Browse Prior Art Database

Generic Security Service API : C-bindings (RFC1509)

IP.com Disclosure Number: IPCOM000002338D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 40 page(s) / 92K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Wray: AUTHOR

Abstract

This document specifies C language bindings for the Generic Security Service Application Program Interface (GSS-API), which is described at a language-independent conceptual level in other documents.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group J. Wray

Request for Comments: 1509 Digital Equipment Corporation

September 1993

Generic Security Service API : C-bindings

Status of this Memo

This RFC specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" for the standardization state and status

of this protocol. Distribution of this memo is unlimited.

Abstract

This document specifies C language bindings for the Generic Security

Service Application Program Interface (GSS-API), which is described

at a language-independent conceptual level in other documents.

The Generic Security Service Application Programming Interface (GSS-

API) provides security services to its callers, and is intended for

implementation atop alternative underlying cryptographic mechanisms.

Typically, GSS-API callers will be application protocols into which

security enhancements are integrated through invocation of services

provided by the GSS-API. The GSS-API allows a caller application to

authenticate a principal identity associated with a peer application,

to delegate rights to a peer, and to apply security services such as

confidentiality and integrity on a per-message basis.

1. INTRODUCTION

The Generic Security Service Application Programming Interface [1]

provides security services to calling applications. It allows a

communicating application to authenticate the user associated with

another application, to delegate rights to another application, and

to apply security services such as confidentiality and integrity on a

per-message basis.

There are four stages to using the GSSAPI:

(a) The application acquires a set of credentials with which it may

prove its identity to other processes. The application's

credentials vouch for its global identity, which may or may not

be related to the local username under which it is running.

(b) A pair of communicating applications establish a joint security

context using their credentials. The security context is a

pair of GSSAPI data structures that contain shared state

information, which is required in order that per-message

security services may be provided. As part of the

establishment of a security context, the context initiator is

authenticated to the responder, and may require that the

responder is authenticated in turn. The initiator...