Web Services Interoprability Plugfest and Kerberos Token support in Metro
By ashutoshshahi on Nov 16, 2007
Sun participated in the latest Web Services Interoperability Plugfest hosted by Microsoft at their Redmond campus from November 6th to 8th. Harold, Jiandong and myself represented Sun at this event. Harold has a put forward a detailed entry with the details on the scenarios we tested and the results. Jiandong explains the WS-SX tests and the versions of specs they cover in his blog.
My focus at this event was to test for the first time our implementation of Kerberos Token Profile 1.1 for interoperability with .NET 3.x. The most difficult part for Kerberos interoperability turned out to be setting up the Kerberos infrastructure for trust. Once we were through this part, all the tests passed without any difficulty. The tests consisted of the following scenarios:
Basic Kerberos token tests
Kerberos Token with Derived Keys
SecureConversation with Kerberos token in Bootstrap policy
SecureConversation with Kerberos token and Derived Keys in Bootstrap policy
These tests were run using a single KDC for WSIT client and WCF service and vice versa.
The Kerberos token support will release with a future release of Metro, but if you want to give it a try, you can get one of the nightlies from here. I plan to blog about setting up kerberos infrastructure and running kerberos scenarios in coming weeks.
The next step we want to try is to use different KDCs for client and service and test cross-domain security using Kerberos. We tried it this time and ran across some setup issues with DNS configurations and cross domain trust.