|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: T d
Length: 280686 (0x4486e)
Types: TextFile
Names: »draft-ietf-cat-genericsec-00.ps«
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦this⟧ »./papers/IETF-drafts/draft-ietf-cat-genericsec-00.ps«
%!PS-Adobe-2.0
%%Creator: VAX DOCUMENT V1.2B
%%+(+1 PSEUDOCONDENSE) -- this prolog provided by the CUPFAMILY011 kit
%%+Copyright 1986,1987,1988,1989,1990 DIGITAL EQUIPMENT CORPORATION.
%%+All Rights Reserved.
%%DocumentFonts: (atend)
%%Pages: (atend)
%%EndComments
/DEC_DVC$dict where { %FIND DICTIONARY
pop
}{ %else
/DEC_DVC$dict 300 dict def
} ifelse
/BeginDVC$PSDoc { %BEGIN DOCUMENT
vmstatus pop pop 0 eq {
DEC_DVC$dict begin InitializeState
}{ %else
/DVC$PSJob save def DEC_DVC$dict begin InitializeState
/DVC$PSFonts save def
} ifelse
} def
/EndDVC$PSDoc { %END DOCUMENT
% --- Preserving current page count ---
vmstatus pop pop 0 eq {
end
}{ %else
DVC$PSFonts restore end DVC$PSJob restore
} ifelse
} def
%
DEC_DVC$dict begin
%
mark % CREATE ISOLatin1 ENCODING
/ISOLatin1
8#000 1 8#054 {StandardEncoding exch get} for
/minus
8#056 1 8#217 {StandardEncoding exch get} for
/dotlessi
8#301 1 8#317 {StandardEncoding exch get} for
/space /exclamdown /cent /sterling /currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen
/registered /macron /degree /plusminus /twosuperior /threesuperior /acute
/mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine
/guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave
/Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute
/Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde
/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave
/Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute
/acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute
/ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde
/ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave
/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis
/ISOLatin1 where not {256 array astore def} if
cleartomark
%
/DECMCS ISOLatin1 256 array copy def
mark % CREATE DECMCS ENCODING
8#240 8#244 8#246 8#254 8#255 8#256 8#257 8#264
8#270 8#276 8#320 8#336 8#360 8#376 8#377
counttomark
{DECMCS exch /.notdef put} repeat % STACK NOW CONTAINS MARK
8#250 /currency 8#327 /OE 8#335 /Ydieresis 8#367 /oe 8#375 /ydieresis
counttomark -1 bitshift % DIVIDE BY 2
{DECMCS 3 1 roll put} repeat % STACK NOW CONTAINS MARK
cleartomark
%
/DOCPSE DECMCS 256 array copy def
mark % CREATE DOCPSE ENCODING
8#055 /hyphen
8#201 /bullet 8#202 /emdash 8#203 /endash 8#204 /dagger
8#205 /daggerdbl 8#206 /registered 8#207 /trademark %8#210 /Delta
8#211 /fi 8#212 /fl
counttomark -1 bitshift % DIVIDE BY 2
{DOCPSE 3 1 roll put} repeat % STACK NOW CONTAINS MARK
cleartomark
%
/reencodedict 10 dict def %Local storage for "ReENCODE"
/ReENCODE { % /basefont /newfont encoding ReENCODE
/newencoding exch def %ARG: NAME OF ENCODING VECTOR
/newfontname exch def %ARG: NEW NAME FOR FONT AFTER RE-ENCODING
findfont
/basefontdict exch def %ARG: NAME OF FONT TO BE RE-ENCODED
basefontdict maxlength dict begin %CREATE AND OPEN NEW DICT
basefontdict { %COPY ENTRIES FROM BASE FONT DICT TO NEW ONE
1 index /FID ne {
def %IF NOT THE ONE WE'RE ENCODING, JUST COPY PTRS
} { %else
pop pop %IGNORE FID AND ENCODING FOR ONE WE'RE ENCODING
} ifelse
} forall
/FontName newfontname def %DEFINE NEW NAME
/Encoding newencoding def %DEFINE NEW ENCODING VECTOR
newfontname currentdict definefont %TURN IT INTO A PS FONT
pop %IGNORE MODIFIED DICT RETURNED BY DEFINEFONT
end
} def
%
/cvsstr 64 string def
/tempmatrix matrix def
%
/BP { % BEGIN PAGE
/Magnification exch def
/Colorsused 0 def
/RVmatrix matrix def
/DVC$PSPage save def
} def
%
/EP {DVC$PSPage restore} def % END PAGE
%
/XP { % EXIT PAGE (TEMPORARILY) TO ADD FONTS/CHARS
% SAVE CURRENT POINT AND COLOR INFORMATION SO IT CAN BE RESET LATER
matrix currentmatrix aload pop currentrgbcolor Colorsused
/Xpos where {pop Xpos} {0} ifelse
/Ypos where {pop Ypos} {0} ifelse
/currentpoint cvx stopped {0 0 moveto currentpoint} if
/DVC$PSPage where {pop DVC$PSPage restore} if
moveto
/Ypos exch def /Xpos exch def
/Colorsused exch def setrgbcolor
matrix astore setmatrix
} def
%
/RP {/DVC$PSPage save def} def % RESUME PAGE
%
/PF {GlobalMode LocalMode} def % PURGE FONTS TO RECLAIM MEMORY
%
/GlobalMode { % SWITCH TO BASE SAVE/RESTORE LEVEL, SAVING STATE
RVmatrix aload pop
PortraitMode PaperWidth PaperHeight PxlResolution Resolution
Magnification Ymax Xorigin Yorigin RasterScaleFactor
% SAVE CURRENTPOINT INFORMATION TO RESET LATER
/currentpoint cvx stopped {0 0 moveto currentpoint} if
/DVC$PSPage where {pop DVC$PSPage restore} if
DVC$PSFonts restore RecoverState
} def
%
/RecoverState { % PRESERVE STATE AT BASE LEVEL
18 copy
/Ypos exch def /Xpos exch def /RasterScaleFactor exch def
/Yorigin exch def /Xorigin exch def /Ymax exch def
/Magnification exch def /Resolution exch def /PxlResolution exch def
/PaperHeight exch def /PaperWidth exch def /PortraitMode exch def
matrix astore /RVmatrix exch def
DoInitialScaling
RVmatrix concat
PortraitMode not {PaperWidth 0 SetupLandscape} if
Xpos Ypos moveto
} def
%
/InitializeState { % INITIALIZE STATE VARIABLES TO DEFAULT VALUES
/Resolution 3600 def /PxlResolution 300 def
/RasterScaleFactor PxlResolution Resolution div def
/PortraitMode true def
/Magnification 1000 def /Xorigin 0 def /Yorigin 0 def
/Xpos 0 def /Ypos 0 def /InitialMatrix matrix currentmatrix def
/Colorsused 0 def /RVmatrix matrix def
} def
%
/LocalMode { % SWITCH FROM BASE SAVE/RESTORE LEVEL, RESTORING STATE
/Ypos exch def /Xpos exch def /RasterScaleFactor exch def
/Yorigin exch def /Xorigin exch def /Ymax exch def
/Magnification exch def /Resolution exch def /PxlResolution exch def
/PaperHeight exch def /PaperWidth exch def /PortraitMode exch def
matrix astore /RVmatrix exch def
DoInitialScaling
RVmatrix concat
PortraitMode not {PaperWidth 0 SetupLandscape} if
Xpos Ypos moveto
/DVC$PSFonts save def /DVC$PSPage save def
} def
% % ABBREVIATIONS
/S /show load def
/SV /save load def
/RST /restore load def
/Yadjust {Ymax exch sub} def
%
/SXY { % (x,y) POSITION ABSOLUTE, JUST SET Xpos & Ypos, DON'T MOVE
Yadjust /Ypos exch def /Xpos exch def
} def
%
/XY { % (x,y) POSITION ABSOLUTE
Yadjust 2 copy /Ypos exch def /Xpos exch def moveto
} def
%
/X { % (x,0) POSITION ABSOLUTE
currentpoint exch pop 2 copy /Ypos exch def /Xpos exch def moveto
} def
%
/Y { % (0,y) POSITION ABSOLUTE
currentpoint pop exch Yadjust 2 copy
/Ypos exch def /Xpos exch def moveto
} def
%
/xy { % (x,y) POSITION RELATIVE
neg rmoveto currentpoint /Ypos exch def /Xpos exch def
} def
%
/x { % (x,0) POSITION RELATIVE
0 rmoveto currentpoint /Ypos exch def /Xpos exch def
} def
%
/y { % (0,y) POSITION RELATIVE
0 exch neg rmoveto currentpoint /Ypos exch def /Xpos exch def
} def
%
/R { % DRAW A RULE
/ht exch def /wd exch def gsave
% 0 setgray
currentpoint newpath moveto
0 ht rlineto wd 0 rlineto
0 ht neg rlineto wd neg 0 rlineto
closepath fill grestore wd 0 rmoveto
currentpoint /Ypos exch def /Xpos exch def
} def
%
/RES { % <PXL-file resolution(pix/inch)> <resolution(pix/inch)> RES
/Resolution exch def /PxlResolution exch def
/RasterScaleFactor PxlResolution Resolution div def
DoInitialScaling
} def
%
/DoInitialScaling { % DO INITIAL SCALING
InitialMatrix setmatrix 72 Resolution div dup scale
} def
%
/PM { % <paper-height(pix)> <paper-width(pix)> PM
XP
/PaperWidth exch def /PaperHeight exch def
/Ymax PaperHeight def /PortraitMode true def
DoInitialScaling
RP
} def
%
/SetupLandscape {translate 90 rotate} def
/LM { % <paper-height(pix)> <paper-width(pix)> LM
XP
/PaperWidth exch def /PaperHeight exch def
/Ymax PaperWidth def /PortraitMode false def
DoInitialScaling PaperWidth 0 SetupLandscape
RP
} def
%
/MAG { % CHANGE MAGNIFICATION SETTING
XP /Magnification exch def RP
} def
%
/SPB { % <xoffset><yoffset>SPB - BEGIN "\SPECIAL" MODE
Yadjust /Yorigin exch def /Xorigin exch def
currentrgbcolor Colorsused
GlobalMode Xorigin Yorigin translate
Resolution 72 div dup scale % RESTORE DEFAULT SCALING
Magnification 1000 div dup scale % ADJUST FOR ANY MAGNIFICATION
/Xpos Xpos 72 Resolution div mul 1000 Magnification div mul def
/Ypos Ypos 72 Resolution div mul 1000 Magnification div mul def
/spsavobj save def %SAVE STATE & STACK DEPTH FOR CLEANUP AFTER FIGURE
/showpage {} def %DISABLE DURING FIGURE; `RESTORE' WILL BLOW DEF AWAY
/DEC$EDMS_setrgbcolor /setrgbcolor load def % save standard definition
/setrgbcolor { % create new definition
/DEC$EDMS_SEPARATE_COLORS where % if separating colors
{ pop DEC$EDMS_SEPARATE_COLORS 0 ne % and not on color pass 0
{ pop pop pop 1 1 1 } if % ...then write white
} if
DEC$EDMS_setrgbcolor % set color as now specified
} def
/DEC$EDMS_image /image load def % save standard definition
/image { % create new definition
/DEC$EDMS_SEPARATE_COLORS where % if separating colors
{ pop DEC$EDMS_SEPARATE_COLORS 0 ne % and not on color pass 0
{ gsave % ...save current device state
nulldevice % ...make no marks
DEC$EDMS_image % ...process the image
grestore % ...restore old device state
}
{ DEC$EDMS_image } ifelse % if on color pass 0 - image
}
{ DEC$EDMS_image } ifelse % if not separating colors - image
} def mark
} def
%
/SPE { % SPE - END "\SPECIAL" MODE
cleartomark
spsavobj restore
1000 Magnification div dup scale % UN-ADJUST FOR ANY MAGNIFICATION
72 Resolution div dup scale % RESTORE DEFAULT INTERNAL SCALING
LocalMode
/Colorsused exch def setrgbcolor
} def
%
/PP
%
% If DEC$EDMS_MAKE_FILM is defined, it will add the crop & alignment marks,
% and the document name, page number, & ink color identifiers to the page.
%
% Formal Arguments: None
%
% Referenced Variables: DocumentName
% Colorsused
% Currentpagecount
% DEC$EDMS_MAKE_FILM
%
% Referenced Procedures: AlignMark
%
% Side Effects: Leaves the current font as Helvetica 8 point.
% Creates the variable "junkstr".
%
{ /PageNumber exch def
/DEC$EDMS_MAKE_FILM where % if making film...
{ pop 2 DEC$EDMS_SEPARATE_COLORS exp cvi Colorsused and 0 ne % and if the correct separation
{ /Helvetica findfont 400 scalefont setfont
20 setlinewidth 0 setgray
PaperWidth 150 add PaperHeight 100 add moveto % show the ink color
(Ink: ) show DEC$EDMS_COLOR_NAMES DEC$EDMS_SEPARATE_COLORS get show
PaperWidth 150 add PaperHeight 600 add moveto
(Page: ) show % show the page number
/junkstr 4 string def PageNumber junkstr cvs show
( of ) show DEC$EDMS_TOTAL_PAGES junkstr cvs show
150 PaperHeight 100 add moveto % show the document name
(Document: ) show DEC$EDMS_DOCUMENT_ID show
150 -500 moveto % show ownership text
(This film is the property of Digital Equipment Corporation) show stroke
/mask 15 % all crop marks on by default
/DEC$EDMS_SUPPRESS_CROPMARKS where % if defined, xor in the suppression mask
{ pop DEC$EDMS_SUPPRESS_CROPMARKS xor } if def
mask 1 and 1 eq
{ PaperWidth PaperHeight moveto % Upper Right
450 0 rmoveto 1350 0 rlineto -1800 1800 rmoveto 0 -1350 rlineto } if
mask 2 and 2 eq
{ PaperWidth 0 moveto % Lower Right
450 0 rmoveto 1350 0 rlineto -1800 -1800 rmoveto 0 1350 rlineto } if
mask 4 and 4 eq
{ 0 0 moveto % Lower Left
-450 0 rmoveto -1350 0 rlineto 1800 -1800 rmoveto 0 1350 rlineto } if
mask 8 and 8 eq
{ 0 PaperHeight moveto % Upper Left
-450 0 rmoveto -1350 0 rlineto 1800 1800 rmoveto 0 -1350 rlineto } if
stroke
/mask 15 % all registration marks on by default
/DEC$EDMS_SUPPRESS_REGMARKS where % if defined, xor in the suppression mask
{ pop DEC$EDMS_SUPPRESS_REGMARKS xor } if def
mask 1 and 1 eq % Top Center
{ gsave PaperWidth 2 div PaperHeight
/DEC$EDMS_POSITION_REGMARKS where
{ pop DEC$EDMS_POSITION_REGMARKS -50 mul add } if
translate AlignMark grestore } if
mask 2 and 2 eq % Right Center
{ gsave PaperWidth
/DEC$EDMS_POSITION_REGMARKS where
{ pop DEC$EDMS_POSITION_REGMARKS -50 mul add } if
PaperHeight 2 div translate AlignMark grestore } if
mask 4 and 4 eq % Bottom Center
{ gsave PaperWidth 2 div 0
/DEC$EDMS_POSITION_REGMARKS where
{ pop DEC$EDMS_POSITION_REGMARKS 50 mul add } if
translate AlignMark grestore } if
mask 8 and 8 eq % Left Center
{ gsave 0
/DEC$EDMS_POSITION_REGMARKS where
{ pop DEC$EDMS_POSITION_REGMARKS 50 mul add } if
PaperHeight 2 div translate AlignMark grestore } if
showpage
}
{ erasepage } ifelse
}
{ showpage } ifelse
} def
/CLRP {erasepage} def
%
/DMF { % /font-name <point-size(pix)> DMF
/psz exch def /nam exch def nam findfont psz scalefont setfont
} def
%
/concatnam { % /abcd (xxx) concatnam ==> /abcdxxx
/xxx exch def /nam exch def
/namstr nam cvsstr cvs def
/newnam namstr length xxx length add string def
newnam 0 namstr putinterval
newnam namstr length xxx putinterval
newnam cvn
} def
%
/strip { % /abcdef 2 strip ==> /cdef
/num exch def /nam exch def
/namstr nam cvsstr cvs def
/newlen namstr length num sub def
namstr num newlen getinterval cvn
} def
% ROUTINES TO HANDLE PACKING/UNPACKING NUMBERS
/PackHW { % <target> <pos> <num> PackHW --> <new target>
/num exch def /pos exch def /target exch def
num 16#0000FFFF and 1 pos sub 16 mul bitshift target or
} def
/PackByte { % <target> <pos> <num> PackByte --> <new target>
/num exch def /pos exch def /target exch def
num 16#000000FF and 3 pos sub 8 mul bitshift target or
} def
/UnpkHW { % <pos> <num> UnpkHW --> <unpacked value>
/num exch def /pos exch def
num 1 pos sub -16 mul bitshift 16#0000FFFF and
dup 16#00007FFF gt {16#00010000 sub} if
} def
/UnpkByte { % <pos> <num> UnpkByte --> <unpacked value>
/num exch def /pos exch def
num 3 pos sub -8 mul bitshift 16#000000FF and
dup 16#0000007F gt {16#00000100 sub} if
} def
%
% FOR POSTSCRIPT FONTS, LOOK AT SIZE REQUESTED. IF IT HAS A DECIMAL REMAINDER
% EQUIVALENT TO .001-.009 POINTS (I.E., .050-.450 VAXDOC UNITS), THAT'S A FLAG
% TO STRETCH IT VERTICALLY BY ADDING 1-9 EXTRA POINTS TO THE VERTICAL SCALING.
%
/TESTING false def
%
/ps-scalefont {
% save requested size - as entered and as integer
dup /x-size exch def cvi /x-int exch def
% calc decimal remainder, mul x 1000, round
x-size x-int sub 1000 mul round cvi /remainder exch def
% see how we scale...
remainder 50 lt remainder 450 gt or {
% scale isomorphically
/ystretch 0 def
x-size scalefont
} {
% scale anamorphically
/ystretch remainder def
x-int ystretch add /y-size exch def
[x-int 0 0 y-size 0 0] makefont
} ifelse
%
TESTING {
(\nSIZE ) print x-size 12 string cvs print
(\tINT ) print x-int 12 string cvs print
( REM ) print remainder 12 string cvs print
( +Y ) print ystretch 12 string cvs print
( =\t) print
ystretch 0 eq {
x-size 12 string cvs print
( scalefont) print
} {
([) print x-int 12 string cvs print
( 0 0 ) print y-size 12 string cvs print
( 0 0] makefont) print
} ifelse
} if
} def
%
/DPSF { % /procname size /fontname DPSF
findfont exch ps-scalefont [ exch /setfont cvx ] cvx def
} def
%
/PXLBuildCharDict 17 dict def
/CMEncodingArray 256 array def
0 1 255 {CMEncodingArray exch dup cvsstr cvs cvn put} for
/RasterConvert {RasterScaleFactor div} def
/TransformBBox {
aload pop
/BB-ury exch def /BB-urx exch def /BB-lly exch def /BB-llx exch def
[ BB-llx RasterConvert BB-lly RasterConvert
BB-urx RasterConvert BB-ury RasterConvert ]
} def
/RunLengthToRasters {
% none yet
} def
/GenerateRasters { % GENERATE RASTERS FOR "IMAGEMASK"
rasters runlength 1 eq {RunLengthToRasters} if
} def
%
/int-dict-name {int (-dict) concatnam} def
/int-dict {int (-dict) concatnam cvx load} def
%
/DefinePXLFont {
% <int-font-name><ext-font-name><pt-sz(pix)><PXL mag><num-chars>...
% ...[llx lly urx ury]<newfont-fg>DefinePXLFont
/newfont exch def /bb exch def /num exch def /psz exch def
/dsz exch def /pxlmag exch def /ext exch def /int exch def
/fnam ext (-) concatnam pxlmag cvsstr cvs concatnam def
newfont not {
int-dict-name 13 dict def
int-dict begin
/FontType 3 def /FontMatrix [ 1 dsz div 0 0 1 dsz div 0 0 ] def
/FontBBox bb TransformBBox def /Encoding CMEncodingArray def
/CharDict 1 dict def CharDict begin /Char-Info num array def end
/BuildChar {
PXLBuildCharDict begin
/char exch def /fontdict exch def
fontdict /CharDict get /Char-Info get char get aload pop
/rasters exch def /PackedWord1 exch def
0 PackedWord1 UnpkHW 16#7FFF ne {
/PackedWord2 exch def /wx 0 PackedWord1 UnpkHW def
/rows 2 PackedWord1 UnpkByte def /cols 3 PackedWord1 UnpkByte def
/llx 0 PackedWord2 UnpkByte def /lly 1 PackedWord2 UnpkByte def
/urx 2 PackedWord2 UnpkByte def /ury 3 PackedWord2 UnpkByte def
}{ %else
/PackedWord2 exch def /PackedWord3 exch def /PackedWord4 exch def
/wx 1 PackedWord1 UnpkHW def /rows 0 PackedWord2 UnpkHW def
/cols 1 PackedWord2 UnpkHW def /llx 0 PackedWord3 UnpkHW def
/lly 1 PackedWord3 UnpkHW def /urx 0 PackedWord4 UnpkHW def
/ury 1 PackedWord4 UnpkHW def
} ifelse
rows 0 lt {
/rows rows neg def /runlength 1 def
}{ %else
/runlength 0 def
} ifelse
wx 0
llx RasterConvert lly RasterConvert
urx RasterConvert ury RasterConvert setcachedevice
rows 0 ne {
gsave
cols rows true RasterScaleFactor
0 0 RasterScaleFactor neg llx .5 add neg ury .5 add
tempmatrix astore GenerateRasters imagemask
grestore
} if
end
} def
end
fnam int-dict definefont pop
} if
int-dict-name fnam findfont psz scalefont def
currentdict int [ int-dict /setfont cvx ] cvx put
} def
/PXLF { true DefinePXLFont} def % SIGNAL THAT FONT IS ALREADY LOADED
/PXLNF {false DefinePXLFont} def % SIGNAL THAT FONT IS NOT ALREADY LOADED
%
/PXLC { % <int-font-name><code><wx><llx><lly><urx><ury>...
% ...<rows><cols><runlength><rasters>PXLC
/rasters exch def /runlength exch def /cols exch def /rows exch def
/ury exch def /urx exch def /lly exch def /llx exch def
/wx exch def /code exch def /int exch def
% SEE IF LONG OR SHORT FORMAT IS REQUIRED
true cols CKSZ rows CKSZ ury CKSZ urx CKSZ lly CKSZ llx CKSZ
TackRunLengthToRows {
int-dict /CharDict get /Char-Info get code
[ 0 0 llx PackByte 1 lly PackByte 2 urx PackByte 3 ury PackByte
0 0 wx PackHW 2 rows PackByte 3 cols PackByte rasters ] put
}{ %else
int-dict /CharDict get /Char-Info get code
[ 0 0 urx PackHW 1 ury PackHW 0 0 llx PackHW 1 lly PackHW
0 0 rows PackHW 1 cols PackHW 0 0 16#7FFF PackHW 1 wx PackHW rasters ] put
} ifelse
} def
%
/CKSZ {abs 127 le and} def
/TackRunLengthToRows {runlength 0 ne {/rows rows neg def} if} def
%
/PLOTC {
% <wx><dsz><psz><llx><lly><urx><ury><rows><cols><runlength><rasters>PLOTC
/rasters exch def /runlength exch def /cols exch def /rows exch def
/ury exch def /urx exch def /lly exch def /llx exch def
/psz exch def /dsz exch def /wx exch def
% "PLOT" A CHARACTER'S RASTER PATTERN
rows 0 ne {
gsave
currentpoint translate psz dsz div dup scale
cols rows true RasterScaleFactor 0 0 RasterScaleFactor
neg llx .5 add neg ury .5 add tempmatrix astore
GenerateRasters imagemask
grestore
} if
wx x
} def
%
/AlignMark
%
% This procedure draws an alignment mark centered on the coordinate system
% origin. If the variable DEC$EDMS_SEPARATE_COLORS = 0 then a "positive"
% alignment mark is drawn. If DEC$EDMS_SEPARATE_COLORS <> 0 then a "negative"
% alignment mark is drawn.
%
% Formal Arguments: NONE
%
% Referenced Variables: DEC$EDMS_SEPARATE_COLORS
%
% Referenced Procedures: NONE
%
% Side Effects: NONE
%
{ DEC$EDMS_SEPARATE_COLORS 0 eq
{ 0 0 300 0 360 arc
0 -450 moveto 0 450 lineto -450 0 moveto 450 0 lineto stroke }
{ 0 0 450 0 360 arc fill 1 setgray 0 0 300 0 360 arc
0 -450 moveto 0 450 lineto -450 0 moveto 450 0 lineto stroke 0 setgray }
ifelse
} def
/SC
% If not making film, the following procedure sets the current color using the
% RGB color model. If making film, the procedure notes the "color pass" and,
% if the specified color index matches the color pass, subsequent marks are
% written in black. If the specified color index does not match the color pass,
% marks are written in white. Use of colors on individual pages is also tracked
% to allow pages that don't use a particular color to be suppressed on that
% color pass (by the code in the /PP routine).
