Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming, December 2006
- Canonical URL:
- File formats:
- S. Hartman
- kitten (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
The Generic Security Services API (GSS-API) provides a naming architecture that supports name-based authorization. GSS-API authenticates two named parties to each other. Names can be stored on access control lists (ACLs) to make authorization decisions. Advances in security mechanisms and the way implementers wish to use GSS-API require this model to be extended for the next version of GSS-API. As people move within an organization or change their names, the name authenticated by GSS-API may change. Using some sort of constant identifier would make ACLs more stable. Some mechanisms, such as public-key mechanisms, do not have a single name to be used across all environments. Other mechanisms, such as Kerberos, may include group membership or role information as part of authentication. This document motivates extensions to GSS-API naming and describes the extensions under discussion. This memo provides information for the Internet community.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.