The naming extensions to the Generic Security Services Application
Programming interface provide a mechanism for applications to
discover authorization and personalization information associated
with GSS-API names. The Extensible Authentication Protocol GSS-API
mechanism allows an Authentication/Authorization/Accounting peer to
provide authorization attributes along side an authentication
response. It also provides mechanisms to process Security Assertion
Markup Language (SAML) messages provided in the AAA response. This
document describes the necessary information to use the naming
extensions API to access that information.
Working Group Summary
There was nothing particularly rough about the consensus. All contentious points
were resolved amiably.
The protocol is in use in the Moonshot project. Jim Schaad provided a very thorough
review that resulted in a number of changes to the document. The document was also
socialized in Kitten.
Klaas Wierenga is the document shepherd
Stephen Farrell is the irresponsible AD