%
% Formal Arguments: color index (on stack)
%
% Referenced Variables: Colorsused
% DEC$EDMS_SEPARATE_COLORS
% DEC$EDMS_SUPPRESS_COLOR
%
% Referenced Procedures: NONE
%
% Side Effects: Modifies the variable Colorsused to record use of the color.
%
{ /DEC$EDMS_SUPPRESS_COLOR where % if suppressing color
{ pop 0 setgray pop } % .then set "color" to Black
{ /DEC$EDMS_SEPARATE_COLORS where % .else if separating colors
{ pop dup DEC$EDMS_SEPARATE_COLORS eq % ..and if on this color pass
{ 0 setgray /Colorsused Colorsused % ...then write black (do write)
2 3 index exp cvi or def } % ...and note use of the "color"
{ 1 setgray } ifelse pop } % ...else write white (don't write)
{ dup ( ) cvs dup length 15 add string % ..using the color index,
/tstr exch def % ..build up the name of the
tstr 0 (DEC$EDMS_COLOR_) putinterval % ..potential external color
tstr exch 15 exch putinterval % ..name procedure
tstr cvn where % ..and see if it is defined
{ pop pop tstr cvn cvx exec } % ...if it is, execute it
{ DEC$EDMS_COLOR_ARRAY exch get % ..else execute the internal
exec } ifelse % ..color setting procedure
} ifelse
} ifelse
} def
/RV % .. gross recto/verso translate
{ /DEC$EDMS_ENABLE_RECTOVERSO where
{ pop
/RVmatrix DEC$EDMS_ENABLE_RECTOVERSO 50 mul 0 matrix translate def
RVmatrix concat
} if
} def
end %DEC_DVC$dict
%%EndProlog
%%BeginSetup
/DEC$EDMS_MAKE_FILM where % if we are making film...
{ pop % ..clean up the stack
54 dup translate % ..make room for the film info
} if
BeginDVC$PSDoc
/PaperWidth 8.500 Resolution mul def
/PaperHeight 11.000 Resolution mul def
/Ymax PaperHeight def
CLRP 300 3600 RES
%> Postamble of file DISK_LINN:[000000.GSSAPI]GSSAPI_ID.DVI_PS.
% DefineFont:F98 Category:10 Pointsize:9
/Courier /Courier@DOCPSE DOCPSE ReENCODE
/F98 450.0 /Courier@DOCPSE DPSF
% DefineFont:F90 Category:10 Pointsize:6
/Times-Roman /Times-Roman@DOCPSE DOCPSE ReENCODE
/F90 300.0 /Times-Roman@DOCPSE DPSF
% DefineFont:F86 Category:10 Pointsize:8
/F86 400.0 /Times-Roman@DOCPSE DPSF
% DefineFont:F74 Category:10 Pointsize:11
/F74 550.0 /Times-Roman@DOCPSE DPSF
% DefineFont:F40 Category:10 Pointsize:9
/Helvetica-Bold /Helvetica-Bold@DOCPSE DOCPSE ReENCODE
/F40 450.0 /Helvetica-Bold@DOCPSE DPSF
% DefineFont:F38 Category:10 Pointsize:9
/Helvetica /Helvetica@DOCPSE DOCPSE ReENCODE
/F38 450.0 /Helvetica@DOCPSE DPSF
% DefineFont:F36 Category:10 Pointsize:10
/F36 500.0 /Helvetica-Bold@DOCPSE DPSF
% DefineFont:F32 Category:10 Pointsize:11
/F32 550.0 /Helvetica-Bold@DOCPSE DPSF
% DefineFont:F28 Category:10 Pointsize:12
/F28 600.0 /Helvetica-Bold@DOCPSE DPSF
% DefineFont:F24 Category:10 Pointsize:14
/F24 700.0 /Helvetica-Bold@DOCPSE DPSF
%%BeginDEC$EDMSInfo
/DEC$EDMS_DOCUMENT_ID () def
/DEC$EDMS_COLOR_NAMES [ (BLACK) (BLACK) (BLACK) (BLACK) ] def
/DEC$EDMS_COLOR_ARRAY [
{ 0 setgray } %color 0 procedure
{ 0 setgray } %color 1 procedure
{ 0 setgray } %color 2 procedure
{ 0 setgray } %color 3 procedure
] def
/DEC$EDMS_TOTAL_PAGES 0 def
%%EndDEC$EDMSInfo
/DEC$EDMS_MAKE_FILM where
{ pop /DEC$EDMS_SEPARATE_COLORS where
{ pop }
{ (ERROR - DEC$EDMS_MAKE_FILM requires DEC$EDMS_SEPARATE_COLORS be defined) = quit } ifelse
} if
/DEC$EDMS_SEPARATE_COLORS where
{ pop /DEC$EDMS_SUPPRESS_COLOR where
{ pop (ERROR - DEC$EDMS_SEPARATE_COLORS and DEC$EDMS_SUPPRESS_COLOR are mutually exclusive) = quit } if
DEC$EDMS_SEPARATE_COLORS 1 gt { (ERROR - No such color used in this file) = quit } if
} if
/DVC$PSFonts save def
%%EndSetup
%
%%Page: 1 1
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 14388 3976 XY F74(John)S 265 x
(Linn)S 13766 X 648 y(Secure)S 261 x(Systems)S 12021 X 648 y(Digital)S
248 x(Equipment)S 247 x(Corpora)S 2 x(tion)S 11955 X 647 y(295)S 245 x
(Foster)S 247 x(Street,)S 263 x(L)S -51 x(TN1-1/D07)S 12529 X 648 y
(Littlet)S 2 x(on,)S 267 x(MA)S 250 x(01460-1)S -20 x(123)S 12556 X
647 y(Linn@zendia.ene)S 2 x(t.dec.com)S 6215 8509 XY F24(Generic)S 255 x
(Security)S 255 x(Service)S 255 x(Application)S 255 x(Program)S 256 x
(Interface)S 3899 9556 XY F28(1)S 598 x(GSS-API)S 198 x(Characteristic)S
2 x(s)S 199 x(and)S 200 x(Concepts)S 3899 10552 XY F74(This)S 158 x
(Generic)S 159 x(Security)S 159 x(Service)S 158 x(Applicat)S 2 x(ion)S
158 x(Program)S 158 x(Inter)S 2 x(face)S 159 x(\(GSS-API\))S 157 x(de\211nition)S
159 x(provides)S 159 x(security)S 159 x(ser-)S 3899 X 647 y(vices)S
147 x(to)S 147 x(call)S 2 x(ers)S 147 x(in)S 147 x(a)S 147 x(generic)S
148 x(fashion,)S 155 x(supportable)S 148 x(with)S 147 x(a)S 147 x(range)S
147 x(of)S 147 x(underlyi)S 2 x(ng)S 146 x(mechani)S 2 x(sms)S 147 x
(and)S 147 x(technologies)S 3899 X 648 y(and)S 161 x(hence)S 161 x(allowing)S
161 x(source-)S 2 x(level)S 162 x(portabili)S 2 x(ty)S 160 x(of)S 161 x
(applic)S 2 x(ations)S 161 x(to)S 161 x(dif)S -9 x(ferent)S 162 x(environme)S
2 x(nts.)S 236 x(This)S 161 x(document)S 162 x(de-)S 3899 X 647 y(\211nes)S
150 x(GSS-AP)S -2 x(I)S 150 x(servi)S 2 x(ces)S 150 x(and)S 150 x(primit)S
2 x(ives)S 150 x(at)S 150 x(a)S 150 x(level)S 151 x(independent)S 151 x
(of)S 150 x(underlying)S 151 x(mechanis)S 2 x(m)S 150 x(and)S 149 x
(progra)S 2 x(mming)S 3899 X 648 y(language)S 184 x(environment,)S 184 x
(and)S 183 x(is)S 183 x(to)S 183 x(be)S 183 x(compleme)S 2 x(nted)S
183 x(by)S 183 x(other)S -21 x(,)S 182 x(rela)S 2 x(ted)S 183 x(documents:)S
3899 X 897 y(\201)S 854 x(documents)S 184 x(de\211ning)S 183 x(speci\211c)S
183 x(param)S 2 x(eter)S 184 x(bindings)S 183 x(for)S 183 x(part)S 2 x
(icular)S 184 x(language)S 184 x(environments)S 3899 X 896 y(\201)S
854 x(documents)S 187 x(de\211ning)S 187 x(token)S 186 x(form)S 2 x
(ats,)S 187 x(protocol)S 2 x(s,)S 187 x(and)S 186 x(procedur)S 2 x(es)S
186 x(to)S 187 x(be)S 186 x(imple)S 2 x(mented)S 187 x(in)S 186 x(order)S
188 x(to)S 186 x(real)S 2 x(ize)S 4945 X 648 y(GSS-API)S 182 x(service)S
2 x(s)S 182 x(atop)S 184 x(particul)S 2 x(ar)S 183 x(securit)S 2 x(y)S
182 x(mechani)S 2 x(sms)S 3899 16679 XY(The)S 216 x(GSS-API)S 215 x
(separat)S 2 x(es)S 216 x(the)S 216 x(operat)S 2 x(ions)S 216 x(of)S
216 x(initi)S 2 x(alizing)S 217 x(a)S 216 x(secur)S 2 x(ity)S 216 x
(context)S 217 x(between)S 217 x(peers,)S 225 x(achievi)S 2 x(ng)S 215 x
(peer)S 3899 X 647 y(entity)S 227 x(authentica)S 2 x(tion)S -180 y F86
(1)S 251 x 180 y F74(\(GSS_Init_sec_c)S 2 x(ontext)S(\()S 84 x(\))S
226 x(and)S 226 x(GSS_A)S -2 x(ccept_s)S 2 x(ec_context)S(\()S 85 x
(\))S 226 x(calls\))S 2 x(,)S 236 x(from)S 227 x(the)S 226 x(opera-)S
3899 X 648 y(tions)S 177 x(of)S 177 x(providing)S 177 x(per)S -10 x
(-messa)S 2 x(ge)S 176 x(data)S 178 x(origin)S 177 x(authentic)S 2 x
(ation)S 177 x(and)S 177 x(data)S 177 x(integri)S 2 x(ty)S 176 x(protec)S
2 x(tion)S 177 x(\(GSS_Sign)S(\()S 82 x(\))S 177 x(and)S 3899 X 648 y
(GSS_V)S -62 x(erify)S(\()S 85 x(\))S 153 x(call)S 2 x(s\))S 154 x(for)S
154 x(message)S 2 x(s)S 153 x(subsequentl)S 2 x(y)S 153 x(transf)S 2 x
(erred)S 155 x(in)S 153 x(conjuncti)S 2 x(on)S 153 x(with)S 154 x(that)S
154 x(context.)S 235 x(Per)S -10 x(-message)S 3899 X 647 y(GSS_S)S -2 x
(eal)S(\()S 85 x(\))S 217 x(and)S 217 x(GSS_Unseal)S(\()S 83 x(\))S
217 x(call)S 2 x(s)S 217 x(provide)S 218 x(the)S 217 x(data)S 218 x
(origin)S 217 x(authent)S 2 x(ication)S 218 x(and)S 217 x(data)S 218 x
(integrit)S 2 x(y)S 217 x(services)S 3899 X 648 y(which)S 217 x(GSS_Sign)S
(\()S 83 x(\))S 217 x(and)S 218 x(GSS)S -2 x(_V)S -61 x(erif)S 2 x(y)S
(\()S 83 x(\))S 218 x(of)S -10 x(fer)S -20 x(,)S 225 x(and)S 218 x(also)S
218 x(support)S 218 x(selecti)S 2 x(on)S 217 x(of)S 217 x(con\211dential)S
2 x(ity)S 218 x(services)S 219 x(as)S 217 x(a)S 3899 X 647 y(caller)S
185 x(option.)S 244 x(Additional)S 183 x(call)S 2 x(s)S 182 x(provide)S
184 x(supportive)S 184 x(functions)S 184 x(to)S 183 x(the)S 183 x(GSS-API')S
-30 x(s)S 183 x(users.)S 3899 21560 XY(The)S 183 x(GSS-AP)S -2 x(I)S
183 x(design)S 184 x(assumes)S 184 x(and)S 183 x(addresses)S 184 x(several)S
184 x(basic)S 184 x(goals,)S 183 x(includi)S 2 x(ng:)S 3899 X 897 y
(\201)S 854 x(Mechanism)S 262 x(independenc)S 2 x(e:)S 399 x(The)S 261 x
(GSS-API)S 260 x(de\211nes)S 260 x(an)S 261 x(inter)S 2 x(face)S 262 x
(to)S 260 x(cryptogr)S 2 x(aphicall)S 2 x(y)S 260 x(implem)S 2 x(ented)S
4945 X 648 y(strong)S 152 x(authenti)S 2 x(cation)S 152 x(and)S 152 x
(other)S 152 x(securi)S 2 x(ty)S 151 x(servi)S 2 x(ces)S 152 x(at)S
152 x(a)S 151 x(generi)S 2 x(c)S 151 x(level)S 153 x(which)S 151 x(is)S
152 x(independent)S 153 x(of)S 152 x(particul)S 2 x(ar)S 4945 X 647 y
(underlying)S 129 x(mechani)S 2 x(sms.)S 225 x(For)S 128 x(exampl)S
2 x(e,)S 139 x(GSS-AP)S -2 x(I-pr)S 2 x(ovided)S 128 x(servic)S 2 x
(es)S 128 x(can)S 129 x(be)S 128 x(impleme)S 2 x(nted)S 128 x(by)S 128 x
(secret)S 2 x(-key)S 4945 X 648 y(technologie)S 2 x(s)S 182 x(\(e.g.,)S
184 x(Kerberos\))S 184 x(or)S 183 x(public-)S 2 x(key)S 182 x(approac)S
2 x(hes)S 183 x(\(e.g.,)S 183 x(X.509\).)S 3899 X 896 y(\201)S 854 x
(Protocol)S 188 x(environment)S 189 x(independence:)S 253 x(The)S 187 x
(GSS-API)S 186 x(is)S 188 x(independent)S 188 x(of)S 187 x(the)S 188 x
(communica)S 2 x(tions)S 187 x(protocol)S 4945 X 648 y(suites)S 238 x
(with)S 236 x(which)S 237 x(it)S 237 x(is)S 237 x(employed,)S 251 x
(permi)S 2 x(tting)S 237 x(use)S 237 x(in)S 237 x(a)S 237 x(broad)S
237 x(range)S 237 x(of)S 237 x(protocol)S 238 x(environment)S 2 x(s.)S
405 x(In)S 4945 X 648 y(appropria)S 2 x(te)S 162 x(environments)S 2 x
(,)S 165 x(an)S 162 x(intermedi)S 2 x(ate)S 162 x(impleme)S 2 x(ntation)S
162 x("veneer")S 162 x(which)S 161 x(is)S 162 x(oriented)S 163 x(to)S
161 x(a)S 162 x(particul)S 2 x(ar)S 4945 X 647 y(communica)S 2 x(tion)S
263 x(protocol)S 263 x(\(e.g.,)S 283 x(RPC)S 263 x(or)S 262 x(ACSE\))S
263 x(may)S 262 x(be)S 263 x(interpose)S 2 x(d)S 262 x(between)S 263 x
(applicat)S 2 x(ions)S 262 x(and)S 263 x(the)S 4945 X 648 y(GSS-API,)S
182 x(invoking)S 183 x(GSS-API)S 182 x(facili)S 2 x(ties)S 183 x(in)S
183 x(conjuncti)S 2 x(on)S 182 x(with)S 183 x(the)S 184 x(selecte)S
2 x(d)S 182 x(protocol.)S 3899 X 896 y(\201)S 854 x(Protocol)S 254 x
(associa)S 2 x(tion)S 254 x(independence:)S 386 x(The)S 254 x(GSS-API')S
-31 x(s)S 254 x(securit)S 2 x(y)S 253 x(context)S 254 x(constr)S 2 x
(uct)S 254 x(is)S 253 x(independent)S 255 x(of)S 4945 X 648 y(communica)S
2 x(tions)S 219 x(protocol)S 219 x(associa)S 2 x(tion)S 218 x(constr)S
2 x(ucts.)S 351 x(This)S 218 x(charac)S 2 x(terist)S 2 x(ic)S 218 x
(allows)S 219 x(a)S 219 x(single)S 219 x(GSS-API)S 217 x(im-)S 4945 X
648 y(plementa)S 2 x(tion)S 190 x(to)S 190 x(be)S 190 x(utili)S 2 x
(zed)S 190 x(by)S 190 x(a)S 190 x(variety)S 191 x(of)S 190 x(invoking)S
191 x(protocol)S 191 x(modules)S 190 x(on)S 190 x(behalf)S 191 x(of)S
191 x(those)S 190 x(modules')S 4945 X 647 y(calli)S 2 x(ng)S 205 x(applicati)S
2 x(ons.)S 311 x(GSS-API)S 204 x(servic)S 2 x(es)S 205 x(can)S 206 x
(also)S 206 x(be)S 205 x(invoked)S 206 x(direct)S 2 x(ly)S 205 x(by)S
205 x(applica)S 2 x(tions,)S 211 x(wholly)S 205 x(inde-)S 4945 X 648 y
(pendent)S 183 x(of)S 183 x(protocol)S 184 x(associ)S 2 x(ations.)S
3899 34942 XY 6996 24 R 4123 35290 XY F90(1)S 225 x 141 y F86(This)S
164 x(security)S 164 x(service)S 164 x(de\211nition,)S 171 x(and)S 164 x
(other)S 164 x(de\211nitions)S 164 x(used)S 165 x(in)S 164 x(this)S
164 x(document,)S 172 x(corresponds)S 165 x(to)S 164 x(that)S 163 x
(provided)S 165 x(in)S 164 x(International)S 164 x(Standard)S 163 x
(ISO)S 4497 X 448 y(7498-2-1988\(E)S 2 x(\),)S 132 x(Security)S 132 x
(Architecture)S -2 x(.)S 23085 37554 XY F36(1)S -27 x(1\203June\2031991)S
498 x(1)S
%%EndCustomColor: 0
1 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 2 2
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(Suitabilit)S 2 x(y)S 184 x
(to)S 184 x(a)S 184 x(range)S 184 x(of)S 185 x(impleme)S 2 x(ntation)S
184 x(place)S 2 x(ments:)S 247 x(GSS-AP)S -2 x(I)S 185 x(clients)S 185 x
(are)S 185 x(not)S 184 x(constra)S 2 x(ined)S 184 x(to)S 184 x(reside)S
4945 X 648 y(within)S 214 x(any)S 214 x(T)S -20 x(rusted)S 215 x(Computing)S
214 x(Base)S 215 x(\(TCB\))S 215 x(perime)S 2 x(ter)S 214 x(de\211ned)S
214 x(on)S 213 x(a)S 214 x(system)S 214 x(where)S 214 x(the)S 214 x
(GSS-API)S 213 x(is)S 4945 X 648 y(impleme)S 2 x(nted;)S 181 x(securit)S
2 x(y)S 179 x(service)S 2 x(s)S 179 x(are)S 180 x(speci\211ed)S 180 x
(in)S 180 x(a)S 179 x(manner)S 181 x(suitable)S 181 x(to)S 179 x(both)S
180 x(intra-)S 2 x(TCB)S 179 x(and)S 180 x(extra-)S 2 x(TCB)S 4945 X
647 y(caller)S 2 x(s.)S 3899 7414 XY F32(1.1)S 547 x(GSS)S 2 x(-API)S
183 x(Constructs)S 3899 8410 XY F74(This)S 183 x(section)S 184 x(describe)S
2 x(s)S 182 x(basic)S 184 x(element)S 2 x(s)S 183 x(comprising)S 184 x
(the)S 183 x(GSS-API.)S 3899 9805 XY F32(1.1.1)S 547 x(Credentials)S
3899 X 896 y F74(Credent)S 2 x(ials)S 219 x(structur)S 2 x(es)S 218 x
(provide)S 219 x(the)S 219 x(prerequi)S 2 x(sites)S 219 x(enabling)S
219 x(peers)S 219 x(to)S 218 x(establ)S 2 x(ish)S 218 x(securi)S 2 x
(ty)S 218 x(contexts)S 219 x(with)S 219 x(each)S 3899 X 648 y(other)S
-29 x(.)S 399 x(GSS)S -2 x(-API)S 235 x(calle)S 2 x(rs)S 235 x(refer)S
2 x(ence)S 235 x(credenti)S 2 x(als)S 235 x(structur)S 2 x(es)S 235 x
(indirect)S 2 x(ly)S -36 x(,)S 248 x(through)S 235 x(explicit)S 236 x
(GSS-API-provided)S 3899 X 647 y(credenti)S 2 x(al)S 210 x(handles)S
210 x(\("cred_handl)S 2 x(es"\).)S 324 x(Alternative)S 2 x(ly)S -36 x
(,)S 216 x(a)S 210 x(caller)S 211 x(may)S 210 x(designate)S 211 x(that)S
210 x(its)S 210 x(defaul)S 2 x(t)S 209 x(crede)S 2 x(ntial)S 210 x(be)S
3899 X 648 y(used)S 183 x(for)S 183 x(context)S 184 x(establ)S 2 x(ishment)S
184 x(calls)S 184 x(without)S 183 x(presenti)S 2 x(ng)S 182 x(an)S 183 x
(explici)S 2 x(t)S 183 x(handle)S 183 x(to)S 183 x(that)S 184 x(credenti)S
2 x(al.)S 3899 13640 XY(A)S 176 x(single)S 177 x(crede)S 2 x(ntial)S
177 x(struc)S 2 x(ture)S 177 x(may)S 177 x(be)S 177 x(used)S 177 x(for)S
177 x(initia)S 2 x(tion)S 177 x(of)S 177 x(outbound)S 176 x(contexts)S
178 x(and)S 177 x(acceptanc)S 2 x(e)S 176 x(of)S 177 x(inbound)S 3899 X
648 y(contexts.)S 440 x(Caller)S 2 x(s)S 248 x(needing)S 248 x(to)S
248 x(operat)S 2 x(e)S 247 x(in)S 248 x(only)S 248 x(one)S 248 x(of)S
248 x(these)S 249 x(modes)S 248 x(may)S 249 x(designate)S 249 x(this)S
248 x(fact)S 249 x(when)S 248 x(cre-)S 3899 X 647 y(dentials)S 192 x
(are)S 192 x(acquired)S 192 x(for)S 191 x(use,)S 193 x(allowing)S 192 x
(underlying)S 191 x(mechani)S 2 x(sms)S 191 x(to)S 191 x(optimize)S
192 x(their)S 192 x(processi)S 2 x(ng)S 190 x(and)S 191 x(storage)S
3899 X 648 y(require)S 2 x(ments.)S 3899 16579 XY(A)S 163 x(single)S
164 x(credenti)S 2 x(al)S 163 x(struc)S 2 x(ture)S 164 x(may)S 163 x
(accom)S 2 x(odate)S 164 x(credentia)S 2 x(l)S 163 x(inform)S 2 x(ation)S
164 x(associat)S 2 x(ed)S 163 x(with)S 163 x(multi)S 2 x(ple)S 163 x
(underlyi)S 2 x(ng)S 3899 X 648 y(mechanism)S 2 x(s)S 185 x(\(mech_type)S
2 x(s\);)S 186 x(a)S 185 x(crede)S 2 x(ntial)S 186 x(structur)S 2 x
(e')S -30 x(s)S 185 x(contents)S 186 x(will)S 186 x(vary)S 185 x(depending)S
186 x(on)S 184 x(the)S 186 x(set)S 185 x(of)S 185 x(supported)S 3899 X
647 y(mech_types.)S 442 x(Commonly)S -34 x(,)S 264 x(a)S 249 x(single)S
249 x(mech_type)S 250 x(will)S 249 x(be)S 249 x(used)S 248 x(for)S 249 x
(all)S 250 x(securit)S 2 x(y)S 248 x(contexts)S 250 x(establishe)S 2 x
(d)S 248 x(by)S 248 x(a)S 3899 X 648 y(partic)S 2 x(ular)S 209 x(initiator)S
210 x(to)S 208 x(a)S 208 x(part)S 2 x(icular)S 209 x(tar)S -9 x(get;)S
222 x(the)S 209 x(primary)S 209 x(motivat)S 2 x(ion)S 208 x(for)S 209 x
(supporting)S 209 x(credent)S 2 x(ials)S 209 x(for)S 209 x(multiple)S
3899 X 647 y(mech_types)S 243 x(is)S 241 x(to)S 242 x(allow)S 241 x
(initi)S 2 x(ators)S 242 x(on)S 241 x(systems)S 243 x(which)S 241 x
(are)S 242 x(equipped)S 242 x(to)S 242 x(handle)S 242 x(multiple)S 243 x
(types)S 242 x(to)S 241 x(initi)S 2 x(ate)S 3899 X 648 y(contexts)S
233 x(to)S 231 x(tar)S -8 x(gets)S 232 x(on)S 231 x(other)S 233 x(systems)S
232 x(which)S 232 x(can)S 232 x(accomodat)S 2 x(e)S 231 x(only)S 232 x
