RFC 2853 (rfc2853) - Page 1 of 96

Generic Security Service API Version 2 : Java Bindings

Network Working Group                                          J. Kabat
Request for Comments: 2853                               ValiCert, Inc.
Category: Standards Track                                   M. Upadhyay
                                                 Sun Microsystems, Inc.
                                                              June 2000


         Generic Security Service API Version 2 : Java Bindings

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   The Generic Security Services Application Program Interface (GSS-API)
   offers application programmers uniform access to security services
   atop a variety of underlying cryptographic mechanisms. This document
   specifies the Java bindings for GSS-API which is described at a
   language independent conceptual level in RFC 2743 [GSSAPIv2-UPDATE].

   The GSS-API allows a caller application to authenticate a principal
   identity, to delegate rights to a peer, and to apply security
   services such as confidentiality and integrity on a per-message
   basis. Examples of security mechanisms defined for GSS-API are The
   Simple Public-Key GSS-API Mechanism [SPKM] and The Kerberos Version 5
   GSS-API Mechanism [KERBV5].

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  GSS-API Operational Paradigm . . . . . . . . . . . . . . .   6
   3.  Additional Controls  . . . . . . . . . . . . . . . . . . .   8
   3.1.  Delegation . . . . . . . . . . . . . . . . . . . . . . .   9
   3.2.  Mutual Authentication  . . . . . . . . . . . . . . . . .  10
   3.3.  Replay and Out-of-Sequence Detection . . . . . . . . . .  10
   3.4.  Anonymous Authentication . . . . . . . . . . . . . . . .  11
   3.5.  Confidentiality  . . . . . . . . . . . . . . . . . . . .  12
   3.6.  Inter-process Context Transfer . . . . . . . . . . . . .  12
   3.7.  The Use of Incomplete Contexts . . . . . . . . . . . . .  13



Kabat & Upadhyay            Standards Track