General Information

· Enable an application to determine another application's user

· Enable an application to delegate access rights to another application

· Apply security services, such as confidentiality and integrity, on a per-message basis

GSSAPI represents a secure connection between two communicating applications with a data structure called a security context. The application that establishes the secure connection is called the context indicator or simply indicator. The context initiator is like a DCE RPC client. The application that accepts the secure connection is the context acceptor or simply acceptor. The context acceptor is like a DCE RPC server.

There are four stages involved in using the GSSAPI:

1. The context initiator acquires a credential with which it can prove its identity to other processes. Similarly, the context acceptor acquires a credential to enable it to accept a security context. Either application may omit this credential acquisition and use their default credentials in subsequent stages. See the section on credentials for more information.

The applications use credentials to establish their global identity. The global identity can be, but is not necessarily, related to the local user name under which the application is running. Credentials can contain either of the following:

· Login context

The login context includes a principal's network credentials, as well as other account information.

· Principal name and a key

The key corresponding to the principal name must be registered with the DCE Security Registration in a key table. A set of DCE GSSAPI routines enables applications to register and use principal names.

2. The communicating applications establish a joint security context by exchanging authentication tokens.

The security context is a pair of GSSAPI data structures that contain information that is shared between the communicating applications. The information describes the state of each application. This security context is required for per-message security services.

To establish a security context, the context initiator calls the gss_init_sec_context( ) routine to get a token. The token is cryptographically protected, opaque data. The context initiator transfers the token to the context acceptor, which in turn passes the token to the gss_accept_sec_context( ) routine to decode and extract the shared information.

As part of the establishing the security context, the context initiator is authenticated to the context acceptor. The context initiator can require the context acceptor to authenticate itself in return.

The context initiator can delegate rights to allow the context acceptor to act as its agent. Delegation means the context initiator gives the context acceptor the ability to initiate additional security contexts as an agent of the context initiator. To delegate, the context initiator sets a flag on the gss_init_sec_context( ) routine indicating that it wants to delegate and sends the returned token in the normal way to the context acceptor. The acceptor passes this token to the gss_accept_sec_context( ) routine, which generates a delegated credential. The context acceptor can use the credential to initiate additional security contexts.

3. The applications exchange protected messages and data.

The applications can call GSSAPI routines to protect data exchanged in messages. The application sends a protected message by calling the appropriate GSSAPI routine to do the following:

a. Apply protection

b. Bind the message to the appropriate security context

The application can then send the resulting information to the peer application.

The application that receives the message passes the received data to a GSSAPI routine, which removes the protection and validates the data.

GSSAPI treats application data as arbitrary octet strings. The GSSAPI per-message security services can provide either of the following:

· Integrity and authentication of data origin

· Confidentiality, integrity, and authentication of data origin

4. When the applications have finished communicating, either one may instruct GSSAPI to delete the security context.

There are two sets of GSSAPI routines:

· Standard GSSAPI routines, which are defined in the Internet RFC 1508, Generic Security Service Application Programming Interface, and RFC 1509, Generic Security Service API : C-bindings. These routines have the prefix gss_.

· OSF DCE extensions to the GSSAPI routines. These are additional routines that enable an application to use DCE security services. These routines have the prefix gssdce_.