(a)S 232 x(subset)S 232 x(of)S 232 x(the)S 232 x(set)S 232 x(supported)S
233 x(at)S 232 x(the)S 3899 X 648 y(initiat)S 2 x(or)S 20 x(')S -29 x
(s)S 183 x(system.)S 3899 21461 XY(It)S 188 x(is)S 187 x(the)S 188 x
(responsibil)S 2 x(ity)S 187 x(of)S 188 x(underlying)S 188 x(system-)S
2 x(speci\211c)S 188 x(mechanisms)S 189 x(and)S 187 x(OS)S 186 x(functions)S
189 x(below)S 187 x(the)S 187 x(GSS-API)S 3899 X 647 y(to)S 174 x(ensure)S
174 x(that)S 175 x(the)S 174 x(abilit)S 2 x(y)S 173 x(to)S 174 x(acquire)S
175 x(and)S 174 x(use)S 174 x(credenti)S 2 x(als)S 174 x(associa)S 2 x
(ted)S 174 x(with)S 174 x(a)S 173 x(given)S 174 x(identi)S 2 x(ty)S
174 x(is)S 174 x(constraine)S 2 x(d)S 173 x(to)S 3899 X 648 y(appropria)S
2 x(te)S 160 x(processe)S 2 x(s)S 159 x(within)S 161 x(a)S 160 x(system.)S
237 x(This)S 160 x(responsibil)S 2 x(ity)S 160 x(should)S 160 x(be)S
160 x(taken)S 161 x(seriousl)S 2 x(y)S 159 x(by)S 160 x(implem)S 2 x
(entors,)S 165 x(as)S 3899 X 648 y(the)S 133 x(ability)S 134 x(for)S
133 x(an)S 132 x(entity)S 134 x(to)S 132 x(utili)S 2 x(ze)S 132 x(a)S
133 x(principa)S 2 x(l')S -30 x(s)S 133 x(credenti)S 2 x(als)S 133 x
(is)S 132 x(equivale)S 2 x(nt)S 132 x(to)S 133 x(the)S 133 x(entity')S
-29 x(s)S 133 x(ability)S 134 x(to)S 132 x(successf)S 2 x(ully)S 3899 X
647 y(assert)S 184 x(that)S 184 x(principal)S 2 x(')S -30 x(s)S 183 x
(identity)S -34 x(.)S 3899 25047 XY(Once)S 259 x(a)S 260 x(set)S 260 x
(of)S 260 x(GSS-API)S 259 x(credentia)S 2 x(ls)S 260 x(is)S 259 x(esta)S
2 x(blished,)S 279 x(the)S 260 x(transf)S 2 x(erabili)S 2 x(ty)S 259 x
(of)S 260 x(that)S 261 x(credentia)S 2 x(ls)S 260 x(set)S 260 x(to)S
259 x(other)S 3899 X 648 y(processes)S 223 x(or)S 222 x(analogous)S
222 x(construct)S 2 x(s)S 221 x(within)S 222 x(a)S 221 x(system)S 223 x
(is)S 221 x(a)S 222 x(local)S 222 x(matt)S 2 x(er)S -21 x(,)S 230 x
(not)S 222 x(de\211ned)S 221 x(by)S 222 x(the)S 221 x(GSS-API.)S 221 x
(An)S 3899 X 648 y(example)S 173 x(local)S 172 x(policy)S 173 x(would)S
171 x(be)S 171 x(one)S 172 x(in)S 172 x(which)S 171 x(any)S 172 x(credenti)S
2 x(als)S 172 x(recei)S 2 x(ved)S 171 x(as)S 172 x(a)S 172 x(result)S
173 x(of)S 171 x(login)S 172 x(to)S 172 x(a)S 172 x(given)S 172 x(user)S
3899 X 647 y(account,)S 163 x(or)S 157 x(of)S 158 x(delegati)S 2 x(on)S
157 x(of)S 157 x(rights)S 158 x(to)S 157 x(that)S 158 x(account,)S 163 x
(are)S 158 x(acce)S 2 x(ssible)S 158 x(by)S -36 x(,)S 162 x(or)S 157 x
(tra)S 2 x(nsferabl)S 2 x(e)S 157 x(to,)S 162 x(processe)S 2 x(s)S 157 x
(running)S 3899 X 648 y(under)S 183 x(that)S 184 x(account.)S 3899 28634 XY
(The)S 185 x(credent)S 2 x(ial)S 186 x(establishm)S 2 x(ent)S 185 x
(process)S 187 x(\(parti)S 2 x(cularly)S 186 x(when)S 185 x(perfor)S
2 x(med)S 185 x(on)S 185 x(behalf)S 187 x(of)S 185 x(users)S 186 x(rathe)S
2 x(r)S 185 x(than)S 186 x(server)S 3899 X 648 y(processes)S 2 x(\))S
185 x(is)S 185 x(likely)S 185 x(to)S 185 x(requir)S 2 x(e)S 185 x(access)S
186 x(to)S 185 x(passwords)S 185 x(or)S 185 x(other)S 185 x(quantit)S
2 x(ies)S 185 x(which)S 185 x(should)S 185 x(be)S 184 x(prote)S 2 x
(cted)S 185 x(locally)S 3899 X 647 y(and)S 244 x(exposed)S 245 x(for)S
245 x(the)S 245 x(shortest)S 246 x(time)S 245 x(possible)S 2 x(.)S 428 x
(As)S 244 x(a)S 244 x(resul)S 2 x(t,)S 260 x(it)S 244 x(will)S 245 x
(often)S 246 x(be)S 244 x(appropria)S 2 x(te)S 245 x(for)S 245 x(prelimi)S
2 x(nary)S 3899 X 648 y(credenti)S 2 x(al)S 127 x(establi)S 2 x(shment)S
127 x(to)S 127 x(be)S 127 x(perform)S 2 x(ed)S 127 x(through)S 127 x
(local)S 128 x(means)S 127 x(at)S 127 x(user)S 128 x(login)S 127 x(time.)S
226 x(The)S 126 x(resul)S 2 x(ting)S 127 x(prelimi)S 2 x(nary)S 3899 X
647 y(credenti)S 2 x(als)S 183 x(would)S 183 x(be)S 183 x(set)S 183 x
(aside)S 184 x(\(in)S 183 x(a)S 183 x(system-)S 2 x(speci\211c)S 183 x
(fashi)S 2 x(on\))S 183 x(for)S 183 x(subsequent)S 184 x(use,)S 183 x
(either)S 2 x(:)S 3899 X 897 y(\201)S 854 x(to)S 232 x(be)S 232 x(accesse)S
2 x(d)S 231 x(by)S 232 x(an)S 232 x(invocati)S 2 x(on)S 231 x(of)S 232 x
(the)S 233 x(GSS-AP)S -2 x(I)S 232 x(GSS_Acquire_cred)S(\()S 85 x(\))S
232 x(call,)S 245 x(retur)S 2 x(ning)S 232 x(an)S 232 x(explicit)S 4945 X
647 y(handle)S 183 x(to)S 183 x(ref)S 2 x(erence)S 184 x(that)S 183 x
(crede)S 2 x(ntial)S 3899 X 897 y(\201)S 854 x(as)S 183 x(the)S 183 x
(defaul)S 2 x(t)S 183 x(credenti)S 2 x(als)S 183 x(install)S 2 x(ed)S
183 x(on)S 182 x(behalf)S 184 x(of)S 183 x(a)S 183 x(process)S 3899 37373 XY
F36(2)S 498 x(1)S -27 x(1\203June\2031991)S
%%EndCustomColor: 0
2 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 3 3
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3996 XY F32(1.1.2)S 547 x
(T)S -40 x(okens)S 3899 X 896 y F74(T)S -39 x(okens)S 138 x(are)S 137 x
(data)S 138 x(eleme)S 2 x(nts)S 137 x(transf)S 2 x(erred)S 138 x(between)S
138 x(GSS-AP)S -2 x(I)S 138 x(caller)S 2 x(s,)S 146 x(and)S 137 x(are)S
138 x(divided)S 137 x(into)S 138 x(two)S 137 x(classes.)S 230 x(Context-)S
3899 X 648 y(level)S 241 x(tokens)S 240 x(are)S 241 x(exchanged)S 241 x
(in)S 240 x(order)S 241 x(to)S 240 x(establish)S 241 x(and)S 240 x(manage)S
241 x(a)S 240 x(securit)S 2 x(y)S 239 x(context)S 241 x(between)S 241 x
(peers.)S 416 x(Per)S -11 x(-)S 3899 X 647 y(message)S 189 x(tokens)S
187 x(are)S 189 x(exchanged)S 188 x(in)S 187 x(conjunct)S 2 x(ion)S
187 x(with)S 187 x(an)S 188 x(establi)S 2 x(shed)S 187 x(context)S 189 x
(to)S 187 x(provide)S 188 x(protec)S 2 x(tive)S 188 x(security)S 3899 X
648 y(service)S 2 x(s)S 175 x(for)S 176 x(corre)S 2 x(sponding)S 175 x
(data)S 176 x(messages)S 2 x(.)S 241 x(The)S 175 x(interna)S 2 x(l)S
175 x(contents)S 177 x(of)S 175 x(both)S 176 x(classes)S 176 x(of)S
176 x(tokens)S 176 x(are)S 176 x(speci\211c)S 176 x(to)S 3899 X 648 y
(the)S 135 x(partic)S 2 x(ular)S 135 x(underlyi)S 2 x(ng)S 134 x(mechani)S
2 x(sm)S 134 x(used)S 135 x(to)S 135 x(support)S 136 x(the)S 135 x(GSS-AP)S
-2 x(I;)S 136 x(Appendix)S 134 x(B)S 135 x(of)S 135 x(this)S 136 x(document)S
135 x(provides)S 3899 X 647 y(a)S 220 x(uniform)S 221 x(recomme)S 2 x
(ndation)S 220 x(for)S 220 x(designer)S 2 x(s)S 220 x(of)S 220 x(GSS-AP)S
-2 x(I)S 220 x(support)S 221 x(mechanisms)S 2 x(,)S 228 x(encapsul)S
2 x(ating)S 220 x(mechani)S 2 x(sm-)S 3899 X 648 y(speci\211c)S 183 x
(infor)S 2 x(mation)S 184 x(along)S 183 x(with)S 183 x(a)S 183 x(globally-i)S
2 x(nterpret)S 2 x(able)S 183 x(mechani)S 2 x(sm)S 183 x(identi\211er)S
-29 x(.)S 3899 9774 XY(T)S -39 x(okens)S 232 x(are)S 233 x(opaque)S
232 x(from)S 233 x(the)S 232 x(viewpoint)S 232 x(of)S 232 x(GSS-API)S
231 x(caller)S 2 x(s.)S 390 x(They)S 232 x(are)S 233 x(generated)S 233 x
(within)S 232 x(the)S 232 x(GSS-API)S 3899 X 648 y(impleme)S 2 x(ntation)S
199 x(at)S 199 x(an)S 199 x(end)S 199 x(system,)S 203 x(provided)S 200 x
(to)S 198 x(a)S 199 x(GSS-API)S 198 x(caller)S 200 x(to)S 199 x(be)S
199 x(transfer)S 2 x(red)S 199 x(to)S 199 x(the)S 199 x(peer)S 199 x
(GSS-API)S 3899 X 647 y(caller)S 165 x(at)S 164 x(a)S 163 x(rem)S 2 x
(ote)S 163 x(end)S 164 x(system,)S 168 x(and)S 164 x(processed)S 164 x
(by)S 164 x(the)S 163 x(GSS-API)S 163 x(impleme)S 2 x(ntation)S 164 x
(at)S 164 x(that)S 164 x(remote)S 165 x(end)S 163 x(system.)S 3899 X
648 y(T)S -39 x(okens)S 172 x(may)S 171 x(be)S 171 x(output)S 172 x
(by)S 170 x(GSS-API)S 170 x(primi)S 2 x(tives)S 172 x(\(and)S 171 x
(are)S 172 x(to)S 171 x(be)S 171 x(tra)S 2 x(nsferre)S 2 x(d)S 170 x
(to)S 172 x(GSS-AP)S -2 x(I)S 172 x(peers\))S 172 x(independent)S 3899 X
647 y(of)S 211 x(the)S 211 x(status)S 212 x(indica)S 2 x(tions)S 211 x
(which)S 211 x(those)S 211 x(primi)S 2 x(tives)S 212 x(indicate.)S 329 x
(T)S -38 x(oken)S 210 x(tra)S 2 x(nsfer)S 212 x(may)S 211 x(take)S 212 x
(place)S 211 x(in)S 211 x(an)S 211 x(in-ba)S 2 x(nd)S 3899 X 648 y(manner)S
-21 x(,)S 205 x(integrat)S 2 x(ed)S 200 x(into)S 200 x(the)S 201 x(same)S
201 x(protocol)S 201 x(strea)S 2 x(m)S 200 x(used)S 200 x(by)S 200 x
(the)S 201 x(GSS-API)S 199 x(calle)S 2 x(rs)S 200 x(for)S 201 x(other)S
201 x(data)S 201 x(transf)S 2 x(ers,)S 3899 X 647 y(or)S 183 x(in)S
183 x(an)S 183 x(out-of-ba)S 2 x(nd)S 182 x(manner)S 184 x(across)S
184 x(a)S 183 x(logical)S 2 x(ly)S 183 x(separate)S 184 x(channel.)S
3899 14656 XY(Development)S 209 x(of)S 207 x(GSS-API)S 207 x(support)S
208 x(primit)S 2 x(ives)S 208 x(based)S 208 x(on)S 207 x(a)S 208 x(particul)S
2 x(ar)S 208 x(underlying)S 208 x(cryptogr)S 2 x(aphic)S 208 x(technique)S
3899 X 647 y(and)S 206 x(protocol)S 207 x(does)S 206 x(not)S 206 x(necessa)S
2 x(rily)S 206 x(imply)S 207 x(that)S 207 x(GSS-AP)S -2 x(I)S 207 x
(caller)S 2 x(s)S 205 x(invoking)S 207 x(that)S 206 x(GSS-API)S 205 x
(mechani)S 2 x(sm)S 206 x(type)S 3899 X 648 y(will)S 262 x(be)S 262 x
(able)S 262 x(to)S 262 x(inter)S 2 x(operate)S 263 x(with)S 262 x(peers)S
263 x(invoking)S 262 x(the)S 262 x(same)S 262 x(techni)S 2 x(que)S 262 x
(and)S 261 x(protocol)S 263 x(outside)S 263 x(the)S 262 x(GSS-)S 3899 X
647 y(API)S 233 x(paradigm.)S 396 x(For)S 233 x(example)S 2 x(,)S 245 x
(the)S 234 x(format)S 235 x(of)S 233 x(GSS-API)S 232 x(tokens)S 234 x
(de\211ned)S 233 x(in)S 234 x(conjunction)S 234 x(with)S 233 x(a)S 234 x
(particul)S 2 x(ar)S 3899 X 648 y(mechanism)S 2 x(,)S 241 x(and)S 230 x
(the)S 230 x(technique)S 2 x(s)S 229 x(used)S 230 x(to)S 230 x(integr)S
2 x(ate)S 230 x(those)S 230 x(tokens)S 231 x(into)S 230 x(caller)S 2 x
(s')S 230 x(protocols)S 2 x(,)S 241 x(may)S 230 x(not)S 230 x(be)S 230 x
(the)S 3899 X 647 y(same)S 184 x(as)S 183 x(those)S 183 x(used)S 183 x
(by)S 183 x(non-GSS-API)S 182 x(caller)S 2 x(s)S 183 x(of)S 183 x(the)S
183 x(same)S 184 x(underlying)S 183 x(techni)S 2 x(que.)S 3899 19288 XY
F32(1.1.3)S 547 x(Security)S 183 x(Contexts)S 3899 X 897 y F74(Security)S
164 x(contexts)S 165 x(are)S 164 x(establi)S 2 x(shed)S 163 x(between)S
164 x(peers,)S 168 x(using)S 164 x(credenti)S 2 x(als)S 163 x(esta)S
2 x(blished)S 164 x(locally)S 164 x(in)S 164 x(conjunction)S 164 x(with)S
3899 X 647 y(each)S 150 x(peer)S 151 x(or)S 150 x(rece)S 2 x(ived)S
150 x(by)S 149 x(peers)S 151 x(via)S 150 x(delega)S 2 x(tion.)S 233 x
(Multiple)S 151 x(contexts)S 151 x(may)S 150 x(exist)S 151 x(simulta)S
2 x(neously)S 150 x(between)S 150 x(a)S 150 x(pair)S 3899 X 648 y(of)S
169 x(peers,)S 173 x(using)S 169 x(the)S 170 x(same)S 170 x(or)S 169 x
(dif)S -9 x(ferent)S 170 x(sets)S 170 x(of)S 169 x(cre)S 2 x(dentials.)S
240 x(Coexist)S 2 x(ence)S 169 x(of)S 170 x(multiple)S 170 x(contexts)S
170 x(using)S 170 x(dif)S -9 x(ferent)S 3899 X 648 y(credenti)S 2 x
(als)S 184 x(allows)S 185 x(graceful)S 185 x(rollove)S 2 x(r)S 184 x
(when)S 183 x(crede)S 2 x(ntials)S 185 x(expire.)S 248 x(Distinction)S
185 x(among)S 184 x(multi)S 2 x(ple)S 184 x(contexts)S 185 x(based)S
3899 X 647 y(on)S 239 x(the)S 240 x(same)S 241 x(credenti)S 2 x(als)S
240 x(serves)S 241 x(applicati)S 2 x(ons)S 239 x(by)S 240 x(distinguishing)S
241 x(dif)S -9 x(ferent)S 241 x(message)S 241 x(stream)S 2 x(s)S 239 x
(in)S 240 x(a)S 240 x(security)S 3899 X 648 y(sense.)S 3899 24419 XY
(The)S 157 x(GSS-API)S 156 x(is)S 158 x(independent)S 158 x(of)S 158 x
(underlying)S 158 x(protocol)S 2 x(s)S 157 x(and)S 157 x(addressi)S
2 x(ng)S 157 x(structur)S 2 x(e,)S 162 x(and)S 158 x(depends)S 157 x
(on)S 157 x(its)S 158 x(call)S 2 x(ers)S 3899 X 648 y(to)S 179 x(transport)S
180 x(GSS-API-provided)S 179 x(data)S 179 x(elem)S 2 x(ents.)S 242 x
(As)S 179 x(a)S 178 x(resul)S 2 x(t)S 178 x(of)S 179 x(these)S 180 x
(factor)S 2 x(s,)S 179 x(it)S 179 x(is)S 179 x(a)S 179 x(caller)S 180 x
(responsibi)S 2 x(lity)S 179 x(to)S 3899 X 647 y(parse)S 148 x(communic)S
2 x(ated)S 148 x(messages,)S 156 x(separati)S 2 x(ng)S 147 x(GSS-API-related)S
149 x(data)S 148 x(elements)S 149 x(from)S 148 x(calle)S 2 x(r)S -11 x
(-provide)S 2 x(d)S 147 x(data.)S 232 x(The)S 3899 X 648 y(GSS-API)S
174 x(is)S 175 x(independent)S 177 x(of)S 175 x(connection)S 176 x(vs.)S
241 x(connect)S 2 x(ionless)S 176 x(orientat)S 2 x(ion)S 175 x(of)S
175 x(the)S 176 x(underlying)S 176 x(communica)S 2 x(tions)S 3899 X
647 y(service)S 2 x(.)S 3899 28006 XY(No)S 252 x(corr)S 2 x(elation)S
254 x(between)S 254 x(securit)S 2 x(y)S 253 x(context)S 254 x(and)S
253 x(communic)S 2 x(ations)S 254 x(protocol)S 254 x(associat)S 2 x
(ion)S 253 x(is)S 254 x(dictated)S -181 y F86(2)S 27 x 181 y F74(.)S
454 x(This)S 3899 X 647 y(separat)S 2 x(ion)S 207 x(allows)S 208 x(the)S
208 x(GSS-API)S 207 x(to)S 208 x(be)S 207 x(used)S 208 x(in)S 208 x
(a)S 208 x(wide)S 207 x(range)S 209 x(of)S 208 x(communicat)S 2 x(ions)S
207 x(environm)S 2 x(ents,)S 214 x(and)S 208 x(also)S 3899 X 648 y(simpli\211es)S
164 x(the)S 164 x(calli)S 2 x(ng)S 163 x(sequences)S 164 x(of)S 163 x
(the)S 164 x(individual)S 165 x(calls.)S 238 x(In)S 163 x(many)S 164 x
(cases)S 164 x(\(depending)S 164 x(on)S 163 x(underlyi)S 2 x(ng)S 163 x
(security)S 3899 X 647 y(protocol,)S 208 x(associat)S 2 x(ed)S 202 x
(mechanis)S 2 x(m,)S 207 x(and)S 202 x(availabi)S 2 x(lity)S 202 x(of)S
203 x(cached)S 203 x(informa)S 2 x(tion\),)S 208 x(the)S 202 x(state)S
203 x(infor)S 2 x(mation)S 203 x(required)S 3899 X 648 y(for)S 214 x
(context)S 215 x(setup)S 214 x(can)S 214 x(be)S 213 x(sent)S 215 x(concurrent)S
2 x(ly)S 213 x(with)S 214 x(initia)S 2 x(l)S 213 x(signed)S 214 x(user)S
215 x(data,)S 222 x(without)S 214 x(interposing)S 215 x(additional)S
3899 X 647 y(message)S 184 x(exchanges.)S 3899 34942 XY 6996 24 R 4123 35290 XY
F90(2)S 225 x 141 y F86(The)S 114 x(optional)S 113 x(channel)S 114 x
(binding)S 114 x(facility)S -27 x(,)S 117 x(discussed)S 114 x(in)S 113 x
(Section)S 113 x(1.1.6)S 113 x(of)S 113 x(this)S 113 x(document,)S 118 x
(represents)S 113 x(an)S 113 x(intentional)S 113 x(exception)S 114 x
(to)S 113 x(this)S 113 x(rule,)S 117 x(supporting)S 4497 X 448 y(additional)S
132 x(protection)S 133 x(features)S 132 x(within)S 133 x(GSS-)S -2 x
(API)S 132 x(supporting)S 134 x(mechanisms.)S 23085 37554 XY F36(1)S
-27 x(1\203June\2031991)S 498 x(3)S
%%EndCustomColor: 0
3 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 4 4
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3996 XY F32(1.1.4)S 547 x(Mechanism)S 182 x(T)S -41 x
(ypes)S 3899 X 896 y F74(In)S 129 x(order)S 130 x(to)S 129 x(initia)S
2 x(te)S 129 x(a)S 129 x(securi)S 2 x(ty)S 129 x(context)S 130 x(with)S
129 x(a)S 129 x(tar)S -9 x(get)S 129 x(peer)S -20 x(,)S 139 x(it)S 130 x
(is)S 129 x(necessar)S 2 x(y)S 128 x(to)S 130 x(identify)S 130 x(an)S
129 x(appropri)S 2 x(ate)S 129 x(underlyi)S 2 x(ng)S 3899 X 648 y(mechanism)S
200 x(type)S 198 x(\(mec)S 2 x(h_type\))S 199 x(which)S 198 x(is)S 198 x
(shared)S -181 y F86(3)S 224 x 181 y F74(with)S 199 x(that)S 199 x(peer)S
-30 x(.)S 290 x(It)S 199 x(is)S 198 x(recomm)S 2 x(ended)S 198 x(that)S
199 x(calle)S 2 x(rs)S 198 x(initi)S 2 x(ating)S 3899 X 647 y(contexts)S
238 x(use)S 236 x(a)S 237 x(default)S 238 x(mech_type)S 238 x(value,)S
251 x(allowing)S 237 x(system-)S 2 x(speci\211c)S 237 x(functions)S
238 x(within)S 237 x(or)S 237 x(invoked)S 237 x(by)S 236 x(the)S 3899 X
648 y(GSS-API)S 224 x(impleme)S 2 x(ntation)S 226 x(to)S 225 x(selec)S
2 x(t)S 225 x(the)S 226 x(appropriat)S 2 x(e)S 225 x(mech_type,)S 237 x
(but)S 225 x(calle)S 2 x(rs)S 225 x(may)S 226 x(direct)S 227 x(that)S
225 x(a)S 226 x(particul)S 2 x(ar)S 3899 X 648 y(mech_type)S 184 x(be)S
183 x(employed)S 184 x(when)S 182 x(necessar)S 2 x(y)S -36 x(.)S 3899 8479 XY
(The)S 199 x(means)S 199 x(for)S 200 x(identif)S 2 x(ying)S 198 x(a)S
199 x(mech_t)S 2 x(ype)S 198 x(for)S 200 x(use)S 199 x(in)S 199 x(establi)S
2 x(shing)S 199 x(a)S 199 x(securit)S 2 x(y)S 198 x(context)S 200 x
(with)S 199 x(a)S 199 x(peer)S 200 x(will)S 199 x(vary)S 3899 X 647 y
(in)S 183 x(dif)S -9 x(ferent)S 184 x(environme)S 2 x(nts)S 183 x(and)S
183 x(circums)S 2 x(tances;)S 184 x(examples)S 184 x(include)S 184 x
(\(but)S 183 x(are)S 184 x(not)S 183 x(limite)S 2 x(d)S 182 x(to\):)S
3899 X 897 y(\201)S 854 x(use)S 183 x(of)S 183 x(a)S 183 x(\211xed)S
