Overview of Recent Developments on Generic Security Services Application Programming Interface (GSS-API)

Abstract:

With network security measures becoming more and more complicated, it became essential to provide programmers with the capability to write applications that are generic with respect to security. The Common Authentication Technology (CAT) Working Group of Internet Engineering Task Force (IETF) acknowledged this need and developed the Generic Security Service Application Programming Interface (GSS-API). After ten years of experience with GSS-API, the Kitten (GSS-API Next Generation) Working Group was formed to continue this development. This paper looks at the current issues that Kitten faces in improving the GSS-API.

Keywords:

GSS-API, Kitten Working Group, PRF, SPNEGO

Table of Contents

• 1. Introduction
• 2. Overview of GSS-API
• 3. Recent GSS-API Issues
• • 3.1 Pseudo-Random Function API Extension
  • 3.2 The Simple and Protected GSS-API Negotiation Mechanism
  • 3.3 Desired Enhancements to GSS-API Version 3 Naming
  • • 3.3.1 Names in GSS-API
    • 3.3.2 Limitations of the current Names
    • • 3.3.2.1 Kerberos Naming
      • 3.3.2.2 X.509 Names
    • 3.3.3 Possible Solutions
    • • 3.3.3.1 Composite Names
      • 3.3.3.2 Mechanisms for Export Name
• 4. Summary
• References
• List of Acronyms

View the complete report online

Download the report in PDF format