datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

Generic Security Service Application Program Interface, Version 2
RFC 2078

Document type: RFC - Proposed Standard (January 1997; No errata)
Obsoleted by RFC 2743
Obsoletes RFC 1508
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 2078 (Proposed Standard)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                           J. Linn
Request for Comments: 2078                      OpenVision Technologies
Category: Standards Track                                  January 1997
Obsoletes: 1508

   Generic Security Service Application Program Interface, Version 2

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Generic Security Service Application Program Interface (GSS-API),
   as defined in RFC-1508, provides security services to callers in a
   generic fashion, supportable with a range of underlying mechanisms
   and technologies and hence allowing source-level portability of
   applications to different environments. This specification defines
   GSS-API services and primitives at a level independent of underlying
   mechanism and programming language environment, and is to be
   complemented by other, related specifications:

      documents defining specific parameter bindings for particular
      language environments

      documents defining token formats, protocols, and procedures to be
      implemented in order to realize GSS-API services atop particular
      security mechanisms

   This memo revises RFC-1508, making specific, incremental changes in
   response to implementation experience and liaison requests. It is
   intended, therefore, that this memo or a successor version thereto
   will become the basis for subsequent progression of the GSS-API
   specification on the standards track.

Table of Contents

   1: GSS-API Characteristics and Concepts..........................  3
   1.1: GSS-API Constructs..........................................  6
   1.1.1:  Credentials..............................................  6
   1.1.1.1: Credential Constructs and Concepts......................  6
   1.1.1.2: Credential Management...................................  7
   1.1.1.3: Default Credential Resolution...........................  8

Linn                        Standards Track                     [Page 1]
RFC 2078                        GSS-API                     January 1997

   1.1.2: Tokens....................................................  9
   1.1.3:  Security Contexts........................................ 10
   1.1.4:  Mechanism Types.......................................... 11
   1.1.5:  Naming................................................... 12
   1.1.6:  Channel Bindings......................................... 14
   1.2:  GSS-API Features and Issues................................ 15
   1.2.1:  Status Reporting......................................... 15
   1.2.2: Per-Message Security Service Availability................. 17
   1.2.3: Per-Message Replay Detection and Sequencing............... 18
   1.2.4:  Quality of Protection.................................... 20
   1.2.5: Anonymity Support......................................... 21
   1.2.6: Initialization............................................ 22
   1.2.7: Per-Message Protection During Context Establishment....... 22
   1.2.8: Implementation Robustness................................. 23
   2:  Interface Descriptions....................................... 23
   2.1:  Credential management calls................................ 25
   2.1.1:  GSS_Acquire_cred call.................................... 26
   2.1.2:  GSS_Release_cred call.................................... 28
   2.1.3:  GSS_Inquire_cred call.................................... 29
   2.1.4:  GSS_Add_cred call........................................ 31
   2.1.5:  GSS_Inquire_cred_by_mech call............................ 33
   2.2:  Context-level calls........................................ 34
   2.2.1:  GSS_Init_sec_context call................................ 34
   2.2.2:  GSS_Accept_sec_context call.............................. 40
   2.2.3:  GSS_Delete_sec_context call.............................. 44
   2.2.4:  GSS_Process_context_token call........................... 46
   2.2.5:  GSS_Context_time call.................................... 47
   2.2.6:  GSS_Inquire_context call................................. 47
   2.2.7:  GSS_Wrap_size_limit call................................. 49
   2.2.8:  GSS_Export_sec_context call.............................. 50
   2.2.9:  GSS_Import_sec_context call.............................. 52
   2.3:  Per-message calls.......................................... 53
   2.3.1:  GSS_GetMIC call.......................................... 54
   2.3.2:  GSS_VerifyMIC call....................................... 55
   2.3.3:  GSS_Wrap call............................................ 56

[include full document text]