183 x(mech_type,)S 184 x(de\211ned)S 182 x(by)S 183 x(con\211guration,)S
184 x(within)S 183 x(an)S 183 x(environment)S 3899 X 897 y(\201)S 854 x
(syntacti)S 2 x(c)S 183 x(convention)S 183 x(on)S 183 x(a)S 183 x(tar)S
-9 x(get-spec)S 2 x(i\211c)S 183 x(basis,)S 183 x(through)S 184 x(examinati)S
2 x(on)S 182 x(of)S 183 x(a)S 183 x(tar)S -9 x(get')S -29 x(s)S 183 x
(name)S 3899 X 896 y(\201)S 854 x(lookup)S 224 x(of)S 225 x(a)S 225 x
(tar)S -9 x(get')S -29 x(s)S 224 x(name)S 226 x(in)S 224 x(a)S 225 x
(naming)S 225 x(servic)S 2 x(e)S 224 x(or)S 225 x(other)S 225 x(databas)S
2 x(e)S 224 x(in)S 225 x(order)S 225 x(to)S 225 x(identif)S 2 x(y)S
224 x(mech_types)S 4945 X 648 y(supported)S 184 x(by)S 182 x(that)S
184 x(tar)S -9 x(get)S 3899 X 896 y(\201)S 854 x(explicit)S 184 x(negotia)S
2 x(tion)S 183 x(between)S 183 x(GSS-API)S 182 x(calle)S 2 x(rs)S 183 x
(in)S 183 x(advance)S 183 x(of)S 184 x(security)S 184 x(context)S 184 x
(setup)S 3899 14456 XY(When)S 229 x(transf)S 2 x(erred)S 230 x(between)S
229 x(GSS-API)S 228 x(peers,)S 241 x(mech_type)S 230 x(speci\211ers)S
230 x(serve)S 230 x(to)S 229 x(qualify)S 230 x(the)S 229 x(interpr)S
2 x(etation)S 230 x(of)S 3899 X 648 y(associat)S 2 x(ed)S 173 x(tokens.)S
241 x(T)S -38 x(o)S 173 x(preclude)S 175 x(ambiguous)S 174 x(interpr)S
2 x(etation)S 174 x(of)S 174 x(mech_type)S 175 x(speci\211ers,)S 176 x
(use)S 174 x(of)S 173 x(a)S 174 x(centra)S 2 x(lized)S 174 x(or)S 3899 X
648 y(hierar)S 2 x(chicall)S 2 x(y)S 182 x(struct)S 2 x(ured)S 183 x
(regist)S 2 x(ry)S 183 x(for)S 183 x(such)S 183 x(speci\211er)S 2 x
(s')S 183 x(values)S 184 x(is)S 183 x(appropriat)S 2 x(e.)S 3899 16748 XY
(It)S 166 x(is)S 165 x(appropri)S 2 x(ate)S 165 x(to)S 166 x(provide)S
166 x(some)S 165 x(guidance)S 166 x(and)S 166 x(examples)S 166 x(for)S
166 x(alloca)S 2 x(tion)S 165 x(of)S 166 x(mech_type)S 166 x(speci\211ers)S
167 x(to)S 165 x(dif)S -9 x(fer-)S 3899 X 647 y(ent)S 170 x(combinati)S
2 x(ons)S 169 x(of)S 170 x(underlyi)S 2 x(ng)S 169 x(cryptogr)S 2 x
(aphic)S 170 x(mechanism)S 2 x(s)S 169 x(and)S 170 x(protocols)S 2 x
(.)S 239 x(Minimall)S 2 x(y)S -36 x(,)S 172 x(mechani)S 2 x(sms)S 170 x
(based)S 3899 X 648 y(on)S 147 x(incompatibl)S 2 x(e)S 147 x(cryptographi)S
2 x(c)S 147 x(techniques)S 148 x(should)S 147 x(be)S 147 x(disti)S 2 x
(nguished)S 147 x(with)S 147 x(dif)S -9 x(ferent)S 148 x(mech_t)S 2 x
(ypes;)S 159 x(a)S 147 x(pure)S 148 x(Ker-)S 3899 X 648 y(beros)S 146 x
(imple)S 2 x(mentation,)S 154 x(for)S 147 x(example)S 2 x(,)S 153 x
(would)S 145 x(not)S 146 x(be)S 146 x(direct)S 2 x(ly)S 146 x(interoper)S
2 x(able)S 146 x(with)S 146 x(a)S 146 x(public-)S 2 x(key)S 145 x(imple)S
2 x(mentati)S 2 x(on)S 3899 X 647 y(of)S 183 x(X.509)S 182 x(strong)S
184 x(authentica)S 2 x(tion)S 183 x(and)S 183 x(should)S 183 x(be)S
183 x(distinguishe)S 2 x(d)S 182 x(with)S 183 x(a)S 183 x(separat)S
2 x(e)S 183 x(speci\211er)S -29 x(.)S 3899 20334 XY(Finer)S -10 x(-grained)S
182 x(mech_type)S 182 x(discri)S 2 x(mination)S 182 x(within)S 181 x
(class)S 2 x(es)S 181 x(which)S 181 x(are)S 181 x(based)S 182 x(on)S
181 x(common)S 181 x(cryptogr)S 2 x(aphic)S 181 x(tech-)S 3899 X 648 y
(niques)S 257 x(can)S 258 x(also)S 257 x(be)S 257 x(appropri)S 2 x(ate.)S
467 x(This)S 257 x(is)S 257 x(partic)S 2 x(ularly)S 258 x(true)S 258 x
(when)S 256 x(it)S 258 x(is)S 257 x(necessar)S 2 x(y)S 257 x(to)S 257 x
(distinguish)S 258 x(among)S 3899 X 647 y(dif)S -9 x(ferent)S 254 x
(securi)S 2 x(ty)S 253 x(protocols)S 254 x(requiri)S 2 x(ng)S 252 x
(exchange)S 254 x(of)S 253 x(dif)S -9 x(ferent)S 254 x(numbers)S 254 x
(of)S 253 x(messages)S 254 x(\(e.g.,)S 271 x(Kerberos)S 254 x(V5)S 3899 X
648 y(single-TGT)S 186 x(vs.)S 250 x(double-TGT)S 185 x(cases\))S 2 x
(.)S 250 x(In)S 185 x(this)S 186 x(example)S 2 x(,)S 185 x(given)S 186 x
(availabil)S 2 x(ity)S 185 x(of)S 186 x(a)S 185 x(direct)S 2 x(ory)S
185 x(or)S 185 x(other)S 186 x(means)S 186 x(to)S 3899 X 648 y(identif)S
2 x(y)S 151 x(a)S 151 x(prospect)S 2 x(ive)S 151 x(peer)S 22 x(')S -30 x
(s)S 151 x(supported)S 152 x(protocol)S 153 x(set)S 152 x(in)S 151 x
(advance,)S 159 x(mech_type)S 152 x(speci\211cat)S 2 x(ion)S 151 x(corre)S
2 x(sponding)S 151 x(to)S 3899 X 647 y(a)S 166 x(parti)S 2 x(cular)S
167 x(underlying)S 167 x(protocol)S 168 x(avoids)S 167 x(the)S 166 x
(need)S 167 x(to)S 166 x(exchange)S 167 x(unnecessa)S 2 x(ry)S 166 x
(peer)S -10 x(-peer)S 168 x(messages)S 168 x(in)S 166 x(order)S 167 x
(to)S 3899 X 648 y(dynamical)S 2 x(ly)S 184 x(discover)S 186 x(the)S
185 x(speci\211c)S 186 x(protocol)S 185 x(requi)S 2 x(red)S 185 x(to)S
184 x(establ)S 2 x(ish)S 185 x(a)S 184 x(parti)S 2 x(cular)S 186 x(context.)S
250 x(On)S 184 x(the)S 185 x(other)S 185 x(hand,)S 3899 X 647 y(if)S
193 x(an)S 193 x(environm)S 2 x(ent)S 193 x(had)S 193 x(no)S 193 x(out-of-ba)S
2 x(nd)S 192 x(means)S 194 x(availa)S 2 x(ble)S 193 x(to)S 193 x(determ)S
2 x(ine)S 193 x(the)S 193 x(speci\211c)S 194 x(protocol)S 194 x(requir)S
2 x(ed)S 193 x(for)S 193 x(a)S 3899 X 648 y(partic)S 2 x(ular)S 195 x
(peer)S -20 x(,)S 197 x(dynamic)S 196 x(negotiat)S 2 x(ion)S 195 x(embodied)S
196 x(in)S 195 x(de\211ned)S 195 x(tokens)S 195 x(of)S 196 x(a)S 195 x
("Kerberos-negoti)S 2 x(ated")S 195 x(mech_type)S 3899 X 647 y(could)S
183 x(be)S 183 x(appropria)S 2 x(te.)S 3899 27557 XY F32(1.1.5)S 547 x
(Naming)S 3899 X 897 y F74(The)S 146 x(GSS-AP)S -2 x(I)S 147 x(avoids)S
146 x(prescr)S 2 x(iption)S 146 x(of)S 146 x(naming)S 147 x(struct)S
2 x(ures,)S 154 x(treati)S 2 x(ng)S 145 x(the)S 147 x(names)S 146 x
(tra)S 2 x(nsferre)S 2 x(d)S 145 x(across)S 147 x(the)S 147 x(interf)S
2 x(ace)S 3899 X 647 y(in)S 167 x(order)S 167 x(to)S 167 x(initi)S 2 x
(ate)S 167 x(and)S 167 x(accept)S 168 x(securit)S 2 x(y)S 166 x(contexts)S
168 x(as)S 167 x(opaque)S 167 x(octet)S 168 x(string)S 168 x(quantitie)S
2 x(s.)S 238 x(This)S 167 x(approach)S 167 x(supports)S 3899 X 648 y
(the)S 153 x(GSS-API')S -30 x(s)S 152 x(goal)S 154 x(of)S 153 x(impleme)S
2 x(ntabilit)S 2 x(y)S 152 x(atop)S 153 x(a)S 153 x(range)S 154 x(of)S
153 x(underlyi)S 2 x(ng)S 152 x(securi)S 2 x(ty)S 153 x(mechanism)S
2 x(s,)S 158 x(recogni)S 2 x(zing)S 153 x(the)S 3899 X 648 y(fact)S
215 x(that)S 214 x(dif)S -9 x(fere)S 2 x(nt)S 213 x(mechani)S 2 x(sms)S
214 x(process)S 215 x(and)S 213 x(authenti)S 2 x(cate)S 214 x(names)S
215 x(which)S 213 x(are)S 215 x(presente)S 2 x(d)S 213 x(in)S 214 x
(dif)S -9 x(ferent)S 215 x(forms.)S 3899 X 647 y(Generaliz)S 2 x(ed)S
258 x(servic)S 2 x(es)S 258 x(of)S -9 x(fering)S 260 x(translat)S 2 x
(ion)S 258 x(functi)S 2 x(ons)S 258 x(among)S 259 x(arbitra)S 2 x(ry)S
258 x(sets)S 260 x(of)S 258 x(naming)S 259 x(environme)S 2 x(nts)S 258 x
(are)S 3899 X 648 y(outside)S 183 x(the)S 183 x(scope)S 183 x(of)S 183 x
(the)S 183 x(GSS-API;)S 182 x(avail)S 2 x(ability)S 184 x(and)S 182 x
(use)S 183 x(of)S 183 x(local)S 184 x(conversion)S 183 x(functi)S 2 x
(ons)S 182 x(to)S 183 x(transl)S 2 x(ate)S 183 x(among)S 3899 X 647 y
(the)S 183 x(naming)S 184 x(formats)S 184 x(supported)S 184 x(within)S
183 x(a)S 183 x(given)S 183 x(end)S 183 x(system)S 184 x(is)S 183 x
(antici)S 2 x(pated.)S 3899 34942 XY 6996 24 R 4123 35290 XY F90(3)S
225 x 141 y F86(The)S 170 x(set)S 169 x(of)S 169 x(mech_types)S 170 x
(which)S 169 x(an)S 169 x(entity)S 169 x(may)S 170 x(assert)S 169 x
(as)S 169 x(an)S 169 x(initiator)S 168 x(in)S 170 x(establishing)S 169 x
(contexts)S 170 x(to)S 169 x(others)S 169 x(need)S 170 x(not)S 169 x
(be)S 170 x(the)S 169 x(same)S 169 x(as)S 169 x(the)S 170 x(set)S 169 x
(of)S 4497 X 448 y(mech_types)S 133 x(with)S 133 x(which)S 132 x(it)S
133 x(can)S 133 x(accept)S 132 x(incoming)S 134 x(contexts)S 133 x(from)S
132 x(others.)S 3899 37554 XY F36(4)S 498 x(1)S -27 x(1\203June\2031991)S
%%EndCustomColor: 0
4 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 5 5
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(T)S -39 x(wo)S
160 x(disti)S 2 x(nct)S 161 x(classes)S 162 x(of)S 161 x(name)S 161 x
(repres)S 2 x(entations)S 162 x(are)S 161 x(used)S 161 x(in)S 161 x
(conjunction)S 162 x(with)S 161 x(dif)S -10 x(fer)S 2 x(ent)S 161 x
(GSS-AP)S -2 x(I)S 161 x(param)S 2 x(eters:)S 3899 X 897 y(\201)S 854 x
(a)S 246 x(printa)S 2 x(ble)S 246 x(form)S 248 x(\(denoted)S 247 x(by)S
246 x(OCTET)S 246 x(STRING\),)S 246 x(for)S 247 x(accept)S 2 x(ance)S
246 x(from)S 248 x(and)S 246 x(present)S 2 x(ation)S 247 x(to)S 246 x
(users;)S 4945 X 648 y(printabl)S 2 x(e)S 161 x(name)S 162 x(form)S
2 x(s)S 161 x(are)S 162 x(accompa)S 2 x(nied)S 162 x(by)S 161 x(OBJECT)S
161 x(IDENTIFIER)S 162 x(tags)S 162 x(identif)S 2 x(ying)S 161 x(the)S
162 x(namespac)S 2 x(e)S 161 x(to)S 4945 X 647 y(which)S 183 x(they)S
183 x(corres)S 2 x(pond)S 3899 X 897 y(\201)S 854 x(an)S 251 x(interna)S
2 x(l)S 251 x(form)S 252 x(\(denoted)S 252 x(by)S 250 x(INTERNAL)S 250 x
(NAME\),)S 250 x(opaque)S 252 x(to)S 251 x(caller)S 2 x(s)S 250 x(and)S
251 x(de\211ned)S 251 x(by)S 251 x(individual)S 4945 X 647 y(GSS-API)S
183 x(imple)S 2 x(mentations;)S 187 x(GSS-AP)S -2 x(I)S 185 x(implem)S
2 x(entations)S 186 x(supporting)S 185 x(multiple)S 186 x(namespac)S
2 x(e)S 184 x(types)S 185 x(are)S 185 x(re-)S 4945 X 648 y(sponsible)S
184 x(for)S 183 x(maint)S 2 x(aining)S 183 x(interna)S 2 x(l)S 183 x
(tags)S 183 x(to)S 183 x(disambigua)S 2 x(te)S 183 x(the)S 183 x(interpr)S
2 x(etation)S 184 x(of)S 183 x(parti)S 2 x(cular)S 183 x(names)S 3899 9456 XY
(T)S -39 x(agging)S 126 x(of)S 125 x(printable)S 126 x(names)S 126 x
(allows)S 125 x(GSS-API)S 124 x(calle)S 2 x(rs)S 125 x(and)S 125 x(underlying)S
126 x(GSS-AP)S -2 x(I)S 126 x(mechanisms)S 126 x(to)S 125 x(disambi)S
2 x(guate)S 3899 X 647 y(name)S 269 x(types)S 269 x(and)S 268 x(to)S
269 x(determ)S 2 x(ine)S 268 x(whether)S 270 x(an)S 268 x(associa)S
2 x(ted)S 268 x(name')S -28 x(s)S 268 x(type)S 269 x(is)S 268 x(one)S
269 x(which)S 268 x(they)S 269 x(are)S 269 x(capable)S 270 x(of)S 3899 X
648 y(processing,)S 180 x(avoiding)S 178 x(aliasi)S 2 x(ng)S 177 x(problems)S
179 x(which)S 177 x(could)S 178 x(result)S 179 x(from)S 179 x(misinter)S
2 x(preting)S 178 x(a)S 178 x(name)S 178 x(of)S 178 x(one)S 178 x(type)S
177 x(as)S 178 x(a)S 3899 X 648 y(name)S 183 x(of)S 183 x(another)S
184 x(type.)S 3899 12395 XY(In)S 204 x(addition)S 204 x(to)S 204 x(providing)S
204 x(means)S 204 x(for)S 205 x(names)S 204 x(to)S 204 x(be)S 203 x
(tagged)S 204 x(with)S 204 x(types,)S 209 x(this)S 204 x(speci\211cat)S
2 x(ion)S 203 x(de\211nes)S 204 x(primit)S 2 x(ives)S 3899 X 647 y(to)S
247 x(support)S 248 x(a)S 247 x(level)S 248 x(of)S 248 x(naming)S 248 x
(environment)S 248 x(independe)S 2 x(nce)S 247 x(for)S 248 x(certa)S
2 x(in)S 247 x(calling)S 248 x(applic)S 2 x(ations.)S 437 x(T)S -38 x
(o)S 246 x(provide)S 3899 X 648 y(basic)S 248 x(servic)S 2 x(es)S -181 y
F86(4)S 273 x 181 y F74(oriented)S 249 x(towards)S 248 x(the)S 248 x
(requirem)S 2 x(ents)S 248 x(of)S 247 x(call)S 2 x(ers)S 248 x(which)S
247 x(need)S 248 x(not)S 248 x(themselve)S 2 x(s)S 247 x(inter)S 2 x
(pret)S 248 x(the)S 3899 X 648 y(interna)S 2 x(l)S 191 x(syntax)S 192 x
(and)S 192 x(semantic)S 2 x(s)S 191 x(of)S 192 x(names,)S 194 x(GSS-API)S
191 x(calls)S 193 x(for)S 192 x(name)S 192 x(compari)S 2 x(son)S 191 x
(\(GSS_Compare_nam)S 2 x(e)S(\()S 84 x(\))S(\),)S 3899 X 647 y(human-re)S
2 x(adable)S 230 x(display)S 230 x(\(GSS_Display_name)S(\()S 85 x(\))S
(\),)S 241 x(input)S 230 x(conversi)S 2 x(on)S 229 x(\(GSS_Import_name)S
2 x(\()S 83 x(\))S(\),)S 242 x(and)S 229 x(inter)S 2 x(nal)S 3899 X
648 y(name)S 183 x(deall)S 2 x(ocation)S 183 x(\(GSS_Releas)S 2 x(e_name)S
(\()S 84 x(\))S(\))S 184 x(functions)S 184 x(are)S 184 x(de\211ned.)S
3899 16629 XY(GSS_Import_name)S(\()S 85 x(\))S 221 x(implem)S 2 x(entations)S
222 x(can,)S 231 x(where)S 222 x(appropriat)S 2 x(e,)S 231 x(support)S
221 x(more)S 222 x(than)S 222 x(one)S 221 x(printabl)S 2 x(e)S 221 x
(syntax)S 3899 X 648 y(corres)S 2 x(ponding)S 196 x(to)S 196 x(a)S 197 x
(given)S 196 x(namespac)S 2 x(e)S 196 x(\(e.g.,)S 200 x(alter)S 2 x
(native)S 197 x(printabl)S 2 x(e)S 196 x(repre)S 2 x(sentations)S 197 x
(for)S 197 x(X.500)S 196 x(Distinguished)S 3899 X 647 y(Names\),)S 192 x
(allowing)S 190 x(\212exibilit)S 2 x(y)S 189 x(for)S 190 x(their)S 191 x
(caller)S 2 x(s)S 189 x(to)S 190 x(select)S 191 x(among)S 190 x(alter)S
2 x(native)S 190 x(repre)S 2 x(sentations.)S 265 x(GSS_D)S -2 x(ispla)S
2 x(y_)S 3899 X 648 y(name)S(\()S 84 x(\))S 212 x(impleme)S 2 x(ntations)S
212 x(output)S 212 x(a)S 211 x(printabl)S 2 x(e)S 211 x(syntax)S 212 x
(select)S 2 x(ed)S 211 x(as)S 211 x(appropr)S 2 x(iate)S 212 x(to)S
211 x(their)S 213 x(operationa)S 2 x(l)S 211 x(environ-)S 3899 X 647 y
(ments;)S 220 x(this)S 208 x(select)S 2 x(ion)S 207 x(is)S 207 x(a)S
208 x(local)S 208 x(matter)S -28 x(.)S 316 x(Call)S 2 x(ers)S 208 x
(desiring)S 208 x(portabil)S 2 x(ity)S 207 x(across)S 209 x(alterna)S
2 x(tive)S 207 x(printa)S 2 x(ble)S 207 x(syntaxes)S 3899 X 648 y(should)S
213 x(refr)S 2 x(ain)S 213 x(from)S 214 x(imple)S 2 x(menting)S 214 x
(comparisons)S 214 x(based)S 214 x(on)S 213 x(printable)S 215 x(name)S
213 x(forms)S 214 x(and)S 214 x(should)S 213 x(instead)S 214 x(use)S
3899 X 647 y(the)S 183 x(GSS_Compare_name)S 2 x(\()S 83 x(\))S 183 x
(call)S 184 x(to)S 183 x(determ)S 2 x(ine)S 183 x(whether)S 183 x(or)S
184 x(not)S 183 x(one)S 182 x(inter)S 2 x(nal-for)S 2 x(mat)S 183 x
(name)S 184 x(matches)S 184 x(another)S -29 x(.)S 3899 21909 XY F32
(1.1.6)S 547 x(Channel)S 182 x(Bindings)S 3899 X 897 y F74(The)S 188 x
(GSS-AP)S -2 x(I)S 188 x(accomm)S 2 x(odates)S 188 x(the)S 189 x(concept)S
188 x(of)S 188 x(call)S 2 x(er)S -10 x(-provided)S 189 x(channel)S 188 x
(binding)S 188 x(\("chan_bindi)S 2 x(ng"\))S 187 x(inform)S 2 x(a-)S
3899 X 647 y(tion,)S 189 x(used)S 188 x(by)S 187 x(GSS-API)S 187 x(calle)S
2 x(rs)S 188 x(to)S 187 x(bind)S 188 x(the)S 188 x(establ)S 2 x(ishment)S
188 x(of)S 188 x(a)S 188 x(securi)S 2 x(ty)S 187 x(context)S 189 x(to)S
188 x(relevant)S 189 x(chara)S 2 x(cterist)S 2 x(ics)S 3899 X 648 y
(\(e.g.,)S 158 x(addresses)S 2 x(,)S 157 x(transf)S 2 x(ormed)S 152 x
(represe)S 2 x(ntations)S 152 x(of)S 151 x(encrypt)S 2 x(ion)S 151 x
(keys\))S 152 x(of)S 151 x(the)S 152 x(underlying)S 152 x(communica)S
2 x(tions)S 151 x(chan-)S 3899 X 648 y(nel)S 197 x(and)S 197 x(of)S
197 x(prote)S 2 x(ction)S 197 x(mechani)S 2 x(sms)S 197 x(applied)S
198 x(to)S 197 x(that)S 198 x(communicat)S 2 x(ions)S 197 x(channel.)S
287 x(V)S -61 x(eri\211cati)S 2 x(on)S 196 x(by)S 197 x(one)S 197 x
(peer)S 198 x(of)S 3899 X 647 y(chan_binding)S 163 x(inform)S 2 x(ation)S
163 x(provided)S 163 x(by)S 162 x(the)S 163 x(other)S 163 x(peer)S 164 x
(to)S 162 x(a)S 163 x(context)S 163 x(serves)S 164 x(to)S 162 x(protect)S
164 x(against)S 164 x(various)S 163 x(active)S 3899 X 648 y(attacks)S
2 x(.)S 288 x(The)S 198 x(calle)S 2 x(r)S 198 x(initiat)S 2 x(ing)S
198 x(a)S 198 x(securit)S 2 x(y)S 197 x(context)S 199 x(must)S 199 x
(determi)S 2 x(ne)S 198 x(the)S 198 x(chan_binding)S 199 x(values)S
198 x(befor)S 2 x(e)S 198 x(making)S 3899 X 647 y(the)S 239 x(GSS_Init_sec_conte)S
2 x(xt)S(\()S 83 x(\))S 239 x(call)S 2 x(,)S 252 x(and)S 239 x(consistent)S
240 x(values)S 240 x(must)S 239 x(be)S 239 x(provided)S 240 x(by)S 238 x
(both)S 239 x(peers)S 240 x(to)S 238 x(a)S 239 x(context.)S 3899 X 648 y
(Calle)S 2 x(rs)S 243 x(should)S 244 x(not)S 243 x(assume)S 245 x(that)S
244 x(underlying)S 244 x(mecha)S 2 x(nisms)S 244 x(provide)S 244 x(con\211dentiali)S
2 x(ty)S 243 x(protect)S 2 x(ion)S 243 x(for)S 244 x(channel)S 3899 X
647 y(binding)S 183 x(inform)S 2 x(ation.)S 3899 28983 XY(Use)S 237 x
(or)S 238 x(non-use)S 238 x(of)S 238 x(the)S 238 x(GSS-AP)S -2 x(I)S
238 x(channel)S 239 x(binding)S 237 x(fac)S 2 x(ility)S 238 x(is)S 238 x
(a)S 238 x(caller)S 239 x(option,)S 251 x(and)S 238 x(GSS-API)S 236 x
(supporti)S 2 x(ng)S 3899 X 647 y(mechanism)S 2 x(s)S 260 x(can)S 260 x
(support)S 261 x(operati)S 2 x(on)S 260 x(in)S 260 x(an)S 260 x(environme)S
