Browse Prior Art Database

Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API) (RFC2479)

IP.com Disclosure Number: IPCOM000003059D
Original Publication Date: 1998-Dec-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Adams: AUTHOR

Abstract

The IDUP-GSS-API extends the GSS-API [RFC-2078] for applications requiring protection of a generic data unit (such as a file or message) in a way which is independent of the protection of any other data unit and independent of any concurrent contact with designated "receivers" of the data unit. Thus, it is suitable for applications such as secure electronic mail where data needs to be protected without any on-line connection with the intended recipient(s) of that data. The protection offered by IDUP includes services such as data origin authentication with data integrity, data confidentiality with data integrity, and support for non-repudiation services. Subsequent to being protected, the data unit can be transferred to the recipient(s) - or to an archive - perhaps to be processed ("unprotected") only days or years later.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group C. Adams

Request for Comments: 2479 Entrust Technologies

Category: Informational December 1998

Independent Data Unit Protection Generic Security Service

Application Program Interface (IDUP-GSS-API)

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

ABSTRACT

The IDUP-GSS-API extends the GSS-API [RFC-2078] for applications

requiring protection of a generic data unit (such as a file or

message) in a way which is independent of the protection of any other

data unit and independent of any concurrent contact with designated

"receivers" of the data unit. Thus, it is suitable for applications

such as secure electronic mail where data needs to be protected

without any on-line connection with the intended recipient(s) of that

data. The protection offered by IDUP includes services such as data

origin authentication with data integrity, data confidentiality with

data integrity, and support for non-repudiation services. Subsequent

to being protected, the data unit can be transferred to the

recipient(s) - or to an archive - perhaps to be processed

("unprotected") only days or years later.

Throughout the remainder of this document, the "unit" of data

described in the above paragraph will be referred to as an IDU

(Independent Data Unit). The IDU can be of any size (the application

may, if it wishes, split the IDU into pieces and have the protection

computed a piece at a time, but the resulting protection token

applies to the entire IDU). However, the primary characteristic of

an IDU is that it represents a stand-alone unit of data whose

protection is entirely independent of any other unit of data. If an

application protects several IDUs and sends them all to a single

receiver, the IDUs may be unprotected by that receiver in any order

over any time span; no logical connection of any kind is implied by

the protection process itself.

As with RFC-2078, this IDUP-GSS-API definition provides security

services to callers in a generic fashion, supportable with a range of

underlying mechanisms and technologies and hence allowing source-

level portability of applications to different environments. This

specification defines IDUP-GSS-API services and primitives at a level

independent of underlying mechanism and programming language

environment, and is to be complemented by other, related

specifications:

- documents defining specific parameter bindings for particular

language environments;

- documents defining token formats, protocols, and procedures to

be implemented in order to realize IDUP-GSS-API services atop

particular se...