Skip to main content

Extended Generic Security Service APIs: XGSS-APIs Access control and delegation extensions

Document Type Expired Internet-Draft (cat WG)
Expired & archived
Authors Denis Pinkas , Tom Parker
Last updated 1998-11-09
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The Generic Security Service Application Program Interface (GSS- API), as defined in RFC-1508, provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. It defines GSS-API services and primitives at a level independent of underlying mechanism and programming language environment. The GSSAPI allows a caller application to authenticate a principal identity associated with a peer application, to delegate rights to a peer, and to apply security services such as confidentiality and integrity on a per-message basis. The primitives of the GSS-API do not currently allow support of security attributes other than a single identity and do not allow fine control of delegation. The additional primitives described in this document provide support for: * the exchange of a variety of security attributes, and the construction of authorization functions using these attributes, including delegated ones, (attribute handling support functions), * fine control over delegation by allowing specification of the delegation method, the acceptor(s) of a security context, their type and the restrictions that may apply (acceptor control and support functions).


Denis Pinkas
Tom Parker

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)