2 x(nt)S 260 x(where)S 260 x(NULL)S 259 x(channel)S 261 x(bindings)S
261 x(are)S 261 x(presented.)S 3899 X 648 y(When)S 192 x(non-NULL)S
190 x(channel)S 193 x(bindings)S 192 x(are)S 192 x(used,)S 194 x(cer)S
2 x(tain)S 192 x(mechanism)S 2 x(s)S 191 x(will)S 192 x(of)S -9 x(fer)S
193 x(enhanced)S 192 x(securi)S 2 x(ty)S 191 x(value)S 193 x(by)S 3899 X
647 y(interpr)S 2 x(eting)S 148 x(the)S 148 x(bindings')S 149 x(content)S
149 x(\(rathe)S 2 x(r)S 148 x(than)S 148 x(simply)S 148 x(repre)S 2 x
(senting)S 148 x(those)S 149 x(bindings,)S 155 x(or)S 148 x(signature)S
2 x(s)S 147 x(computed)S 3899 X 648 y(on)S 197 x(them,)S 202 x(within)S
199 x(tokens\))S 198 x(and)S 198 x(will)S 198 x(theref)S 2 x(ore)S 198 x
(depend)S 198 x(on)S 198 x(presentat)S 2 x(ion)S 197 x(of)S 198 x(speci\211c)S
199 x(data)S 198 x(in)S 198 x(a)S 198 x(de\211ned)S 198 x(format.)S
3899 X 648 y(T)S -39 x(o)S 200 x(this)S 201 x(end,)S 204 x(agreeme)S
2 x(nts)S 200 x(among)S 200 x(mechanis)S 2 x(m)S 200 x(implement)S 2 x
(ors)S 200 x(are)S 201 x(de\211ning)S -181 y F86(5)S 225 x 181 y F74
(conventional)S 201 x(inter)S 2 x(pretati)S 2 x(ons)S 200 x(for)S 3899 X
647 y(the)S 267 x(contents)S 268 x(of)S 267 x(channel)S 267 x(binding)S
267 x(ar)S -9 x(guments,)S 289 x(including)S 267 x(address)S 268 x(speci\211ers)S
268 x(\(with)S 267 x(content)S 268 x(dependent)S 268 x(on)S 3899 33954 XY
6996 24 R 4123 34302 XY F90(4)S 225 x 141 y F86(It)S 131 x(is)S 131 x
(anticipated)S 132 x(that)S 131 x(these)S 132 x(proposed)S 133 x(GSS-)S
-2 x(API)S 131 x(calls)S 131 x(will)S 131 x(be)S 132 x(implemented)S
132 x(in)S 132 x(many)S 132 x(end)S 132 x(systems)S 132 x(based)S 132 x
(on)S 132 x(system-speci\211c)S 131 x(name)S 132 x(manipulation)S 4497 X
448 y(primitives)S 129 x(already)S 130 x(extant)S 129 x(within)S 130 x
(those)S 130 x(end)S 130 x(systems;)S 131 x(inclusion)S 130 x(within)S
130 x(the)S 130 x(GSS-)S -2 x(API)S 129 x(is)S 130 x(intended)S 130 x
(to)S 130 x(of)S -7 x(fer)S 129 x(GSS-AP)S -2 x(I)S 130 x(callers)S
129 x(a)S 130 x(portable)S 129 x(means)S 130 x(to)S 4497 X 448 y(perform)S
132 x(speci\211c)S 132 x(operations,)S 133 x(supportive)S 133 x(of)S
133 x(authorization)S 133 x(and)S 133 x(audit)S 133 x(requirements,)S
132 x(on)S 133 x(authenticated)S 133 x(names.)S 4123 X 399 y F90(5)S
225 x 141 y F86(These)S 133 x(conventions)S 134 x(are)S 132 x(being)S
134 x(incorporated)S 133 x(into)S 132 x(related)S 133 x(documents.)S
23085 37554 XY F36(1)S -27 x(1\203June\2031991)S 498 x(5)S
%%EndCustomColor: 0
5 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 6 6
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(communica)S 2 x(tions)S 157 x(protocol)S
159 x(environment\))S 159 x(for)S 158 x(context)S 158 x(initia)S 2 x
(tors)S 157 x(and)S 158 x(acceptor)S 2 x(s.)S 235 x(In)S 157 x(order)S
158 x(for)S 158 x(GSS-API)S 156 x(call)S 2 x(ers)S 3899 X 648 y(to)S
157 x(be)S 156 x(portabl)S 2 x(e)S 156 x(acros)S 2 x(s)S 156 x(multipl)S
2 x(e)S 157 x(mechanisms)S 158 x(and)S 157 x(achieve)S 158 x(the)S 157 x
(full)S 157 x(securi)S 2 x(ty)S 156 x(functi)S 2 x(onality)S 157 x(avail)S
2 x(able)S 157 x(from)S 158 x(each)S 3899 X 648 y(mechanism)S 2 x(,)S
199 x(it)S 197 x(is)S 196 x(strongly)S 197 x(recom)S 2 x(mended)S 197 x
(that)S 196 x(GSS-API)S 196 x(caller)S 2 x(s)S 196 x(provide)S 197 x
(channel)S 197 x(bindings)S 196 x(consist)S 2 x(ent)S 196 x(with)S 3899 X
647 y(these)S 184 x(conventions)S 183 x(and)S 183 x(those)S 184 x(of)S
183 x(the)S 183 x(networking)S 184 x(environment)S 184 x(in)S 183 x
(which)S 183 x(they)S 183 x(operate)S 2 x(.)S 3899 7414 XY F32(1.2)S
547 x(GSS)S 2 x(-API)S 183 x(Features)S 182 x(and)S 182 x(Issues)S 3899 8410 XY
F74(This)S 269 x(section)S 270 x(describes)S 270 x(aspect)S 2 x(s)S
268 x(of)S 269 x(GSS-API)S 268 x(operati)S 2 x(ons,)S 290 x(of)S 269 x
(the)S 269 x(securi)S 2 x(ty)S 269 x(services)S 270 x(which)S 269 x
(the)S 269 x(GSS-API)S 3899 X 647 y(provides,)S 184 x(and)S 183 x(provides)S
183 x(comment)S 2 x(ary)S 183 x(on)S 183 x(design)S 183 x(issues.)S
3899 10452 XY F32(1.2.1)S 547 x(Stat)S 2 x(us)S 182 x(Repo)S -2 x(rting)S
3899 X 897 y F74(Each)S 286 x(GSS-API)S 285 x(call)S 287 x(provides)S
287 x(two)S 285 x(status)S 287 x(retur)S 2 x(n)S 286 x(values.)S 553 x
(Major)S 2 x(_status)S 287 x(values)S 286 x(provide)S 287 x(a)S 286 x
(mechani)S 2 x(sm-)S 3899 X 647 y(independent)S 308 x(indicat)S 2 x
(ion)S 307 x(of)S 307 x(call)S 308 x(status)S 308 x(\(e.g.,)S 339 x
(GSS_COMPLE)S -2 x(TE,)S 307 x(GSS_F)S -42 x(AILURE,)S 307 x(GSS_)S
-2 x(CONTINUE_)S 3899 X 648 y(NEEDE)S -2 x(D\),)S 274 x(suf)S -10 x
(\211cient)S 274 x(to)S 274 x(drive)S 274 x(normal)S 274 x(control)S
275 x(\212ow)S 272 x(within)S 274 x(the)S 273 x(call)S 2 x(er)S 274 x
(in)S 273 x(a)S 273 x(generi)S 2 x(c)S 273 x(fashion.)S 516 x(T)S -38 x
(able)S 273 x(1)S 3899 X 648 y(summari)S 2 x(zes)S 183 x(the)S 183 x
(de\211ned)S 183 x(major_s)S 2 x(tatus)S 183 x(retur)S 2 x(n)S 182 x
(codes)S 184 x(in)S 183 x(tabular)S 184 x(fashion.)S 3899 14487 XY 23316 48 R
3899 15135 XY F32(T)S -41 x(able)S 182 x(1:)S 498 x(GSS)S 2 x(-API)S
183 x(Major)S 183 x(Status)S 183 x(Codes)S 3899 X 298 y 23316 48 R 3899 16131 XY
F38(F)S -25 x(A)S -33 x(T)S -33 x(AL)S 149 x(ERROR)S 149 x(CODES)S 3899 X
697 y(GSS_BAD_BINDIN)S -2 x(GS)S 13513 X(channel)S 150 x(binding)S 150 x
(mismatch)S 3899 X 698 y(GSS_BAD_MECH)S 13513 X(unsuppo)S 2 x(rted)S
149 x(mech)S 2 x(anism)S 150 x(requested)S 3899 X 697 y(GSS_BAD_NAME)S
13513 X(invalid)S 149 x(name)S 150 x(provided)S 3899 X 697 y(GSS_BAD_NAMETYPE)S
13513 X(name)S 150 x(of)S 150 x(unsuppo)S 2 x(rted)S 149 x(type)S 150 x
(provided)S 3899 X 698 y(GSS_BAD_ST)S -33 x(A)S -33 x(TUS)S 13513 X
(invalid)S 149 x(input)S 149 x(status)S 150 x(selector)S 3899 X 697 y
(GSS_BAD_SIG)S 13513 X(token)S 150 x(had)S 150 x(invalid)S 149 x(signature)S
3899 X 698 y(GSS_CONTEXT_EXPIRED)S 13513 X(speci\211ed)S 150 x(security)S
150 x(context)S 150 x(expired)S 3899 X 697 y(GSS_CREDENTI)S -2 x(ALS_EXPIRED)S
13513 X(expired)S 150 x(crede)S 2 x(ntials)S 148 x(detected)S 3899 X
697 y(GSS_DEFECTIVE_CRED)S -2 x(ENTIAL)S 13513 X(defective)S 149 x(crede)S
2 x(ntial)S 148 x(detected)S 3899 X 698 y(GSS_DEFECTIVE_T)S -9 x(OKEN)S
13513 X(defective)S 149 x(token)S 150 x(detected)S 3899 X 697 y(GSS_F)S
-25 x(AILURE)S 13513 X(failure,)S 149 x(unspeci\211ed)S 151 x(at)S 149 x
(GSS-API)S 149 x(level)S 3899 X 697 y(GSS_NO_CONTEXT)S 13513 X(no)S
150 x(valid)S 149 x(security)S 150 x(context)S 150 x(speci\211ed)S 3899 X
698 y(GSS_NO_CRED)S 13513 X(no)S 150 x(valid)S 149 x(credentials)S 150 x
(provided)S 3899 X 697 y(INFORMA)S -34 x(T)S -8 x(OR)S -9 x(Y)S 150 x
(ST)S -34 x(A)S -33 x(TUS)S 149 x(CODES)S 3899 X 698 y(GSS_COMPLETE)S
13513 X(normal)S 150 x(completion)S 3899 X 697 y(GSS_CONTIN)S -2 x(UE_NEEDED)S
13513 X(continuation)S 150 x(call)S 148 x(to)S 150 x(routine)S 150 x
(required)S 3899 X 697 y(GSS_DUPLICA)S -34 x(TE_T)S -8 x(OKEN)S 13513 X
(duplicate)S 149 x(per-)S 2 x(message)S 151 x(token)S 150 x(detected)S
3899 X 698 y(GSS_OLD_T)S -8 x(OKEN)S 13513 X(timed-out)S 150 x(per-me)S
2 x(ssage)S 150 x(token)S 150 x(detected)S 3899 X 697 y(GSS_UNSEQ_T)S
-9 x(OKEN)S 13513 X(out-of-orde)S 2 x(r)S 149 x(per-m)S 2 x(essage)S
151 x(token)S 150 x(detected)S 3899 X 399 y 23316 48 R 3899 30876 XY
F74(Minor_stat)S 2 x(us)S 206 x(provides)S 207 x(more)S 206 x(detai)S
2 x(led)S 206 x(status)S 207 x(inform)S 2 x(ation)S 206 x(which)S 206 x
(may)S 207 x(include)S 207 x(status)S 207 x(codes)S 206 x(speci\211c)S
207 x(to)S 206 x(the)S 3899 X 647 y(underlying)S 184 x(securit)S 2 x
(y)S 182 x(mechani)S 2 x(sm.)S 244 x(Minor_stat)S 2 x(us)S 182 x(values)S
184 x(are)S 184 x(not)S 183 x(speci\211ed)S 183 x(in)S 183 x(this)S
184 x(document.)S 3899 32519 XY(GSS_CON)S -2 x(TINUE_NEEDE)S -2 x(D)S
179 x(major_s)S 2 x(tatus)S 180 x(returns,)S 181 x(and)S 180 x(optional)S
180 x(message)S 180 x(outputs,)S 181 x(are)S 180 x(provided)S 180 x
(in)S 180 x(GSS)S -2 x(_)S 3899 X 648 y(Init_sec)S 2 x(_context)S(\()S
84 x(\))S 130 x(and)S 130 x(GSS_A)S -2 x(ccept_se)S 2 x(c_context)S
(\()S 85 x(\))S 129 x(call)S 2 x(s)S 129 x(so)S 130 x(that)S 130 x(invocations)S
131 x(of)S 130 x(multiple)S 131 x(message)S 131 x(preamble)S 3899 X
648 y(transac)S 2 x(tions)S 204 x(\(as)S 205 x(are)S 205 x(required,)S
210 x(for)S 205 x(example,)S 210 x(to)S 204 x(authent)S 2 x(icate)S
205 x(to)S 204 x(a)S 204 x(Kerberos)S 205 x(V5)S 203 x(double-TGT)S
204 x(service)S 2 x(\))S 204 x(need)S 3899 X 647 y(not)S 244 x(be)S
245 x(re\212ecte)S 2 x(d)S 244 x(in)S 244 x(separ)S 2 x(ate)S 245 x
(code)S 245 x(paths)S 245 x(within)S 244 x(call)S 2 x(ing)S 244 x(applica)S
2 x(tions.)S 429 x(The)S 244 x(same)S 246 x(mechanism)S 246 x(is)S 244 x
(used)S 245 x(to)S 3899 X 648 y(encapsulat)S 2 x(e)S 223 x(mutual)S
223 x(authenti)S 2 x(cation)S 224 x(within)S 223 x(the)S 223 x(GSS-AP)S
-2 x(I')S -29 x(s)S 223 x(context)S 224 x(initiat)S 2 x(ion)S 222 x
(call)S 2 x(s.)S 363 x(Figure)S 223 x(1)S 223 x(illustr)S 2 x(ates)S
223 x(a)S 3899 X 647 y(GSS-API)S 182 x(continuation)S 184 x(scenari)S
2 x(o.)S 3899 37373 XY F36(6)S 498 x(1)S -27 x(1\203June\2031991)S
%%EndCustomColor: 0
6 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%+ Helvetica
%%PageCustomColors: 0
%
%%Page: 7 7
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 4013 XY F32(Figure)S 182 x
(1:)S 498 x(Example)S 183 x(Context)S 182 x(Establishment)S 183 x(with)S
183 x(Continuation)S
3899 4731 XY
3899 19675 SPB
%%BeginDocument (api_retry_fig.ps)
%!PS-Adobe-2.0 EPSF-1.2
%%Creator: DDIF WRITE_PS V02-001, Digital Equipment Corporation
%%CreationDate: 11-Sep-1990 10:45:14
%%DDIF$: V1.0
%%DDIF$ProductIdentifier: Write$
%%DDIF$ProductName: DECwrite V1.0
%%DDIF$Date: 19900911104505
%%BoundingBox: (at end)
%%Pages: (at end)
%%DocumentFonts: (at end)
%%DocumentNeededFonts: (at end)
%%EndComments
%%BeginProcSet: DEC_DDIF_WRITE_PS 1 1
/DEC_DDIF_WRITE_PS_dict 100 dict def DEC_DDIF_WRITE_PS_dict begin/version 1 def/revision 1 def/B{currentdict{dup type/arraytype eq{
bind def}{pop pop}ifelse}forall}def/I{0 setlinewidth 0 setlinecap 0 setlinejoin[]0 setdash 0 setgray 10 setmiterlimit}def mark
/ISOLatin1Encoding 0 1 44{StandardEncoding exch get}for/minus 46 1 143{StandardEncoding exch get}for/dotlessi 193 1 207{
StandardEncoding exch get}for/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine
/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered
/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde
/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute
/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex
/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute
/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis/ISOLatin1Encoding where not{
256 array astore def}if cleartomark/F{currentdict 6 index known{pop pop pop pop pop pop}{FontDirectory 2 index known{pop findfont}{2
index findfont dup maxlength dict begin{1 index/FID ne{def}{pop pop}ifelse}forall dup type/nulltype eq{pop}{/Encoding exch def}
ifelse dup/FontName exch def currentdict definefont end}ifelse exch pop exch dup type/arraytype eq{makefont}{scalefont}ifelse 1
index exch def cvx[exch/setfont load]cvx bind def}ifelse}def/P{/px exch def/pa 8 array def 0 1 7{/py exch def/pw 4 string def 0 1 3
{pw exch px py 1 getinterval putinterval}for pa py pw put}for}def/p{save exch/pi exch def clip newpath{clippath pathbbox}stopped not
{/ph exch def/pw exch def/py exch def/px exch def/px px 30.72 div floor 30.72 mul def/py py 30.72 div floor 30.72 mul def px py
translate/pw pw px sub 30.72 div floor 1 add cvi def/ph ph py sub 30.72 div floor 1 add cvi def pw 30.72 mul ph 30.72 mul scale/pw
pw 32 mul def/ph ph 32 mul def/px 0 def/py 0 def pw ph pi[pw 0 0 ph 0 0]{pa py get/px px 32 add def px pw ge{/px 0 def/py py 1 add
8 mod def}if}pi type/booleantype eq{imagemask}{image}ifelse}if restore}def/SN{transform floor .5 add exch floor .5 add exch
itransform}def end
%%EndProcSet
%%EndProlog
%%BeginSetup
DEC_DDIF_WRITE_PS_dict begin/world-save save def B I
%%EndSetup
%%Page: ? 1
%%PageBoundingBox: 0 0 612 792
%%PageFonts: Times-Roman
%%IncludeFont: Times-Roman
/f2/F2 12/Times-Roman/DDIF$F2 ISOLatin1Encoding F/page-save save def gsave newpath 0 792 SN moveto 0 0 SN lineto 612 0 SN lineto 612
792 SN lineto closepath clip newpath 19.15 282.74 SN moveto 199.13 282.74 SN lineto 199.13 237.29 SN lineto 19.15 237.29 SN lineto
closepath 1 setlinewidth[]0 setdash stroke newpath 271.12 282.74 SN moveto 451.1 282.74 SN lineto 451.1 237.29 SN lineto 271.12
237.29 SN lineto closepath stroke newpath 19.15 191.87 SN moveto 199.13 191.87 SN lineto 199.13 146.44 SN lineto 19.15 146.44 SN
lineto closepath stroke newpath 271.12 191.87 SN moveto 451.1 191.87 SN lineto 451.1 146.44 SN lineto 271.12 146.44 SN lineto
closepath stroke newpath 19.15 101 SN moveto 199.13 101 SN lineto 199.13 55.58 SN lineto 19.15 55.58 SN lineto closepath stroke
newpath 271.12 101 SN moveto 451.1 101 SN lineto 451.1 55.58 SN lineto 271.12 55.58 SN lineto closepath stroke f2 63 256.85 moveto
(GSS_Acquire_cred\(\))show 324 255.72 moveto(GSS_Acquire_cred\(\))show 54 167.57 moveto(GSS_Init_sec_context\(\))show 46.77 73.98
moveto(GSS_Init_sec_context\(\))show 297 167.57 moveto(GSS_Accept_sec_context\(\))show 297 73.98 moveto(GSS_Accept_sec_context\(\))
show newpath 208.13 169.15 SN moveto 262.12 169.15 SN lineto 253.12 163.48 SN lineto 253.12 174.84 SN lineto 262.12 169.15 SN lineto
stroke newpath 208.13 78.29 SN moveto 262.12 78.29 SN lineto 253.12 72.6 SN lineto 253.12 83.96 SN lineto 262.12 78.29 SN lineto
stroke newpath 100.15 231.62 SN moveto 100.15 197.55 SN lineto 109.14 203.22 SN lineto 91.15 203.22 SN lineto 100.15 197.55 SN
lineto stroke newpath 361.11 231.62 SN moveto 361.11 197.55 SN lineto 370.11 203.22 SN lineto 352.11 203.22 SN lineto 361.11 197.55
SN lineto stroke newpath 81 140.77 SN moveto 81 106.67 SN lineto 89.99 112.36 SN lineto 72 112.36 SN lineto 81 106.67 SN lineto
stroke newpath 333 140.77 SN moveto 333 106.67 SN lineto 342 112.36 SN lineto 324 112.36 SN lineto 333 106.67 SN lineto stroke
newpath 361.11 49.89 SN moveto 361.11 15.82 SN lineto 370.11 21.51 SN lineto 352.11 21.51 SN lineto 361.11 15.82 SN lineto stroke
newpath 100.15 49.89 SN moveto 100.15 15.82 SN lineto 109.14 21.51 SN lineto 91.15 21.51 SN lineto 100.15 15.82 SN lineto stroke
newpath 262.12 140.77 SN moveto 208.13 106.67 SN lineto 208.13 112.36 SN lineto 217.13 106.67 SN lineto 208.13 106.67 SN lineto
stroke 109.14 212.99 moveto(credentials)show 370.11 212.99 moveto(credentials)show 217.13 178.92 moveto(token)show 217.13 88.06
moveto(token)show 244.13 116.44 moveto(token)show 90 128.88 moveto(GSS_CONTINUE_NEEDED,)show 99 114.5 moveto(context handle)show
342 128.88 moveto(GSS_CONTINUE_NEEDED,)show 351 114.5 moveto(context handle)show 9 200.88 moveto(target name)show 107.77 38.88
moveto(GSS_COMPLETE)show 370.11 42.62 moveto(GSS_COMPLETE,)show 370.11 29.88 moveto(source name)show 55.14 2.88 moveto
(Established context)show 314.33 5.84 moveto(Established context)show grestore page-save restore showpage
%%Trailer
world-save restore end
%%BoundingBox: 0 0 612 792
%%Pages: 1
%%DocumentFonts: Times-Roman
%%DocumentNeededFonts: Times-Roman
% End-of-file
%%EndDocument
SPE
3899 21247 XY F74(For)S 140 x(mech_types)S 142 x(which)S 140 x(requir)S
2 x(e)S 140 x(intera)S 2 x(ctions)S 141 x(with)S 140 x(third-)S 2 x
(party)S 141 x(server)S 2 x(s)S 140 x(in)S 140 x(order)S 142 x(to)S
140 x(establi)S 2 x(sh)S 140 x(a)S 140 x(secur)S 2 x(ity)S 140 x(context,)S
3899 X 647 y(GSS-API)S 164 x(context)S 166 x(establi)S 2 x(shment)S
165 x(call)S 2 x(s)S 165 x(may)S 165 x(block)S 166 x(pending)S 165 x
(completi)S 2 x(on)S 165 x(of)S 165 x(such)S 165 x(third-)S 2 x(party)S
166 x(interac)S 2 x(tions.)S 238 x(On)S 3899 X 648 y(the)S 152 x(other)S
152 x(hand,)S 158 x(no)S 151 x(GSS-API)S 150 x(call)S 2 x(s)S 151 x
(pend)S 152 x(on)S 151 x(serial)S 2 x(ized)S 152 x(intera)S 2 x(ctions)S
