Generic Security Service Application Program Interface
RFC 1508

 
Document Type RFC - Proposed Standard (September 1993; No errata)
Obsoleted by RFC 2078
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1508 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            J. Linn
Request for Comments: 1508                         Geer Zolot Associates
                                                          September 1993

         Generic Security Service Application Program Interface

Status of this Memo

   This RFC specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" for the standardization state and status
   of this protocol.  Distribution of this memo is unlimited.

Abstract

   This Generic Security Service Application Program Interface (GSS-API)
   definition provides security services to callers in a generic
   fashion, supportable with a range of underlying mechanisms and
   technologies and hence allowing source-level portability of
   applications to different environments. This specification defines
   GSS-API services and primitives at a level independent of underlying
   mechanism and programming language environment, and is to be
   complemented by other, related specifications:

        documents defining specific parameter bindings for particular
        language environments

        documents defining token formats, protocols, and procedures to
        be implemented in order to realize GSS-API services atop
        particular security mechanisms

Table of Contents

   1. GSS-API Characteristics and Concepts .......................    2
   1.1. GSS-API Constructs .......................................    5
   1.1.1.  Credentials ...........................................    5
   1.1.2.  Tokens ................................................    6
   1.1.3.  Security Contexts .....................................    7
   1.1.4.  Mechanism Types .......................................    8
   1.1.5.  Naming ................................................    9
   1.1.6.  Channel Bindings ......................................   10
   1.2.  GSS-API Features and Issues .............................   11
   1.2.1.  Status Reporting ......................................   11
   1.2.2.  Per-Message Security Service Availability .............   12
   1.2.3.  Per-Message Replay Detection and Sequencing ...........   13
   1.2.4.  Quality of Protection .................................   15

Linn                                                            [Page 1]
RFC 1508               Generic Security Interface         September 1993

   2. Interface Descriptions .....................................   15
   2.1.  Credential management calls .............................   17
   2.1.1.  GSS_Acquire_cred call .................................   17
   2.1.2.  GSS_Release_cred call .................................   19
   2.1.3.  GSS_Inquire_cred call .................................   20
   2.2.  Context-level calls .....................................   21
   2.2.1.  GSS_Init_sec_context call .............................   21
   2.2.2.  GSS_Accept_sec_context call ...........................   26
   2.2.3.  GSS_Delete_sec_context call ...........................   29
   2.2.4.  GSS_Process_context_token call ........................   30
   2.2.5.  GSS_Context_time call .................................   31
   2.3.  Per-message calls .......................................   32
   2.3.1.  GSS_Sign call .........................................   32
   2.3.2.  GSS_Verify call .......................................   33
   2.3.3.  GSS_Seal call .........................................   35
   2.3.4.  GSS_Unseal call .......................................   36
   2.4.  Support calls ...........................................   37
   2.4.1.  GSS_Display_status call ...............................   37
   2.4.2.  GSS_Indicate_mechs call ...............................   38
   2.4.3.  GSS_Compare_name call .................................   38
   2.4.4.  GSS_Display_name call .................................   39
   2.4.5.  GSS_Import_name call ..................................   40
   2.4.6.  GSS_Release_name call .................................   41
   2.4.7.  GSS_Release_buffer call ...............................   41
   2.4.8.  GSS_Release_oid_set call ..............................   42
   3. Mechanism-Specific Example Scenarios .......................   42
   3.1.  Kerberos V5, single-TGT .................................   43
   3.2.  Kerberos V5, double-TGT .................................   43
   3.3.  X.509 Authentication Framework ..........................   44
   4. Related Activities .........................................   45
   5. Acknowledgments ............................................   46
   6. Security Considerations ....................................   46
Show full document text