Token>
+nonce: <Random String>
+
+The server will respond by sending a JSON reponse:
+
+{gssweb: {
+    token: "<Base64-encoded & escaped GSS Token>",
+    nonce: "<Nonce from request>"},
+ application: {
+    data: "<Base-64-encoded & escaped application data>",
+    content-type: "<Original content-type>",
+    Content-Length: "<Original content-length>"}
+}
+
+The "gssweb" section in the response is used for the GSS exchange.
+Upon completion of the GSS exchange, the "application" section is used
+by the client to reconstruct the application response upon completion
+of the GSS exchange.
author	Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>
	Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)
committer	Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>
	Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)