152 x(with)S 151 x(GSS-API)S 151 x(peer)S 152 x(entiti)S 2 x(es.)S 233 x
(As)S 151 x(a)S 152 x(result,)S 3899 X 647 y(local)S 148 x(GSS-API)S
146 x(status)S 149 x(returns)S 148 x(cannot)S 148 x(re\212ect)S 149 x
(unpredictabl)S 2 x(e)S 147 x(or)S 148 x(asynchronous)S 148 x(exceptions)S
148 x(occurr)S 2 x(ing)S 147 x(at)S 148 x(remote)S 3899 X 648 y(peers,)S
184 x(and)S 183 x(re\212ection)S 184 x(of)S 183 x(such)S 183 x(status)S
184 x(informa)S 2 x(tion)S 183 x(is)S 183 x(a)S 183 x(caller)S 185 x
(responsibili)S 2 x(ty)S 183 x(outside)S 183 x(the)S 184 x(GSS-AP)S
-2 x(I.)S 3899 25232 XY F32(1.2.2)S 547 x(Per-M)S 2 x(essa)S -2 x(ge)S
182 x(Security)S 183 x(Service)S 182 x(A)S -20 x(vailability)S 3899 X
896 y F74(When)S 142 x(a)S 142 x(context)S 143 x(is)S 143 x(establis)S
2 x(hed,)S 150 x(two)S 142 x(\212ags)S 142 x(are)S 142 x(ret)S 2 x(urned)S
142 x(to)S 142 x(indicat)S 2 x(e)S 142 x(the)S 142 x(set)S 143 x(of)S
142 x(per)S -10 x(-messa)S 2 x(ge)S 142 x(protect)S 2 x(ion)S 142 x
(security)S 3899 X 648 y(service)S 2 x(s)S 182 x(which)S 183 x(will)S
184 x(be)S 182 x(avail)S 2 x(able)S 183 x(on)S 183 x(the)S 183 x(context:)S
3899 X 896 y(\201)S 854 x(the)S 197 x(integ_avai)S 2 x(l)S 196 x(\212ag)S
197 x(indicates)S 198 x(whether)S 197 x(per)S -10 x(-message)S 198 x
(integri)S 2 x(ty)S 196 x(and)S 197 x(data)S 197 x(origin)S 198 x(authentica)S
2 x(tion)S 197 x(services)S 4945 X 648 y(are)S 184 x(available)S 3899 X
897 y(\201)S 854 x(the)S 241 x(conf_ava)S 2 x(il)S 241 x(\212ag)S 241 x
(indicates)S 242 x(whether)S 242 x(per)S -10 x(-message)S 242 x(con\211dential)S
2 x(ity)S 241 x(servic)S 2 x(es)S 241 x(are)S 242 x(available)S 2 x
(,)S 255 x(and)S 241 x(will)S 4945 X 647 y(never)S 184 x(be)S 182 x
(ret)S 2 x(urned)S 183 x(TRUE)S 182 x(unless)S 184 x(the)S 183 x(integ_avai)S
2 x(l)S 183 x(\212ag)S 182 x(is)S 183 x(also)S 184 x(returne)S 2 x(d)S
182 x(TRUE)S 3899 30960 XY(GSS-API)S 169 x(call)S 2 x(ers)S 171 x(desiring)S
172 x(per)S -11 x(-mes)S 2 x(sage)S 171 x(security)S 172 x(services)S
172 x(should)S 171 x(check)S 171 x(the)S 171 x(values)S 171 x(of)S 171 x
(these)S 171 x(\212ags)S 170 x(at)S 171 x(context)S 3899 X 648 y(establi)S
2 x(shment)S 146 x(time,)S 154 x(and)S 145 x(must)S 146 x(be)S 145 x
(aware)S 146 x(that)S 146 x(a)S 146 x(returne)S 2 x(d)S 145 x(F)S -41 x
(ALSE)S 144 x(value)S 146 x(for)S 146 x(integ_avail)S 147 x(means)S
146 x(that)S 146 x(invocati)S 2 x(on)S 3899 X 647 y(of)S 139 x(GSS_Sign)S
(\()S 83 x(\))S 139 x(or)S 140 x(GSS_Seal)S(\()S 83 x(\))S 140 x(primiti)S
2 x(ves)S 139 x(on)S 139 x(the)S 140 x(associa)S 2 x(ted)S 139 x(context)S
141 x(will)S 139 x(apply)S 140 x(no)S 139 x(cryptogr)S 2 x(aphic)S 140 x
(protecti)S 2 x(on)S 3899 X 648 y(to)S 183 x(user)S 183 x(data)S 184 x
(messages.)S 23085 37373 XY F36(1)S -27 x(1\203June\2031991)S 498 x
(7)S
%%EndCustomColor: 0
7 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 8 8
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 4013 XY F32(1.2.3)S 547 x(Per-M)S 2 x(essa)S -2 x(ge)S
182 x(Replay)S 182 x(Detection)S 182 x(and)S 182 x(Sequencing)S 3899 X
896 y F74(Certa)S 2 x(in)S 202 x(underlying)S 204 x(mech_types)S 203 x
(are)S 203 x(expecte)S 2 x(d)S 202 x(to)S 202 x(of)S -9 x(fer)S 203 x
(support)S 203 x(for)S 203 x(repla)S 2 x(y)S 202 x(detection)S 204 x
(and/or)S 203 x(sequencing)S 203 x(of)S 3899 X 648 y(messages)S 225 x
(transf)S 2 x(erred)S 225 x(on)S 223 x(the)S 225 x(contexts)S 224 x
(they)S 225 x(support.)S 367 x(These)S 224 x(optionally-)S 2 x(select)S
2 x(able)S 224 x(protect)S 2 x(ion)S 224 x(feature)S 2 x(s)S 223 x(are)S
3899 X 647 y(distinct)S 240 x(from)S 239 x(repla)S 2 x(y)S 238 x(detecti)S
2 x(on)S 238 x(and)S 239 x(sequencing)S 239 x(featur)S 2 x(es)S 239 x
(applied)S 239 x(to)S 239 x(the)S 238 x(context)S 240 x(establi)S 2 x
(shment)S 239 x(operati)S 2 x(on)S 3899 X 648 y(itself)S 2 x(;)S 180 x
(the)S 180 x(presence)S 180 x(or)S 179 x(absence)S 180 x(of)S 179 x
(context)S 2 x(-level)S 180 x(replay)S 180 x(or)S 179 x(sequenci)S 2 x
(ng)S 178 x(feat)S 2 x(ures)S 179 x(is)S 180 x(wholly)S 179 x(a)S 179 x
(function)S 180 x(of)S 179 x(the)S 3899 X 648 y(underlying)S 184 x(mech_type')S
-29 x(s)S 183 x(capabil)S 2 x(ities,)S 184 x(and)S 183 x(is)S 183 x
(not)S 183 x(selecte)S 2 x(d)S 182 x(or)S 183 x(omitt)S 2 x(ed)S 183 x
(as)S 183 x(a)S 183 x(caller)S 184 x(option.)S 3899 8496 XY(The)S 260 x
(calle)S 2 x(r)S 260 x(initia)S 2 x(ting)S 260 x(a)S 261 x(context)S
261 x(provides)S 261 x(\212ags)S 260 x(\(repl)S 2 x(ay_det_req_\212ag)S
261 x(and)S 260 x(sequence)S 2 x(_req_\212ag\))S 261 x(to)S 260 x(specify)S
3899 X 647 y(whether)S 174 x(the)S 174 x(use)S 174 x(of)S 173 x(per)S
-10 x(-messa)S 2 x(ge)S 173 x(replay)S 175 x(detection)S 175 x(and)S
173 x(sequencing)S 175 x(feature)S 2 x(s)S 173 x(is)S 174 x(desired)S
175 x(on)S 173 x(the)S 174 x(context)S 174 x(being)S 3899 X 648 y(establi)S
2 x(shed.)S 292 x(The)S 199 x(GSS-AP)S -2 x(I)S 200 x(implement)S 2 x
(ation)S 199 x(at)S 200 x(the)S 199 x(initia)S 2 x(tor)S 199 x(system)S
200 x(can)S 200 x(determi)S 2 x(ne)S 199 x(whether)S 199 x(these)S 200 x
(feat)S 2 x(ures)S 3899 X 648 y(are)S 180 x(supporte)S 2 x(d)S 179 x
(\(and)S 180 x(whether)S 181 x(they)S 180 x(are)S 181 x(optionally)S
181 x(selecta)S 2 x(ble\))S 180 x(as)S 180 x(a)S 180 x(function)S 181 x
(of)S 180 x(mech_type,)S 181 x(without)S 180 x(need)S 181 x(for)S 3899 X
647 y(bilater)S 2 x(al)S 165 x(negotiat)S 2 x(ion)S 165 x(with)S 165 x
(the)S 165 x(tar)S -9 x(get.)S 239 x(When)S 165 x(enabled,)S 169 x(these)S
166 x(featur)S 2 x(es)S 165 x(provide)S 166 x(recipi)S 2 x(ents)S 165 x
(with)S 165 x(indicat)S 2 x(ors)S 165 x(as)S 165 x(a)S 3899 X 648 y
(result)S 185 x(of)S 184 x(GSS-API)S 183 x(process)S 2 x(ing)S 184 x
(of)S 184 x(incoming)S 185 x(messages,)S 185 x(identif)S 2 x(ying)S
184 x(whether)S 185 x(those)S 184 x(messages)S 185 x(were)S 185 x(detected)S
3899 X 647 y(as)S 231 x(duplica)S 2 x(tes)S 231 x(or)S 232 x(out-of-)S
2 x(sequence.)S 390 x(Detection)S 232 x(of)S 232 x(such)S 232 x(events)S
232 x(does)S 231 x(not)S 232 x(prevent)S 232 x(a)S 231 x(suspect)S 233 x
(message)S 232 x(from)S 3899 X 648 y(being)S 171 x(provided)S 171 x
(to)S 171 x(a)S 171 x(reci)S 2 x(pient;)S 175 x(the)S 172 x(appropriat)S
2 x(e)S 170 x(course)S 172 x(of)S 171 x(action)S 172 x(on)S 170 x(a)S
171 x(suspect)S 172 x(message)S 172 x(is)S 171 x(a)S 171 x(matter)S
172 x(of)S 171 x(call)S 2 x(er)S 3899 X 647 y(policy)S -35 x(.)S 3899 14673 XY
(The)S 196 x(semant)S 2 x(ics)S 197 x(of)S 197 x(the)S 197 x(replay)S
198 x(detecti)S 2 x(on)S 196 x(and)S 197 x(sequencing)S 197 x(servi)S
2 x(ces)S 197 x(applied)S 197 x(to)S 197 x(rece)S 2 x(ived)S 197 x(messages,)S
201 x(as)S 197 x(visible)S 3899 X 647 y(across)S 184 x(the)S 183 x(interf)S
2 x(ace)S 183 x(which)S 183 x(the)S 184 x(GSS)S -2 x(-API)S 183 x(provides)S
184 x(to)S 183 x(its)S 183 x(clie)S 2 x(nts,)S 183 x(are)S 183 x(as)S
184 x(follows:)S 3899 16316 XY(When)S 182 x(replay_det)S 2 x(_state)S
182 x(is)S 182 x(TRUE,)S 181 x(the)S 182 x(possible)S 182 x(major_s)S
2 x(tatus)S 182 x(returns)S 183 x(for)S 182 x(well-for)S 2 x(med)S 182 x
(and)S 181 x(corre)S 2 x(ctly)S 182 x(signed)S 3899 X 648 y(messages)S
184 x(are)S 184 x(as)S 183 x(follows:)S 3899 X 897 y F36(1.)S 631 x
F74(GSS_COMPLE)S -2 x(TE)S 203 x(indicates)S 204 x(that)S 204 x(the)S
203 x(message)S 204 x(was)S 203 x(within)S 203 x(the)S 203 x(window)S
203 x(\(of)S 203 x(time)S 204 x(or)S 203 x(sequence)S 204 x(space\))S
4945 X 647 y(allowing)S 126 x(replay)S 126 x(events)S 126 x(to)S 126 x
(be)S 125 x(detect)S 2 x(ed,)S 136 x(and)S 126 x(that)S 126 x(the)S
125 x(messa)S 2 x(ge)S 125 x(was)S 125 x(not)S 125 x(a)S 126 x(replay)S
126 x(of)S 126 x(a)S 125 x(previously-)S 2 x(processed)S 4945 X 648 y
(message)S 184 x(within)S 183 x(that)S 184 x(window)S -36 x(.)S 3899 X
896 y F36(2.)S 631 x F74(GSS_D)S -2 x(UPLICA)S -61 x(TE_T)S -10 x(OKEN)S
207 x(indicates)S 210 x(that)S 209 x(the)S 208 x(signatur)S 2 x(e)S
208 x(on)S 208 x(the)S 209 x(recei)S 2 x(ved)S 208 x(message)S 209 x
(was)S 209 x(correct)S 2 x(,)S 214 x(but)S 4945 X 648 y(that)S 184 x
(the)S 183 x(message)S 184 x(was)S 183 x(recognized)S 184 x(as)S 183 x
(a)S 183 x(duplicat)S 2 x(e)S 182 x(of)S 184 x(a)S 182 x(previ)S 2 x
(ously-proces)S 2 x(sed)S 183 x(message.)S 3899 X 897 y F36(3.)S 631 x
F74(GSS_O)S -2 x(LD_T)S -10 x(OKEN)S 203 x(indicates)S 206 x(that)S
205 x(the)S 205 x(signature)S 206 x(on)S 204 x(the)S 205 x(recei)S 2 x
(ved)S 204 x(message)S 206 x(was)S 204 x(corr)S 2 x(ect,)S 210 x(but)S
205 x(that)S 205 x(the)S 4945 X 647 y(message)S 184 x(is)S 183 x(too)S
183 x(old)S 183 x(to)S 183 x(be)S 183 x(checked)S 184 x(for)S 183 x
(duplicat)S 2 x(ion.)S 3899 23340 XY(When)S 207 x(sequence_st)S 2 x
(ate)S 207 x(is)S 207 x(TRUE,)S 207 x(the)S 207 x(possible)S 208 x(major_st)S
2 x(atus)S 207 x(returns)S 208 x(for)S 208 x(well-for)S 2 x(med)S 207 x
(and)S 207 x(correc)S 2 x(tly)S 207 x(signed)S 3899 X 648 y(messages)S
184 x(are)S 184 x(as)S 183 x(follows:)S 3899 X 896 y F36(1.)S 631 x
F74(GSS_COMPLE)S -2 x(TE)S 203 x(indicates)S 204 x(that)S 204 x(the)S
203 x(message)S 204 x(was)S 203 x(within)S 203 x(the)S 203 x(window)S
203 x(\(of)S 203 x(time)S 204 x(or)S 203 x(sequence)S 204 x(space\))S
4945 X 648 y(allowing)S 126 x(replay)S 126 x(events)S 126 x(to)S 126 x
(be)S 125 x(detect)S 2 x(ed,)S 136 x(and)S 126 x(that)S 126 x(the)S
125 x(messa)S 2 x(ge)S 125 x(was)S 125 x(not)S 125 x(a)S 126 x(replay)S
126 x(of)S 126 x(a)S 125 x(previously-)S 2 x(processed)S 4945 X 647 y
(message)S 184 x(within)S 183 x(that)S 184 x(window)S -36 x(.)S 3899 X
897 y F36(2.)S 631 x F74(GSS_D)S -2 x(UPLICA)S -61 x(TE_T)S -10 x(OKEN)S
207 x(indicates)S 210 x(that)S 209 x(the)S 208 x(signatur)S 2 x(e)S
208 x(on)S 208 x(the)S 209 x(recei)S 2 x(ved)S 208 x(message)S 209 x
(was)S 209 x(correct)S 2 x(,)S 214 x(but)S 4945 X 648 y(that)S 184 x
(the)S 183 x(message)S 184 x(was)S 183 x(recognized)S 184 x(as)S 183 x
(a)S 183 x(duplicat)S 2 x(e)S 182 x(of)S 184 x(a)S 182 x(previ)S 2 x
(ously-proces)S 2 x(sed)S 183 x(message.)S 3899 X 896 y F36(3.)S 631 x
F74(GSS_O)S -2 x(LD_T)S -10 x(OKEN)S 203 x(indicates)S 206 x(that)S
205 x(the)S 205 x(signature)S 206 x(on)S 204 x(the)S 205 x(recei)S 2 x
(ved)S 204 x(message)S 206 x(was)S 204 x(corr)S 2 x(ect,)S 210 x(but)S
205 x(that)S 205 x(the)S 4945 X 648 y(token)S 183 x(is)S 183 x(too)S
183 x(old)S 183 x(to)S 183 x(be)S 183 x(checked)S 184 x(for)S 183 x
(duplicat)S 2 x(ion.)S 3899 X 897 y F36(4.)S 631 x F74(GSS_U)S -2 x
(NSEQ_T)S -11 x(OKEN)S 178 x(indicates)S 180 x(that)S 180 x(the)S 180 x
(signature)S 180 x(on)S 179 x(the)S 179 x(rece)S 2 x(ived)S 179 x(message)S
180 x(was)S 179 x(corre)S 2 x(ct,)S 180 x(but)S 179 x(that)S 180 x(it)S
4945 X 647 y(is)S 183 x(earli)S 2 x(er)S 183 x(in)S 183 x(a)S 183 x
(sequenced)S 184 x(stream)S 184 x -181 y F86(6)S 208 x 181 y F74(than)S
183 x(a)S 183 x(messa)S 2 x(ge)S 182 x(alre)S 2 x(ady)S 183 x(processed)S
184 x(on)S 182 x(the)S 184 x(context.)S 3899 33149 XY 6996 24 R 4123 33497 XY
F90(6)S 225 x 140 y F86(Mechanisms)S 144 x(can)S 144 x(be)S 144 x(architected)S
144 x(to)S 144 x(provide)S 144 x(a)S 144 x(stricter)S 143 x(form)S 144 x
(of)S 144 x(sequencing)S 145 x(service,)S 146 x(delivering)S 144 x(particular)S
143 x(messages)S 144 x(to)S 144 x(recipients)S 143 x(only)S 145 x(after)S
143 x(all)S 4497 X 449 y(predecessor)S 123 x(messages)S 123 x(in)S 124 x
(an)S 123 x(ordered)S 123 x(stream)S 123 x(have)S 124 x(been)S 124 x
(delivered.)S 173 x(This)S 124 x(type)S 123 x(of)S 124 x(support)S 123 x
(is)S 123 x(incompatible)S 124 x(with)S 123 x(the)S 123 x(GSS-)S -2 x
(API)S 123 x(paradigm)S 123 x(in)S 124 x(which)S 4497 X 448 y(recipients)S
159 x(receive)S 159 x(all)S 159 x(messages,)S 166 x(whether)S 159 x
(in)S 159 x(order)S 160 x(or)S 159 x(not,)S 166 x(and)S 160 x(provide)S
160 x(them)S 160 x(\(one)S 159 x(at)S 159 x(a)S 160 x(time,)S 165 x
(without)S 160 x(intra-GS)S -2 x(S-API)S 158 x(message)S 160 x(buf)S
-7 x(fering\))S 158 x(to)S 4497 X 448 y(GSS)S -2 x(-API)S 138 x(routines)S
139 x(for)S 139 x(validation.)S 195 x(GSS-A)S -2 x(PI)S 139 x(facilit)S
-2 x(ies)S 139 x(provide)S 140 x(supportive)S 139 x(functions,)S 140 x
(aiding)S 140 x(clients)S 138 x(to)S 139 x(achieve)S 139 x(strict)S
138 x(message)S 140 x(stream)S 138 x(integrity)S 4497 X 449 y(in)S 123 x
(an)S 123 x(ef)S -8 x(\211cient)S 123 x(manner)S 123 x(in)S 123 x(conjunction)S
124 x(with)S 122 x(sequencing)S 124 x(provisions)S 124 x(in)S 123 x
(communications)S 123 x(protocols,)S 125 x(but)S 123 x(the)S 123 x(GSS-AP)S
-2 x(I)S 123 x(does)S 123 x(not)S 124 x(of)S -7 x(fer)S 122 x(this)S
123 x(level)S 122 x(of)S 4497 X 448 y(message)S 133 x(stream)S 132 x
(integrity)S 132 x(service)S 133 x(by)S 133 x(itself.)S 3899 37554 XY
F36(8)S 498 x(1)S -27 x(1\203June\2031991)S
%%EndCustomColor: 0
8 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 9 9
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(As)S 167 x(the)S
168 x(message)S 169 x(stream)S 169 x(integr)S 2 x(ity)S 168 x(feature)S
2 x(s)S 167 x(\(espec)S 2 x(ially)S 168 x(sequenci)S 2 x(ng\))S 167 x
(may)S 168 x(inter)S 2 x(fere)S 169 x(with)S 167 x(cert)S 2 x(ain)S
168 x(applicat)S 2 x(ions')S 3899 X 648 y(intended)S 137 x(communic)S
2 x(ations)S 137 x(paradigms)S 2 x(,)S 145 x(and)S 136 x(since)S 138 x
(support)S 137 x(for)S 137 x(such)S 136 x(feat)S 2 x(ures)S 137 x(is)S
136 x(likel)S 2 x(y)S 136 x(to)S 136 x(be)S 137 x(resource)S 138 x(intensive,)S
3899 X 648 y(it)S 137 x(is)S 138 x(highly)S 137 x(recomm)S 2 x(ended)S
137 x(that)S 138 x(mech_types)S 138 x(supporting)S 138 x(these)S 138 x
(featur)S 2 x(es)S 137 x(allow)S 137 x(them)S 138 x(to)S 137 x(be)S
137 x(activat)S 2 x(ed)S 137 x(select)S 2 x(ively)S 3899 X 647 y(on)S
259 x(initia)S 2 x(tor)S 260 x(request)S 260 x(when)S 259 x(a)S 260 x
(context)S 260 x(is)S 260 x(establis)S 2 x(hed.)S 473 x(A)S 259 x(context)S
260 x(initiat)S 2 x(or)S 259 x(and)S 260 x(tar)S -9 x(get)S 260 x(are)S
260 x(provided)S 260 x(with)S 3899 X 648 y(corres)S 2 x(ponding)S 256 x
(indica)S 2 x(tors)S 257 x(\(repl)S 2 x(ay_det_stat)S 2 x(e)S 257 x
(and)S 257 x(sequence_sta)S 2 x(te\),)S 276 x(signifying)S 258 x(whether)S
258 x(these)S 257 x(feat)S 2 x(ures)S 257 x(are)S 3899 X 647 y(active)S
184 x(on)S 183 x(a)S 183 x(given)S 183 x(context.)S 3899 8211 XY(An)S
161 x(example)S 163 x(mech_type)S 163 x(supporting)S 162 x(per)S -10 x
(-message)S 163 x(repla)S 2 x(y)S 161 x(detecti)S 2 x(on)S 161 x(could)S
162 x(\(when)S 162 x(replay_det)S 2 x(_state)S 162 x(is)S 162 x(TRUE\))S
3899 X 647 y(impleme)S 2 x(nt)S 182 x(the)S 183 x(feat)S 2 x(ure)S 183 x
(as)S 183 x(follows:)S 244 x(The)S 183 x(underlying)S 183 x(mechani)S
2 x(sm)S 183 x(would)S 182 x(insert)S 184 x(timesta)S 2 x(mps)S 183 x
(in)S 182 x(data)S 184 x(elements)S 3899 X 648 y(output)S 229 x(by)S
228 x(GSS_Sign)S(\()S 82 x(\))S 229 x(and)S 229 x(GSS_Seal)S(\()S 83 x
(\))S(,)S 240 x(and)S 229 x(would)S 228 x(mainta)S 2 x(in)S 228 x(\(within)S
230 x(a)S 228 x(time)S 2 x(-limit)S 2 x(ed)S 228 x(window\))S 229 x
(a)S 228 x(cache)S 3899 X 647 y(\(quali\211ed)S 247 x(by)S 245 x(originator)S
-9 x(-reci)S 2 x(pient)S 246 x(pair\))S 247 x(identif)S 2 x(ying)S 245 x
(rece)S 2 x(ived)S 246 x(data)S 246 x(element)S 2 x(s)S 245 x(processe)S
2 x(d)S 245 x(by)S 245 x(GSS_V)S -62 x(erif)S 2 x(y)S(\()S 83 x(\))S
3899 X 648 y(and)S 200 x(GSS_Unseal)S(\()S 83 x(\))S(.)S 297 x(When)S
200 x(this)S 201 x(feat)S 2 x(ure)S 200 x(is)S 201 x(active,)S 206 x
(exception)S 201 x(stat)S 2 x(us)S 200 x(returns)S 202 x(\(GSS_DU)S
-2 x(PLICA)S -61 x(TE_T)S -10 x(OKEN)S -2 x(,)S 3899 X 647 y(GSS_O)S
-2 x(LD_T)S -10 x(OKEN)S -2 x(\))S 147 x(will)S 148 x(be)S 147 x(provided)S
147 x(when)S 147 x(GSS_V)S -63 x(erif)S 2 x(y)S(\()S 83 x(\))S 147 x
(or)S 148 x(GSS)S -2 x(_Unseal)S(\()S 85 x(\))S 147 x(is)S 147 x(presente)S
2 x(d)S 146 x(with)S 147 x(a)S 147 x(message)S 3899 X 648 y(which)S
