Browse Prior Art Database

Generic Security Service API Version 2 : C-bindings (RFC2744)

IP.com Disclosure Number: IPCOM000003341D
Original Publication Date: 2000-Jan-01
Included in the Prior Art Database: 2019-Feb-10

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Wray: AUTHOR

Related Documents

10.17487/RFC2744: DOI

Abstract

This document specifies C language bindings for Version 2, Update 1 of the Generic Security Service Application Program Interface (GSS-API), which is described at a language-independent conceptual level in RFC 2743. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group J. Wray Request for Comments: 2744 Iris Associates Obsoletes: 1509 January 2000 Category: Standards Track

Generic Security Service API Version 2 : C-bindings

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document specifies C language bindings for Version 2, Update 1 of the Generic Security Service Application Program Interface (GSS- API), which is described at a language-independent conceptual level in RFC-2743 [GSSAPI]. It obsoletes RFC-1509, making specific incremental changes in response to implementation experience and liaison requests. It is intended, therefore, that this memo or a successor version thereof will become the basis for subsequent progression of the GSS-API specification on the standards track.

The Generic Security Service Application Programming Interface provides security services to its callers, and is intended for implementation atop a variety of underlying cryptographic mechanisms. Typically, GSS-API callers will be application protocols into which security enhancements are integrated through invocation of services provided by the GSS-API. The GSS-API allows a caller application to authenticate a principal identity associated with a peer application, to delegate rights to a peer, and to apply security services such as confidentiality and integrity on a per-message basis.

Wray Standards Track [Page 1]

RFC 2744 GSS-API V2: C-bindings January 2000

1. Introduction

The Generic Security Service Application Programming Interface [GSSAPI] provides security services to calling applications. It allows a communicating application to authenticate the user associated with another application, to delegate rights to another application, and to apply security services such as confidentiality and integrity on a per-message basis.

There are four stages to using the GSS-API:

a) The application acquires a set of credentials with which it may prove its identity to other processes. The application’s credentials vouch for its global identity, which may or may not be related to any local username under which it may be running.

b) A pair of communicating applications establish a joint security context using their credentials. The security context is a pair of GSS-API data structures that contain shared state information, which is required in order that per-message security services may be provided. Examples of state that might be shared between applications as part of a security context are cryptographic keys, and message sequence numbers. As part of the establishment of a security context, the context initiator is authentica...

Processing...
Loading...