RFC 4768

Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming, December 2006

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4768.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Author:
S. Hartman
Stream:
IETF
Source:
kitten (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4768

Discuss this RFC: Send questions or comments to kitten@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Generic Security Services API (GSS-API) provides a naming architecture that supports name-based authorization. GSS-API authenticates two named parties to each other. Names can be stored on access control lists (ACLs) to make authorization decisions. Advances in security mechanisms and the way implementers wish to use GSS-API require this model to be extended for the next version of GSS-API. As people move within an organization or change their names, the name authenticated by GSS-API may change. Using some sort of constant identifier would make ACLs more stable. Some mechanisms, such as public-key mechanisms, do not have a single name to be used across all environments. Other mechanisms, such as Kerberos, may include group membership or role information as part of authentication. This document motivates extensions to GSS-API naming and describes the extensions under discussion. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×