172 x(is)S 172 x(eithe)S 2 x(r)S 172 x(a)S 172 x(detect)S 2 x(ed)S 172 x
(duplicat)S 2 x(e)S 172 x(of)S 172 x(a)S 172 x(prior)S 174 x(message)S
173 x(or)S 172 x(which)S 172 x(is)S 173 x(too)S 172 x(old)S 172 x(to)S
173 x(validate)S 173 x(against)S 174 x(a)S 172 x(cache)S 173 x(of)S
3899 X 648 y(recent)S 2 x(ly)S 182 x(rece)S 2 x(ived)S 183 x(messages)S
2 x(.)S 3899 14138 XY F32(1.2.4)S 547 x(Quality)S 184 x(of)S 183 x(Protection)S
3899 X 897 y F74(Some)S 193 x(mech_types)S 194 x(will)S 193 x(provide)S
194 x(their)S 194 x(users)S 193 x(with)S 193 x(\211ne)S 193 x(granulari)S
2 x(ty)S 193 x(control)S 194 x(over)S 193 x(the)S 193 x(means)S 194 x
(used)S 193 x(to)S 192 x(provide)S 3899 X 648 y(per)S -10 x(-message)S
217 x(protect)S 2 x(ion,)S 224 x(allowing)S 216 x(calle)S 2 x(rs)S 216 x
(to)S 216 x(trade)S 217 x(of)S -10 x(f)S 216 x(securi)S 2 x(ty)S 216 x
(processing)S 217 x(overhead)S 217 x(dynamicall)S 2 x(y)S 215 x(against)S
3899 X 647 y(the)S 157 x(protecti)S 2 x(on)S 156 x(require)S 2 x(ments)S
157 x(of)S 156 x(parti)S 2 x(cular)S 157 x(message)S 2 x(s.)S 235 x
(A)S 155 x(per)S -10 x(-messa)S 2 x(ge)S 156 x(quality-)S 2 x(of-prote)S
2 x(ction)S 157 x(paramet)S 2 x(er)S 157 x(\(anal-)S 3899 X 648 y(ogous)S
162 x(to)S 162 x(quality-of)S 2 x(-servi)S 2 x(ce,)S 166 x(or)S 162 x
(QOS\))S 162 x(selects)S 163 x(among)S 162 x(dif)S -9 x(fer)S 2 x(ent)S
162 x(QOP)S 161 x(options)S 162 x(supported)S 163 x(by)S 162 x(that)S
163 x(mechanism.)S 3899 X 647 y(On)S 193 x(context)S 195 x(establi)S
2 x(shment)S 194 x(for)S 195 x(a)S 194 x(multi-)S 2 x(QOP)S 192 x(mech_type)S
2 x(,)S 196 x(context-)S 2 x(level)S 194 x(data)S 195 x(provides)S 195 x
(the)S 194 x(prere)S 2 x(quisite)S 195 x(data)S 3899 X 648 y(for)S 183 x
(a)S 183 x(range)S 184 x(of)S 183 x(protect)S 2 x(ion)S 183 x(qualities)S
2 x(.)S 3899 19269 XY(It)S 168 x(is)S 168 x(expected)S 168 x(that)S
168 x(the)S 168 x(major)S 2 x(ity)S 167 x(of)S 168 x(calle)S 2 x(rs)S
168 x(will)S 167 x(not)S 168 x(wish)S 167 x(to)S 168 x(exert)S 168 x
(explic)S 2 x(it)S 167 x(mecha)S 2 x(nism-speci)S 2 x(\211c)S 167 x
(QOP)S 166 x(control)S 3899 X 648 y(and)S 224 x(will)S 224 x(theref)S
2 x(ore)S 224 x(request)S 225 x(selecti)S 2 x(on)S 223 x(of)S 224 x
(a)S 224 x(default)S 225 x(QOP)S -62 x(.)S 223 x(De\211nitions)S 225 x
(of,)S 234 x(and)S 223 x(choice)S 2 x(s)S 223 x(among,)S 234 x(non-def)S
2 x(ault)S 3899 X 647 y(QOP)S 143 x(values)S 145 x(are)S 145 x(mechanis)S
2 x(m-speci\211c,)S 153 x(and)S 144 x(no)S 144 x(ordere)S 2 x(d)S 144 x
(sequences)S 145 x(of)S 145 x(QOP)S 143 x(values)S 145 x(can)S 144 x
(be)S 145 x(assumed)S 145 x(equivalent)S 3899 X 648 y(across)S 149 x
(dif)S -9 x(ferent)S 149 x(mechani)S 2 x(sms.)S 232 x(Meaningful)S 149 x
(use)S 148 x(of)S 148 x(non-defa)S 2 x(ult)S 148 x(QOP)S 146 x(values)S
149 x(demands)S 149 x(that)S 148 x(calle)S 2 x(rs)S 148 x(be)S 148 x
(famili)S 2 x(ar)S 3899 X 647 y(with)S 209 x(the)S 210 x(QOP)S 208 x
(de\211nitions)S 210 x(of)S 210 x(an)S 209 x(underlyi)S 2 x(ng)S 209 x
(mechanism)S 211 x(or)S 209 x(mecha)S 2 x(nisms,)S 216 x(and)S 210 x
(is)S 209 x(there)S 2 x(fore)S 210 x(a)S 209 x(non-port)S 2 x(able)S
3899 X 648 y(construct)S 2 x(.)S 3899 24001 XY F28(2)S 598 x(Interface)S
201 x(Descriptions)S 3899 24998 XY F74(This)S 167 x(section)S 168 x
(describe)S 2 x(s)S 167 x(the)S 167 x(GSS-API')S -31 x(s)S 167 x(servic)S
2 x(e)S 167 x(interf)S 2 x(ace,)S 170 x(dividing)S 168 x(the)S 167 x
(set)S 168 x(of)S 167 x(calls)S 168 x(of)S -9 x(fered)S 168 x(into)S
167 x(four)S 168 x(groups.)S 3899 X 647 y(Credent)S 2 x(ial)S 276 x
(management)S 277 x(calls)S 276 x(are)S 276 x(rela)S 2 x(ted)S 275 x
(to)S 276 x(the)S 276 x(acquisition)S 277 x(and)S 275 x(relea)S 2 x
(se)S 275 x(of)S 276 x(credentia)S 2 x(ls)S 275 x(by)S 275 x(princi)S
2 x(pals.)S 3899 X 648 y(Context-)S 2 x(level)S 192 x(calls)S 192 x
(are)S 192 x(rela)S 2 x(ted)S 191 x(to)S 192 x(the)S 191 x(managem)S
2 x(ent)S 191 x(of)S 192 x(security)S 192 x(context)S 2 x(s)S 191 x
(between)S 191 x(princi)S 2 x(pals.)S 269 x(Per)S -10 x(-message)S 3899 X
647 y(calls)S 187 x(are)S 186 x(relat)S 2 x(ed)S 185 x(to)S 186 x(the)S
186 x(protect)S 2 x(ion)S 185 x(of)S 186 x(individual)S 187 x(messages)S
187 x(on)S 185 x(establi)S 2 x(shed)S 185 x(secur)S 2 x(ity)S 185 x
(context)S 2 x(s.)S 251 x(Support)S 186 x(calls)S 3899 X 648 y(provide)S
147 x(ancilla)S 2 x(ry)S 146 x(functions)S 147 x(useful)S 147 x(to)S
146 x(GSS-API)S 145 x(call)S 2 x(ers.)S 232 x(T)S -39 x(able)S 147 x
(2)S 146 x(groups)S 146 x(and)S 146 x(summar)S 2 x(izes)S 147 x(the)S
146 x(call)S 2 x(s)S 146 x(in)S 146 x(tabular)S 3899 X 647 y(fashion.)S
23085 37373 XY F36(1)S -27 x(1\203June\2031991)S 498 x(9)S
%%EndCustomColor: 0
9 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 10 10
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3650 XY 23316 48 R 3899 4297 XY F32(T)S -41 x(able)S
182 x(2:)S 498 x(GSS)S 2 x(-API)S 183 x(Calls)S 3899 X 299 y 23316 48 R
3899 5294 XY F38(CREDENTI)S -2 x(AL)S 150 x(MANAGEMENT)S 3899 X 697 y
(GSS_Acquire_cr)S 2 x(ed)S 13513 X(acquire)S 150 x(crede)S 2 x(ntials)S
148 x(for)S 150 x(use)S 3899 X 697 y(GSS_Release_cred)S 13513 X(release)S
150 x(crede)S 2 x(ntials)S 148 x(after)S 150 x(use)S 3899 X 698 y(CONTEXT)S
-26 x(-LEVEL)S 151 x(CALLS)S 3899 X 697 y(GSS_Init_sec_context)S 13513 X
(initi)S -2 x(ate)S 150 x(outbound)S 151 x(security)S 150 x(context)S
3899 X 698 y(GSS_Accept_sec_)S 2 x(context)S 13513 X(accept)S 150 x
(inbound)S 151 x(security)S 149 x(context)S 3899 X 697 y(GSS_Delete_sec_context)S
13513 X(\212ush)S 150 x(context)S 150 x(when)S 150 x(no)S 150 x(longer)S
150 x(needed)S 3899 X 697 y(GSS_Process_)S 2 x(context_token)S 13513 X
(process)S 151 x(received)S 150 x(control)S 150 x(token)S 150 x(on)S
150 x(context)S 3899 X 698 y(GSS_Context_time)S 13513 X(indicate)S 149 x
(validity)S 149 x(time)S 149 x(remaining)S 151 x(on)S 149 x(context)S
3899 X 697 y(PER-MESSAGE)S 150 x(CALLS)S 3899 X 697 y(GSS_Sign)S 13513 X
(apply)S 150 x(signature,)S 150 x(receive)S 150 x(as)S 150 x(token)S
150 x(separate)S 151 x(from)S 150 x(message)S 3899 X 698 y(GSS_V)S -25 x
(erify)S 13513 X(validate)S 149 x(signature)S 151 x(token)S 150 x(along)S
150 x(wit)S -2 x(h)S 150 x(messag)S 2 x(e)S 3899 X 697 y(GSS_Seal)S
13513 X(sign,)S 149 x(optionally)S 149 x(encryp)S 2 x(t,)S 148 x(encap)S
2 x(sulate)S 3899 X 698 y(GSS_Unseal)S 13513 X(decapsulate,)S 150 x
(decryp)S 2 x(t)S 149 x(if)S 148 x(neede)S 2 x(d,)S 149 x(validate)S
149 x(signature)S 3899 X 697 y(SUPPOR)S -9 x(T)S 149 x(CALLS)S 3899 X
697 y(GSS_Display_status)S 13513 X(translate)S 150 x(status)S 149 x
(codes)S 151 x(to)S 149 x(printable)S 150 x(form)S 3899 X 698 y(GSS_Indicate_mechs)S
13513 X(indicate)S 149 x(mech_)S 2 x(types)S 149 x(suppo)S 2 x(rted)S
150 x(on)S 150 x(local)S 149 x(system)S 3899 X 697 y(GSS_Compare_)S
2 x(name)S 13513 X(compare)S 151 x(two)S 149 x(names)S 151 x(for)S 150 x
(equality)S 3899 X 698 y(GSS_Display_name)S 13513 X(translate)S 150 x
(name)S 150 x(to)S 150 x(printable)S 149 x(form)S 3899 X 697 y(GSS_Import_nam)S
2 x(e)S 13513 X(convert)S 150 x(printable)S 150 x(name)S 151 x(to)S
149 x(norma)S 2 x(lized)S 149 x(form)S 3899 X 697 y(GSS_Release_nam)S
2 x(e)S 13513 X(free)S 150 x(storage)S 150 x(of)S 150 x(normalized-form)S
151 x(name)S 3899 X 698 y(GSS_Release_buf)S -7 x(fer)S 13513 X(free)S
150 x(storage)S 150 x(of)S 150 x(printable)S 149 x(name)S 3899 X 697 y
(GSS_Release_oid_set)S 13513 X(free)S 150 x(storage)S 150 x(of)S 150 x
(OID)S 148 x(set)S 150 x(object)S 3899 X 399 y 23316 48 R 3899 22529 XY
F32(2.1)S 547 x(Credential)S 183 x(manage)S -2 x(ment)S 183 x(calls)S
3899 23525 XY F74(These)S 176 x(GSS-API)S 175 x(call)S 2 x(s)S 176 x
(provide)S 176 x(functi)S 2 x(ons)S 176 x(relate)S 2 x(d)S 176 x(to)S
176 x(the)S 176 x(managem)S 2 x(ent)S 176 x(of)S 177 x(credenti)S 2 x
(als.)S 242 x(Their)S 176 x(chara)S 2 x(cteriz)S 2 x(ation)S 3899 X
648 y(with)S 257 x(regard)S 258 x(to)S 257 x(whether)S 257 x(or)S 257 x
(not)S 257 x(they)S 257 x(may)S 257 x(block)S 258 x(pending)S 257 x
(exchanges)S 257 x(with)S 257 x(other)S 258 x(network)S 257 x(entiti)S
2 x(es)S 257 x(\(e.g.,)S 3899 X 647 y(direct)S 2 x(ories)S 217 x(or)S
216 x(authentic)S 2 x(ation)S 216 x(server)S 2 x(s\))S 216 x(depends)S
217 x(in)S 216 x(part)S 217 x(on)S 216 x(OS-speci\211c)S 216 x(\(extr)S
2 x(a-GSS-API\))S 216 x(issues,)S 225 x(so)S 216 x(is)S 216 x(not)S
3899 X 648 y(speci\211ed)S 183 x(in)S 183 x(this)S 184 x(document.)S
3899 26464 XY(The)S 194 x(GSS_A)S -2 x(cquire_c)S 2 x(red)S(\()S 84 x
(\))S 194 x(call)S 195 x(is)S 194 x(de\211ned)S 194 x(within)S 194 x
(the)S 195 x(GSS-AP)S -2 x(I)S 195 x(in)S 194 x(support)S 194 x(of)S
194 x(applica)S 2 x(tion)S 194 x(portabil)S 2 x(ity)S -35 x(,)S 196 x
(with)S 3899 X 648 y(a)S 182 x(particul)S 2 x(ar)S 182 x(orienta)S 2 x
(tion)S 182 x(towards)S 182 x(support)S 182 x(of)S 182 x(portable)S
183 x(server)S 183 x(applic)S 2 x(ations.)S 244 x(It)S 182 x(is)S 182 x
(recognize)S 2 x(d)S 181 x(that)S 183 x(\(for)S 182 x(cer)S 2 x(tain)S
3899 X 647 y(systems)S 126 x(and)S 125 x(mechani)S 2 x(sms\))S 126 x
(credentia)S 2 x(ls)S 125 x(for)S 126 x(intera)S 2 x(ctive)S 126 x(users)S
126 x(may)S 125 x(be)S 125 x(managed)S 126 x(dif)S -9 x(ferent)S 2 x
(ly)S 125 x(from)S 126 x(credent)S 2 x(ials)S 126 x(for)S 3899 X 648 y
(server)S 180 x(processes;)S 181 x(in)S 179 x(such)S 178 x(environm)S
2 x(ents,)S 180 x(it)S 178 x(is)S 179 x(the)S 179 x(GSS-AP)S -2 x(I)S
179 x(implem)S 2 x(entation')S -29 x(s)S 179 x(responsibil)S 2 x(ity)S
178 x(to)S 179 x(distinguish)S 3899 X 648 y(these)S 194 x(cases)S 195 x
(and)S 194 x(the)S 194 x(procedur)S 2 x(es)S 194 x(for)S 194 x(making)S
195 x(this)S 194 x(distinct)S 2 x(ion)S 193 x(are)S 195 x(a)S 194 x
(local)S 195 x(matter)S -28 x(.)S 276 x(The)S 194 x(GSS)S -2 x(_Rel)S
2 x(ease_cre)S 2 x(d)S(\()S 83 x(\))S 3899 X 647 y(call)S 231 x(provides)S
231 x(a)S 230 x(means)S 231 x(for)S 231 x(caller)S 2 x(s)S 230 x(to)S
230 x(indicat)S 2 x(e)S 230 x(to)S 230 x(the)S 231 x(GSS-AP)S -2 x(I)S
231 x(that)S 230 x(use)S 231 x(of)S 230 x(a)S 230 x(crede)S 2 x(ntials)S
231 x(structur)S 2 x(e)S 230 x(is)S 231 x(no)S 3899 X 648 y(longer)S
184 x(required.)S 3899 31744 XY F32(2.1.1)S 547 x(GSS)S 2 x(_Acq)S -2 x
(uire_cred)S 182 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X 897 y(\201)S
854 x(desiredna)S 2 x(me)S 183 x(INTERNAL)S 182 x(NAME,)S 182 x(\202NULL)S
181 x(requests)S 184 x(locall)S 2 x(y-deter)S 2 x(mined)S 183 x(default)S
3899 X 896 y(\201)S 854 x(lifet)S 2 x(ime_req)S 184 x(INTEGER,\202in)S
182 x(seconds;)S 184 x(0)S 183 x(requests)S 184 x(default)S 3899 X 897 y
(\201)S 854 x(desired_m)S 2 x(echs)S 183 x(SET)S 182 x(OF)S 182 x(OBJECT)S
183 x(IDENTIFIER,\202empty)S 183 x(set)S 184 x(requests)S 184 x(system-)S
2 x(selecte)S 2 x(d)S 182 x(defaul)S 2 x(t)S 3899 37373 XY F36(10)S
498 x(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
10 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Helvetica
%%+ Times-Roman
%%PageCustomColors: 0
%
%%Page: 11 11
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(cred_usage)S
184 x(INTEGER\2020=INITIA)S -61 x(TE-AND-ACCEPT)S -41 x(,)S 183 x(1=INITIA)S
-61 x(TE-ONL)S -55 x(Y)S -72 x(,)S 183 x(2=ACCEPT)S -50 x(-ONL)S -56 x
(Y)S 3899 5072 XY(Outputs:)S 3899 X 897 y(\201)S 854 x(major_st)S 2 x
(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(minor_sta)S 2 x(tus)S
183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x(output_cre)S 2 x(d_handle)S
183 x(OCTET)S 182 x(STRING,)S 3899 X 897 y(\201)S 854 x(lifet)S 2 x
(ime_rec)S 184 x(INTEGER)S 182 x(\202in)S 183 x(seconds,)S 184 x(or)S
183 x(reser)S 2 x(ved)S 182 x(value)S 184 x(for)S 183 x(INDEFINITE)S
3899 9755 XY(Return)S 184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X
896 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 139 x(indicat)S 2 x(es)S 140 x
(that)S 140 x(requeste)S 2 x(d)S 139 x(credent)S 2 x(ials)S 140 x(were)S
140 x(successf)S 2 x(ully)S 140 x(establi)S 2 x(shed,)S 148 x(for)S
140 x(the)S 140 x(durati)S 2 x(on)S 4945 X 648 y(indicate)S 2 x(d)S
196 x(in)S 197 x(lif)S 2 x(etime_r)S 2 x(ec,)S 200 x(suitabl)S 2 x(e)S
197 x(for)S 197 x(the)S 198 x(usage)S 197 x(requeste)S 2 x(d)S 196 x
(in)S 197 x(cred_usa)S 2 x(ge,)S 200 x(and)S 197 x(for)S 198 x(all)S
197 x(or)S 197 x(a)S 197 x(subset)S 198 x(of)S 4945 X 648 y(the)S 183 x
(reques)S 2 x(ted)S 183 x(mech_type)S 2 x(s,)S 183 x(and)S 183 x(that)S
184 x(those)S 183 x(crede)S 2 x(ntials)S 184 x(can)S 184 x(be)S 183 x
(refer)S 2 x(enced)S 183 x(for)S 184 x(subsequent)S 184 x(use)S 184 x
(with)S 183 x(the)S 4945 X 647 y(handle)S 183 x(ret)S 2 x(urned)S 183 x
(in)S 183 x(output_cred_ha)S 2 x(ndle.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_ME)S
-2 x(CH)S 218 x(indicat)S 2 x(es)S 218 x(that)S 218 x(a)S 218 x(mech_type)S
219 x(unsupported)S 219 x(by)S 217 x(the)S 219 x(GSS)S -2 x(-API)S 218 x
(implem)S 2 x(entation)S 219 x(type)S 4945 X 647 y(was)S 183 x(requested,)S
184 x(causing)S 184 x(the)S 183 x(credenti)S 2 x(al)S 183 x(establi)S
2 x(shment)S 183 x(operat)S 2 x(ion)S 183 x(to)S 183 x(fail.)S 3899 X
897 y(\201)S 854 x(GSS_BAD_N)S -2 x(AMETYPE)S 238 x(indicat)S 2 x(es)S
239 x(that)S 241 x(the)S 240 x(provided)S 241 x(desirednam)S 2 x(e)S
239 x(is)S 240 x(uninter)S 2 x(pretable)S 241 x(or)S 240 x(of)S 240 x
(a)S 240 x(type)S 4945 X 648 y(unsupported)S 179 x(by)S 177 x(the)S
178 x(supporting)S 179 x(GSS-AP)S -2 x(I)S 178 x(imple)S 2 x(mentation,)S
180 x(so)S 177 x(no)S 178 x(credent)S 2 x(ials)S 178 x(could)S 178 x
(be)S 178 x(establi)S 2 x(shed)S 178 x(for)S 4945 X 647 y(the)S 183 x
(accompa)S 2 x(nying)S 182 x(desir)S 2 x(edname.)S 3899 X 897 y(\201)S
854 x(GSS_BAD_N)S -2 x(AME)S 220 x(indicates)S 222 x(that)S 221 x(the)S
220 x(provided)S 221 x(desire)S 2 x(dname)S 221 x(is)S 220 x(inconsist)S
2 x(ent)S 220 x(in)S 221 x(terms)S 221 x(of)S 221 x(internal)S 2 x(ly-)S
4945 X 647 y(incorpora)S 2 x(ted)S 157 x(type)S 158 x(speci\211er)S
159 x(informat)S 2 x(ion,)S 162 x(so)S 157 x(no)S 157 x(crede)S 2 x
(ntials)S 158 x(could)S 158 x(be)S 157 x(establi)S 2 x(shed)S 157 x
(for)S 158 x(the)S 158 x(accompanyi)S 2 x(ng)S 4945 X 648 y(desiredna)S
2 x(me.)S 3899 X 897 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S 146 x(indicat)S
2 x(es)S 146 x(that)S 148 x(credentia)S 2 x(l)S 146 x(establ)S 2 x(ishment)S
147 x(fai)S 2 x(led)S 146 x(for)S 148 x(reasons)S 147 x(unspeci\211ed)S
147 x(at)S 147 x(the)S 147 x(GSS-API)S 4945 X 647 y(level,)S 236 x(including)S
225 x(lack)S 225 x(of)S 224 x(authori)S 2 x(zation)S 225 x(to)S 224 x
(establ)S 2 x(ish)S 224 x(and)S 225 x(use)S 224 x(credent)S 2 x(ials)S
225 x(associat)S 2 x(ed)S 224 x(with)S 224 x(the)S 225 x(identity)S
4945 X 648 y(named)S 183 x(in)S 183 x(the)S 184 x(input)S 183 x(desiredna)S
2 x(me)S 183 x(ar)S -9 x(gument.)S 3899 21810 XY(GSS_A)S -2 x(cquire)S
2 x(_cred)S(\()S 84 x(\))S 226 x(is)S 225 x(used)S 225 x(to)S 226 x
(acquire)S 226 x(crede)S 2 x(ntials)S 226 x(so)S 225 x(that)S 226 x
(a)S 225 x(principa)S 2 x(l)S 225 x(can)S 226 x(\(as)S 225 x(a)S 226 x
(function)S 226 x(of)S 225 x(the)S 226 x(input)S 3899 X 647 y(cred_usage)S
273 x(parame)S 2 x(ter\))S 273 x(initiate)S 273 x(and/or)S 273 x(accept)S
273 x(security)S 273 x(contexts)S 272 x(under)S 273 x(the)S 272 x(identity)S
273 x(represent)S 2 x(ed)S 271 x(by)S 272 x(the)S 3899 X 648 y(desiredna)S
2 x(me)S 167 x(input)S 168 x(ar)S -10 x(gument.)S 239 x(On)S 167 x(successf)S
2 x(ul)S 167 x(completi)S 2 x(on,)S 170 x(the)S 167 x(retur)S 2 x(ned)S
167 x(output_cred_handl)S 2 x(e)S 167 x(result)S 168 x(provides)S 3899 X
647 y(a)S 229 x(handle)S 229 x(for)S 229 x(subsequent)S 230 x(refer)S
2 x(ences)S 229 x(to)S 229 x(the)S 229 x(acquire)S 2 x(d)S 228 x(credent)S
2 x(ials.)S 382 x(T)S -39 x(ypicall)S 2 x(y)S -36 x(,)S 240 x(single-us)S
2 x(er)S 229 x(client)S 230 x(processes)S 3899 X 648 y(using)S 183 x
(only)S 183 x(default)S 184 x(credent)S 2 x(ials)S 183 x(for)S 184 x
