This document is a draft concerning Kerberos and the Web.
What is this?
This page attempts to be a product backlog for the kerberos & web technology project in the sense of SCRUM. My suggestion from the meeting in Dublin is that we start by formulating a bunch of user-stories for "Kerberos and Web Technology" and from these grow the backlog of activities. The output of this process would be both the user stories which can be confirmed by the kerberos consortium board as well as the backlog which can be prioritized by the board.
Below are the user-stories and associated suggested backlog entries. Please keep writing user-stories and/or add backlog entries related to existing user stories. Try to formulate user-stories as one or two sentences expressing:
- a single type of user (no generalizations!)
- a specific measurable business-value for that user
The type of user is critical since the same requirement can be expressed in very different way. Consider the two user stores:
Users of online banking wants a simple way to authenticate to the bank.and
Banks want to avoid phishing
It is expected that the same backlog entry will occur as part of more than one user-story - copy-paste is fine since they will point to the same page once we start discussing them in detail.
Developers need support for cross-platform secure interoperability with .NET-based SOAP webservices.
- Implement Kerberos xml-sec token profile in wss4j
- Implement Kerberos xml-sec token profile in perl SOAP-Lite
- Implement Kerberos txml-sec oken profile in soap4r
Software vendors want support for channel bindings everywhere