From: Margaret Wasserman <margaret@margaret-moonshot3.painless-security.com>
Date: Wed, 2 Jul 2014 11:42:18 +0000 (-0400)
Subject: Added protocol description for GSS Web authentication.
X-Git-Tag: gssweb-apache-2014-09-08~17
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.git;a=commitdiff_plain;h=fb7dbb24884404f5dca301dd32adfe173bf118d8

Added protocol description for GSS Web authentication.
---

diff --git a/protocol.txt b/protocol.txt
new file mode 100644
index 0000000..846802e
--- /dev/null
+++ b/protocol.txt
@@ -0,0 +1,22 @@
+This file describes the protocol used for GSSWeb authentication.
+
+The client goes to /<app>/gss and does a POST containing:
+
+token: <Base64-encoded GSS Token>
+nonce: <Random String>
+
+The server will respond by sending a JSON reponse:
+
+{gssweb: {
+    token: "<Base64-encoded & escaped GSS Token>",
+    nonce: "<Nonce from request>"},
+ application: {
+    data: "<Base-64-encoded & escaped application data>",
+    content-type: "<Original content-type>",
+    Content-Length: "<Original content-length>"}
+}
+
+The "gssweb" section in the response is used for the GSS exchange.
+Upon completion of the GSS exchange, the "application" section is used
+by the client to reconstruct the application response upon completion
+of the GSS exchange.