RFC 1508 (rfc1508) - Page 1 of 49
Generic Security Service Application Program Interface
Alternative Format: Original Text Document
Network Working Group J. Linn
Request for Comments: 1508 Geer Zolot Associates
September 1993
Generic Security Service Application Program Interface
Status of this Memo
This RFC specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" for the standardization state and status
of this protocol. Distribution of this memo is unlimited.
Abstract
This Generic Security Service Application Program Interface (GSS-API)
definition provides security services to callers in a generic
fashion, supportable with a range of underlying mechanisms and
technologies and hence allowing source-level portability of
applications to different environments. This specification defines
GSS-API services and primitives at a level independent of underlying
mechanism and programming language environment, and is to be
complemented by other, related specifications:
documents defining specific parameter bindings for particular
language environments
documents defining token formats, protocols, and procedures to
be implemented in order to realize GSS-API services atop
particular security mechanisms
Table of Contents
1. GSS-API Characteristics and Concepts ....................... 2
1.1. GSS-API Constructs ....................................... 5
1.1.1. Credentials ........................................... 5
1.1.2. Tokens ................................................ 6
1.1.3. Security Contexts ..................................... 7
1.1.4. Mechanism Types ....................................... 8
1.1.5. Naming ................................................ 9
1.1.6. Channel Bindings ...................................... 10
1.2. GSS-API Features and Issues ............................. 11
1.2.1. Status Reporting ...................................... 11
1.2.2. Per-Message Security Service Availability ............. 12
1.2.3. Per-Message Replay Detection and Sequencing ........... 13
1.2.4. Quality of Protection ................................. 15
Linn