Browse Prior Art Database

Common Authentication Technology Overview (RFC1511)

IP.com Disclosure Number: IPCOM000002341D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 2 page(s) / 4K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Linn: AUTHOR

Abstract

Status of this Memo

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 69% of the total text.

Network Working Group J. Linn

Request for Comments: 1511 Geer Zolot Associates

September 1993

Common Authentication Technology Overview

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard. Distribution of this memo is

unlimited.

Overview

The IETF's Common Authentication Technology (CAT) working group has

pursued, and continues to pursue, several interrelated activities,

involving definition of service interfaces as well as protocols. As

a goal, it has sought to separate security implementation tasks from

integration of security data elements into caller protocols, enabling

those tasks to be partitioned and performed separately by

implementors with different areas of expertise. This strategy is

intended to provide leverage for the IETF community's security-

oriented resources (by allowing a single security implementation to

be integrated with, and used by, multiple caller protocols), and to

allow protocol implementors to focus on the functions that their

protocols are designed to provide rather than on characteristics of

particular security mechanisms (by defining an abstract service which

multiple mechanisms can realize).

The CAT WG has worked towards agreement on a common service

interface, (the Generic Security Service Application Program

Interface, or GSS-API), allowing callers to invoke security

functions, and also towards agreement on a common security token

format incorporating means to identify the mechanism type in

conjunction with which security data elements should be interpreted.

The GSS-API, comprising a mechanism-independent model for security

integration, provides authentication services (peer entity

authentication) to a variety of protocol callers in a manner which

insulates those callers from the specifics of underlying security

mechanisms. With certain underlying mechanisms, per-message

protection facilities (data origin authentication, data integrity,

and data confidentiality) can also be provided. This work is

represented in a pair of RFCs: RFC-1508 (GSS-API) and RFC-1509

(concrete bindings realizing the GSS-API for the C language).

Concurrently, the CAT WG has worked on agreements on underlying

security technologies, and their associated protocols, implementing

the GSS-API model. Definitions of two candidate mechanisms are

currently available as Internet specifications; development of

additional mechanisms is anticipated. R...