Generic Security Service API Version 2 : Java Bindings
RFC 2853

Document Type RFC - Proposed Standard (June 2000; No errata)
Obsoleted by RFC 5653
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2853 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          J. Kabat
Request for Comments: 2853                               ValiCert, Inc.
Category: Standards Track                                   M. Upadhyay
                                                 Sun Microsystems, Inc.
                                                              June 2000

         Generic Security Service API Version 2 : Java Bindings

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   The Generic Security Services Application Program Interface (GSS-API)
   offers application programmers uniform access to security services
   atop a variety of underlying cryptographic mechanisms. This document
   specifies the Java bindings for GSS-API which is described at a
   language independent conceptual level in RFC 2743 [GSSAPIv2-UPDATE].

   The GSS-API allows a caller application to authenticate a principal
   identity, to delegate rights to a peer, and to apply security
   services such as confidentiality and integrity on a per-message
   basis. Examples of security mechanisms defined for GSS-API are The
   Simple Public-Key GSS-API Mechanism [SPKM] and The Kerberos Version 5
   GSS-API Mechanism [KERBV5].

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  GSS-API Operational Paradigm . . . . . . . . . . . . . . .   6
   3.  Additional Controls  . . . . . . . . . . . . . . . . . . .   8
   3.1.  Delegation . . . . . . . . . . . . . . . . . . . . . . .   9
   3.2.  Mutual Authentication  . . . . . . . . . . . . . . . . .  10
   3.3.  Replay and Out-of-Sequence Detection . . . . . . . . . .  10
   3.4.  Anonymous Authentication . . . . . . . . . . . . . . . .  11
   3.5.  Confidentiality  . . . . . . . . . . . . . . . . . . . .  12
   3.6.  Inter-process Context Transfer . . . . . . . . . . . . .  12
   3.7.  The Use of Incomplete Contexts . . . . . . . . . . . . .  13

Kabat & Upadhyay            Standards Track                     [Page 1]
RFC 2853                 GSS-API Java Bindings                 June 2000

   4.  Calling Conventions  . . . . . . . . . . . . . . . . . . .  13
   4.1.  Package Name . . . . . . . . . . . . . . . . . . . . . .  13
   4.2.  Provider Framework . . . . . . . . . . . . . . . . . . .  13
   4.3.  Integer types  . . . . . . . . . . . . . . . . . . . . .  14
   4.4.  Opaque Data types  . . . . . . . . . . . . . . . . . . .  14
   4.5.  Strings  . . . . . . . . . . . . . . . . . . . . . . . .  15
   4.6.  Object Identifiers . . . . . . . . . . . . . . . . . . .  15
   4.7.  Object Identifier Sets . . . . . . . . . . . . . . . . .  15
   4.8.  Credentials  . . . . . . . . . . . . . . . . . . . . . .  16
   4.9.  Contexts . . . . . . . . . . . . . . . . . . . . . . . .  18
   4.10.  Authentication tokens . . . . . . . . . . . . . . . . .  18
   4.11.  Interprocess tokens . . . . . . . . . . . . . . . . . .  18
   4.12.  Error Reporting . . . . . . . . . . . . . . . . . . . .  19
   4.12.1.  GSS status codes  . . . . . . . . . . . . . . . . . .  19
   4.12.2.  Mechanism-specific status codes . . . . . . . . . . .  21
   4.12.3.  Supplementary status codes  . . . . . . . . . . . . .  21
   4.13.  Names . . . . . . . . . . . . . . . . . . . . . . . . .  22
   4.14.  Channel Bindings  . . . . . . . . . . . . . . . . . . .  25
   4.15.  Stream Objects  . . . . . . . . . . . . . . . . . . . .  26
   4.16.  Optional Parameters . . . . . . . . . . . . . . . . . .  26
   5.  Introduction to GSS-API Classes and Interfaces . . . . . .  26
   5.1.  GSSManager class . . . . . . . . . . . . . . . . . . . .  26
   5.2.  GSSName interface  . . . . . . . . . . . . . . . . . . .  27
   5.3.  GSSCredential interface  . . . . . . . . . . . . . . . .  28
   5.4.  GSSContext interface . . . . . . . . . . . . . . . . . .  28
   5.5.  MessageProp class  . . . . . . . . . . . . . . . . . . .  30
   5.6.  GSSException class . . . . . . . . . . . . . . . . . . .  30
   5.7.  Oid class  . . . . . . . . . . . . . . . . . . . . . . .  30
   5.8.  ChannelBinding class . . . . . . . . . . . . . . . . . .  31
   6.  Detailed GSS-API Class Description . . . . . . . . . . . .  31
   6.1.  public abstract class GSSManager . . . . . . . . . . . .  31
   6.1.1.  Example Code . . . . . . . . . . . . . . . . . . . . .  32
   6.1.2.  getInstance  . . . . . . . . . . . . . . . . . . . . .  33
   6.1.3.  getMechs . . . . . . . . . . . . . . . . . . . . . . .  33
   6.1.4.  getNamesForMech  . . . . . . . . . . . . . . . . . . .  33
   6.1.5.  getMechsForName  . . . . . . . . . . . . . . . . . . .  33
Show full document text