Browse Prior Art Database

Generic Security Service API Version 2 : Java Bindings (RFC2853)

IP.com Disclosure Number: IPCOM000003452D
Original Publication Date: 2000-Jun-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Kabat: AUTHOR [+2]

Abstract

The Generic Security Services Application Program Interface (GSS-API) offers application programmers uniform access to security services atop a variety of underlying cryptographic mechanisms. This document specifies the Java bindings for GSS-API which is described at a language independent conceptual level in RFC 2743 [GSSAPIv2-UPDATE].

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group J. Kabat

Request for Comments: 2853 ValiCert, Inc.

Category: Standards Track M. Upadhyay

Sun Microsystems, Inc.

June 2000

Generic Security Service API Version 2 : Java Bindings

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

The Generic Security Services Application Program Interface (GSS-API)

offers application programmers uniform access to security services

atop a variety of underlying cryptographic mechanisms. This document

specifies the Java bindings for GSS-API which is described at a

language independent conceptual level in RFC 2743 [GSSAPIv2-UPDATE].

The GSS-API allows a caller application to authenticate a principal

identity, to delegate rights to a peer, and to apply security

services such as confidentiality and integrity on a per-message

basis. Examples of security mechanisms defined for GSS-API are The

Simple Public-Key GSS-API Mechanism [SPKM] and The Kerberos Version 5

GSS-API Mechanism [KERBV5].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 5

2. GSS-API Operational Paradigm . . . . . . . . . . . . . . . 6

3. Additional Controls . . . . . . . . . . . . . . . . . . . 8

3.1. Delegation . . . . . . . . . . . . . . . . . . . . . . . 9

3.2. Mutual Authentication . . . . . . . . . . . . . . . . . 10

3.3. Replay and Out-of-Sequence Detection . . . . . . . . . . 10

3.4. Anonymous Authentication . . . . . . . . . . . . . . . . 11

3.5. Confidentiality . . . . . . . . . . . . . . . . . . . . 12

3.6. Inter-process Context Transfer . . . . . . . . . . . . . 12

3.7. The Use of Incomplete Contexts . . . . . . . . . . . . . 13

4. Calling Conventions . . . . . . . . . . . . . . . . . . . 13

4.1. Package Name . . . . . . . . . . . . . . . . . . . . . . 13

4.2. Provider Framework . . . . . . . . . . . . . . . . . . . 13

4.3. Integer types . . . . . . . . . . . . . . . . . . . . . 14

4.4. Opaque Data types . . . . . . . . . . . . . . . . . . . 14

4.5. Strings ...