(context)S 184 x(establis)S 2 x(hment)S 183 x(purposes)S 184 x(will)S
183 x(have)S 183 x(no)S 183 x(need)S 183 x(to)S 183 x(invoke)S 183 x
(this)S 183 x(call)S 2 x(.)S 3899 25396 XY(A)S 156 x(calle)S 2 x(r)S
157 x(may)S 157 x(provide)S 157 x(a)S 157 x(rese)S 2 x(rved)S 157 x
(value)S 157 x(for)S 158 x(desiredna)S 2 x(me)S 157 x(signifying)S 158 x
(a)S 157 x(request)S 158 x(for)S 157 x(crede)S 2 x(ntials)S 158 x(correspondi)S
2 x(ng)S 3899 X 648 y(to)S 154 x(a)S 153 x(defaul)S 2 x(t)S 154 x(principal)S
155 x(identit)S 2 x(y;)S 163 x(the)S 154 x(procedur)S 2 x(es)S 154 x
(used)S 153 x(by)S 154 x(GSS-AP)S -2 x(I)S 154 x(imple)S 2 x(mentations)S
155 x(to)S 154 x(select)S 155 x(the)S 154 x(appropri)S 2 x(ate)S 3899 X
647 y(principal)S 203 x(identity)S 202 x(in)S 201 x(response)S 202 x
(to)S 202 x(this)S 201 x(form)S 202 x(of)S 202 x(request)S 202 x(are)S
202 x(local)S 202 x(matte)S 2 x(rs.)S 299 x(It)S 201 x(is)S 202 x(possible)S
202 x(that)S 202 x(multiple)S 202 x(pre-)S 3899 X 648 y(establi)S 2 x
(shed)S 158 x(crede)S 2 x(ntials)S 160 x(may)S 159 x(exist)S 159 x(for)S
159 x(the)S 159 x(same)S 160 x(principa)S 2 x(l)S 158 x(identi)S 2 x
(ty)S 158 x(\(for)S 160 x(example)S 2 x(,)S 163 x(as)S 159 x(a)S 158 x
(resul)S 2 x(t)S 158 x(of)S 159 x(multi)S 2 x(ple)S 159 x(user)S 3899 X
647 y(login)S 215 x(sessions\))S 216 x(when)S 214 x(GSS_Acquire_cred)S
(\()S 85 x(\))S 215 x(is)S 215 x(called;)S 232 x(the)S 215 x(means)S
216 x(used)S 214 x(in)S 215 x(such)S 215 x(cases)S 216 x(to)S 215 x
(select)S 216 x(a)S 214 x(speci)S 2 x(\211c)S 3899 X 648 y(credenti)S
2 x(al)S 183 x(are)S 184 x(local)S 184 x(matter)S 2 x(s)S -181 y F86
(7)S 25 x 181 y F74(.)S 3899 29630 XY(The)S 200 x(life)S 2 x(time_re)S
2 x(c)S 200 x(resul)S 2 x(t)S 200 x(indicat)S 2 x(es)S 201 x(the)S 200 x
(length)S 202 x(of)S 200 x(time)S 202 x(for)S 201 x(which)S 201 x(the)S
201 x(acquired)S 202 x(credenti)S 2 x(als)S 201 x(will)S 201 x(be)S
200 x(valid,)S 206 x(as)S 3899 X 648 y(an)S 227 x(of)S -9 x(fset)S 228 x
(from)S 228 x(the)S 228 x(present)S 2 x(.)S 376 x(A)S 227 x(mechanis)S
2 x(m)S 227 x(may)S 228 x(return)S 228 x(a)S 228 x(reserved)S 229 x
(value)S 227 x(indica)S 2 x(ting)S 227 x(INDEFINITE)S 227 x(if)S 228 x
(no)S 3899 X 647 y(constrai)S 2 x(nts)S 186 x(on)S 186 x(credent)S 2 x
(ial)S 187 x(lifeti)S 2 x(me)S 186 x(are)S 187 x(imposed.)S 255 x(A)S
186 x(caller)S 188 x(of)S 186 x(GSS_Acquire_cred)S(\()S 84 x(\))S 187 x
(can)S 186 x(reques)S 2 x(t)S 186 x(a)S 186 x(length)S 187 x(of)S 3899 X
648 y(time)S 167 x(for)S 167 x(which)S 166 x(acquired)S 167 x(credent)S
2 x(ials)S 167 x(are)S 167 x(to)S 166 x(be)S 166 x(valid)S 167 x(\(lifet)S
2 x(ime_req)S 167 x(ar)S -9 x(gument\),)S 171 x(beginning)S 166 x(at)S
167 x(the)S 166 x(present)S 2 x -181 y F86(8)S 25 x 181 y F74(,)S 169 x
(or)S 3899 X 648 y(can)S 212 x(request)S 214 x(credentia)S 2 x(ls)S
212 x(with)S 212 x(a)S 212 x(defaul)S 2 x(t)S 212 x(validity)S 213 x
(interva)S 2 x(l.)S 331 x(Cert)S 2 x(ain)S 212 x(mechanis)S 2 x(ms)S
212 x(and)S 212 x(impleme)S 2 x(ntations)S 213 x(may)S 3899 X 647 y
(bind)S 222 x(in)S 222 x(credentia)S 2 x(l)S 222 x(validity)S 223 x
(period)S 222 x(speci\211er)S 2 x(s)S 221 x(at)S 223 x(a)S 221 x(point)S
222 x(prel)S 2 x(iminary)S 223 x(to)S 222 x(invocation)S 223 x(of)S
222 x(the)S 222 x(GSS_A)S -2 x(cquire_)S 3899 X 648 y(cred)S(\()S 84 x
(\))S 196 x(call)S 196 x(\(e.g.,)S 199 x(in)S 196 x(conjunction)S 196 x
(with)S 195 x(user)S 196 x(login)S 196 x(procedur)S 2 x(es\).)S 281 x
(As)S 195 x(a)S 196 x(result,)S 199 x(call)S 2 x(ers)S 196 x(requesting)S
196 x(non-def)S 2 x(ault)S 3899 X 887 y 6996 24 R 4123 34750 XY F90
(7)S 225 x 141 y F86(The)S 132 x(input)S 132 x(lifetime_req)S 131 x
(ar)S -8 x(gument)S 133 x(to)S 131 x(GSS_Acquire_cred)S(\()S 70 x(\))S
131 x(may)S 132 x(provide)S 132 x(useful)S 132 x(information)S 131 x
(for)S 132 x(local)S 131 x(GSS-AP)S -2 x(I)S 132 x(implementations)S
131 x(to)S 132 x(employ)S 132 x(in)S 4497 X 448 y(making)S 133 x(this)S
133 x(disambiguation)S 133 x(in)S 133 x(a)S 133 x(manner)S 133 x(which)S
132 x(will)S 132 x(best)S 133 x(satisfy)S 133 x(a)S 132 x(caller)S 14 x
(')S -22 x(s)S 133 x(intent.)S 4123 X 399 y F90(8)S 225 x 141 y F86
(Requests)S 132 x(for)S 133 x(postdated)S 133 x(credentials)S 132 x
(are)S 133 x(not)S 133 x(supported)S 134 x(within)S 132 x(the)S 133 x
(GSS-)S -2 x(API.)S 22836 37554 XY F36(1)S -28 x(1\203June\2031991)S
499 x(1)S -28 x(1)S
%%EndCustomColor: 0
11 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 12 12
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(values)S 147 x(for)S 147 x(lifet)S 2 x(ime_req)S
147 x(must)S 147 x(recogni)S 2 x(ze)S 146 x(that)S 147 x(such)S 147 x
(requests)S 147 x(cannot)S 147 x(always)S 147 x(be)S 146 x(honored)S
147 x(and)S 147 x(must)S 146 x(be)S 147 x(prepared)S 3899 X 648 y(to)S
183 x(accomodat)S 2 x(e)S 182 x(the)S 184 x(use)S 183 x(of)S 183 x(returne)S
2 x(d)S 182 x(crede)S 2 x(ntials)S 184 x(with)S 182 x(dif)S -9 x(fer)S
2 x(ent)S 183 x(lifet)S 2 x(imes)S 183 x(as)S 183 x(indica)S 2 x(ted)S
183 x(in)S 183 x(lifeti)S 2 x(me_rec.)S 3899 5620 XY(The)S 126 x(call)S
2 x(er)S 127 x(of)S 127 x(GSS_A)S -2 x(cquire_c)S 2 x(red)S(\()S 84 x
(\))S 127 x(can)S 127 x(explicit)S 2 x(ly)S 126 x(specif)S 2 x(y)S 126 x
(a)S 127 x(set)S 127 x(of)S 127 x(mech_types)S 128 x(which)S 127 x(are)S
127 x(to)S 127 x(be)S 126 x(accom)S 2 x(odated)S 3899 X 648 y(in)S 235 x
(the)S 235 x(returned)S 236 x(credenti)S 2 x(als)S 235 x(\(desir)S 2 x
(ed_mechs)S 235 x(ar)S -9 x(gument\),)S 249 x(or)S 235 x(can)S 235 x
(request)S 235 x(cre)S 2 x(dentials)S 236 x(for)S 235 x(a)S 235 x(system-de)S
2 x(\211ned)S 3899 X 647 y(default)S 185 x(set)S 184 x(of)S 184 x(mech_types)S
2 x(.)S 246 x(Selection)S 185 x(of)S 183 x(the)S 184 x(system)S 2 x
(-speci\211ed)S 185 x(default)S 185 x(set)S 184 x(is)S 184 x(recomme)S
2 x(nded)S 183 x(in)S 184 x(the)S 184 x(inter)S 2 x(ests)S 3899 X 648 y
(of)S 183 x(applicat)S 2 x(ion)S 183 x(portabili)S 2 x(ty)S -36 x(.)S
3899 8958 XY F32(2.1.2)S 547 x(GSS)S 2 x(_Relea)S -2 x(se_cred)S 181 x
(call)S 3899 X 896 y F74(Input:)S 3899 X 897 y(\201)S 854 x(cred_handle)S
184 x(OCTET)S 183 x(STRING)S 3899 11847 XY(Outputs:)S 3899 X 897 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x
(minor_sta)S 2 x(tus)S 183 x(INTEGER)S 3899 14736 XY(Return)S 184 x
(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S
-2 x(TE)S 190 x(indicate)S 2 x(s)S 190 x(that)S 190 x(the)S 191 x(credent)S
2 x(ials)S 191 x(refer)S 2 x(enced)S 190 x(by)S 190 x(the)S 191 x(input)S
190 x(cred_handl)S 2 x(e)S 190 x(were)S 190 x(rele)S 2 x(ased)S 4945 X
647 y(for)S 265 x(purposes)S 265 x(of)S 264 x(subsequent)S 265 x(acce)S
2 x(ss)S 264 x(by)S 264 x(the)S 265 x(caller)S -29 x(.)S 488 x(The)S
264 x(ef)S -9 x(fect)S 266 x(on)S 264 x(other)S 265 x(processes)S 265 x
(which)S 265 x(may)S 264 x(be)S 4945 X 648 y(authoriz)S 2 x(ed)S 182 x
(share)S 2 x(d)S 182 x(acces)S 2 x(s)S 182 x(to)S 183 x(such)S 183 x
(crede)S 2 x(ntials)S 184 x(is)S 183 x(a)S 183 x(local)S 184 x(matter)S
-29 x(.)S 3899 X 897 y(\201)S 854 x(GSS_N)S -2 x(O_CRED)S 191 x(indicate)S
2 x(s)S 190 x(that)S 191 x(no)S 191 x(release)S 192 x(operati)S 2 x
(on)S 190 x(was)S 190 x(perf)S 2 x(ormed,)S 193 x(either)S 192 x(because)S
192 x(the)S 191 x(input)S 190 x(cre)S 2 x(d_)S 4945 X 647 y(handle)S
183 x(was)S 183 x(invalid)S 184 x(or)S 183 x(because)S 184 x(the)S 183 x
(calle)S 2 x(r)S 183 x(lacks)S 183 x(authori)S 2 x(zation)S 184 x(to)S
183 x(access)S 184 x(the)S 183 x(refer)S 2 x(enced)S 183 x(crede)S 2 x
(ntials.)S 3899 X 897 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S 210 x(indicat)S
2 x(es)S 210 x(that)S 211 x(the)S 211 x(rele)S 2 x(ase)S 211 x(operation)S
212 x(failed)S 212 x(for)S 211 x(reasons)S 211 x(unspeci\211ed)S 212 x
(at)S 210 x(the)S 211 x(GSS-API)S 4945 X 647 y(level.)S 3899 21112 XY
(Provides)S 250 x(a)S 249 x(means)S 250 x(for)S 249 x(a)S 249 x(call)S
2 x(er)S 249 x(to)S 249 x(explic)S 2 x(itly)S 249 x(request)S 251 x
(that)S 249 x(crede)S 2 x(ntials)S 250 x(be)S 249 x(relea)S 2 x(sed)S
249 x(when)S 249 x(their)S 250 x(use)S 249 x(is)S 250 x(no)S 3899 X
648 y(longer)S 257 x(requir)S 2 x(ed.)S 465 x(Note)S 257 x(that)S 257 x
(system-)S 2 x(speci\211c)S 257 x(credent)S 2 x(ial)S 257 x(manageme)S
2 x(nt)S 256 x(functi)S 2 x(ons)S 256 x(are)S 258 x(also)S 257 x(likely)S
258 x(to)S 256 x(exist,)S 3899 X 647 y(for)S 230 x(example)S 230 x(to)S
230 x(assure)S 230 x(that)S 230 x(crede)S 2 x(ntials)S 230 x(shared)S
230 x(among)S 230 x(processes)S 231 x(are)S 230 x(properly)S 230 x(delet)S
2 x(ed)S 229 x(when)S 229 x(all)S 230 x(af)S -9 x(fected)S 3899 X 648 y
(processes)S 214 x(term)S 2 x(inate,)S 221 x(even)S 213 x(if)S 214 x
(no)S 212 x(explici)S 2 x(t)S 213 x(release)S 214 x(reques)S 2 x(ts)S
213 x(are)S 213 x(issued)S 214 x(by)S 212 x(those)S 214 x(processes)S
2 x(.)S 333 x(Given)S 213 x(the)S 213 x(fact)S 3899 X 647 y(that)S 160 x
(multipl)S 2 x(e)S 159 x(call)S 2 x(ers)S 160 x(are)S 160 x(not)S 160 x
(precl)S 2 x(uded)S 159 x(from)S 161 x(gaining)S 160 x(authoriz)S 2 x
(ed)S 159 x(acces)S 2 x(s)S 159 x(to)S 160 x(the)S 160 x(same)S 160 x
(crede)S 2 x(ntials,)S 165 x(invocati)S 2 x(on)S 3899 X 648 y(of)S 234 x
(GSS)S -2 x(_Rel)S 2 x(ease_cre)S 2 x(d)S(\()S 83 x(\))S 234 x(cannot)S
234 x(be)S 233 x(assumed)S 235 x(to)S 233 x(delete)S 235 x(a)S 233 x
(parti)S 2 x(cular)S 234 x(set)S 234 x(of)S 234 x(credent)S 2 x(ials)S
234 x(on)S 233 x(a)S 234 x(system-wide)S 3899 X 648 y(basis.)S 3899 26492 XY
F32(2.2)S 547 x(Context-level)S 183 x(calls)S 3899 27488 XY F74(This)S
178 x(group)S 177 x(of)S 178 x(calls)S 179 x(is)S 178 x(devoted)S 178 x
(to)S 178 x(the)S 178 x(establi)S 2 x(shment)S 178 x(and)S 178 x(manageme)S
2 x(nt)S 177 x(of)S 178 x(securi)S 2 x(ty)S 177 x(context)S 2 x(s)S
177 x(between)S 178 x(peers.)S 3899 X 648 y(A)S 223 x(context')S -29 x
(s)S 224 x(initiat)S 2 x(or)S 223 x(call)S 2 x(s)S 223 x(GSS_Init_sec_context)S
2 x(\()S 83 x(\))S(,)S 234 x(result)S 2 x(ing)S 223 x(in)S 224 x(generati)S
2 x(on)S 223 x(of)S 224 x(a)S 223 x(token)S 224 x(which)S 224 x(the)S
223 x(call)S 2 x(er)S 3899 X 647 y(passes)S 219 x(to)S 219 x(the)S 219 x
(tar)S -9 x(get.)S 351 x(At)S 218 x(the)S 219 x(tar)S -9 x(get,)S 228 x
(that)S 219 x(token)S 219 x(is)S 218 x(passed)S 219 x(to)S 219 x(GSS_Accept_sec_context)S
2 x(\()S 83 x(\))S(.)S 351 x(Depending)S 219 x(on)S 3899 X 648 y(the)S
219 x(underlying)S 219 x(mech_type)S 219 x(and)S 219 x(speci\211ed)S
219 x(options,)S 227 x(additi)S 2 x(onal)S 218 x(token)S 219 x(exchanges)S
219 x(may)S 219 x(be)S 218 x(perfor)S 2 x(med)S 218 x(in)S 219 x(the)S
3899 X 648 y(course)S 146 x(of)S 145 x(context)S 146 x(establi)S 2 x
(shment;)S 158 x(such)S 145 x(exchanges)S 146 x(are)S 146 x(accomodat)S
2 x(ed)S 145 x(by)S 144 x(GSS_CONTINUE)S -2 x(_NEEDED)S 143 x(status)S
3899 X 647 y(returns)S 253 x(from)S 253 x(GSS_Init_sec_cont)S 2 x(ext)S
(\()S 84 x(\))S 252 x(and)S 252 x(GSS_A)S -2 x(ccept)S 2 x(_sec_context)S
(\()S 85 x(\))S(.)S 451 x(Either)S 253 x(party)S 253 x(to)S 252 x(an)S
252 x(establ)S 2 x(ished)S 3899 X 648 y(context)S 170 x(may)S 170 x
(invoke)S 169 x(GSS_Delete_sec_conte)S 2 x(xt)S(\()S 84 x(\))S 169 x
(to)S 169 x(\212ush)S 169 x(context)S 170 x(inform)S 2 x(ation)S 170 x
(when)S 169 x(a)S 169 x(context)S 170 x(is)S 169 x(no)S 169 x(longer)S
3899 X 647 y(require)S 2 x(d.)S 233 x(GSS_Process_context_toke)S 2 x
(n)S(\()S 83 x(\))S 153 x(is)S 153 x(used)S 153 x(to)S 152 x(proces)S
2 x(s)S 152 x(rece)S 2 x(ived)S 153 x(tokens)S 153 x(carrying)S 154 x
(context-l)S 2 x(evel)S 153 x(control)S 3899 X 648 y(informa)S 2 x(tion.)S
228 x(GSS)S -2 x(_Conte)S 2 x(xt_time)S(\()S 85 x(\))S 134 x(allows)S
135 x(a)S 134 x(caller)S 136 x(to)S 134 x(determ)S 2 x(ine)S 134 x(the)S
135 x(length)S 135 x(of)S 134 x(time)S 135 x(for)S 135 x(which)S 134 x
(an)S 134 x(establ)S 2 x(ished)S 3899 X 647 y(context)S 184 x(will)S
183 x(remai)S 2 x(n)S 182 x(valid.)S 3899 37373 XY F36(12)S 498 x(1)S
-28 x(1\203June\2031991)S
%%EndCustomColor: 0
12 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 13 13
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 4013 XY F32(2.2.1)S 547 x
(GSS)S 2 x(_Init_sec_c)S -2 x(ontext)S 183 x(call)S 3899 X 896 y F74
(Inputs:)S 3899 X 897 y(\201)S 854 x(claima)S 2 x(nt_cred_handl)S 2 x
(e)S 183 x(OCTET)S 182 x(STRING,)S 182 x(\202NULL)S 181 x(speci\211es)S
184 x("use)S 183 x(default")S 3899 X 897 y(\201)S 854 x(input_context)S
2 x(_handle)S 183 x(INTEGER,)S 182 x(\2020)S 183 x(speci\211es)S 184 x
("none)S 182 x(assigned)S 184 x(yet")S 3899 X 896 y(\201)S 854 x(tar)S
-9 x(gname)S 184 x(INTERNAL)S 181 x(NAME,)S 3899 X 897 y(\201)S 854 x
(mech_type)S 184 x(OBJECT)S 183 x(IDENTIFIER,)S 183 x(\202NULL)S 181 x
(parame)S 2 x(ter)S 183 x(speci)S 2 x(\211es)S 182 x("use)S 183 x(default)S
2 x(")S 3899 X 896 y(\201)S 854 x(deleg_re)S 2 x(q_\212ag)S 182 x(BOOLEAN,)S
3899 X 897 y(\201)S 854 x(mutual_r)S 2 x(eq_\212ag)S 182 x(BOOLEAN,)S
3899 X 897 y(\201)S 854 x(replay_de)S 2 x(t_req_\212ag)S 183 x(BOOLEAN,)S
3899 X 896 y(\201)S 854 x(sequence_r)S 2 x(eq_\212ag)S 182 x(BOOLEAN,)S
3899 X 897 y(\201)S 854 x(lifet)S 2 x(ime_req)S 184 x(INTEGER,\2020)S
182 x(speci\211es)S 184 x(default)S 184 x(life)S 2 x(time)S 3899 X 897 y
(\201)S 854 x(chan_bindings)S 184 x(OCTET)S 182 x(STRING,)S 3899 X 896 y
(\201)S 854 x(input_token)S 184 x(OCTET)S 182 x(STRING\202NUL)S -2 x
(L)S 183 x(or)S 183 x(token)S 183 x(recei)S 2 x(ved)S 183 x(from)S 184 x
(tar)S -9 x(get)S 3899 15868 XY(Outputs:)S 3899 X 897 y(\201)S 854 x
(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x(minor_sta)S
2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(output_context)S
2 x(_handle)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(mech_type)S
184 x(OBJECT)S 183 x(IDENTIFIER,)S 183 x(\202actual)S 184 x(mechanism)S
184 x(always)S 184 x(indicated,)S 184 x(never)S 184 x(NULL)S 3899 X
896 y(\201)S 854 x(output_token)S 184 x(OCTET)S 182 x(STRING,)S 182 x
(\202NULL)S 181 x(or)S 184 x(token)S 183 x(to)S 183 x(pass)S 183 x(to)S
183 x(context)S 184 x(tar)S -9 x(get)S 3899 X 897 y(\201)S 854 x(deleg_sta)S
2 x(te)S 183 x(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(mutual_st)S
2 x(ate)S 183 x(BOOLEAN,)S 3899 X 896 y(\201)S 854 x(replay_de)S 2 x
(t_state)S 184 x(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(sequence_st)S
2 x(ate)S 183 x(BOOLEAN,)S 3899 X 897 y(\201)S 854 x(conf_avai)S 2 x
(l)S 182 x(BOOLEAN,)S 3899 X 896 y(\201)S 854 x(integ_avai)S 2 x(l)S
183 x(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(lifet)S 2 x(ime_rec)S
184 x(INTEGER)S 182 x(\202)S 183 x(in)S 183 x(seconds,)S 183 x(or)S
184 x(reserved)S 184 x(value)S 184 x(for)S 183 x(INDEFINITE)S 3899 27724 XY
(This)S 152 x(call)S 154 x(may)S 152 x(block)S 153 x(pending)S 152 x
(network)S 153 x(intera)S 2 x(ctions)S 153 x(for)S 153 x(those)S 153 x
(mech_types)S 153 x(in)S 153 x(which)S 152 x(an)S 152 x(authenti)S 2 x
(cation)S 153 x(server)S 3899 X 647 y(or)S 166 x(other)S 167 x(network)S
166 x(entity)S 167 x(must)S 166 x(be)S 166 x(consulted)S 167 x(on)S
165 x(behalf)S 167 x(of)S 166 x(a)S 166 x(context)S 167 x(initia)S 2 x
(tor)S 166 x(in)S 166 x(order)S 167 x(to)S 166 x(generate)S 167 x(an)S
166 x(output_)S 3899 X 648 y(token)S 183 x(suitable)S 184 x(for)S 184 x
(presenta)S 2 x(tion)S 183 x(to)S 183 x(a)S 183 x(speci\211ed)S 183 x
(tar)S -8 x(get.)S 3899 30015 XY(Return)S 184 x(major_s)S 2 x(tatus)S
183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 265 x
(indicate)S 2 x(s)S 265 x(that)S 266 x(context-l)S 2 x(evel)S 265 x
(infor)S 2 x(mation)S 266 x(was)S 265 x(successful)S 2 x(ly)S 265 x
(initia)S 2 x(lized,)S 286 x(and)S 266 x(that)S 4945 X 647 y(the)S 190 x
(returne)S 2 x(d)S 189 x(output_token)S 190 x(will)S 190 x(provide)S
190 x(suf)S -9 x(\211cient)S 190 x(informat)S 2 x(ion)S 189 x(for)S
190 x(the)S 190 x(tar)S -9 x(get)S 190 x(to)S 190 x(perform)S 191 x
(per)S -10 x(-message)S 4945 X 648 y(processi)S 2 x(ng)S 182 x(on)S
183 x(the)S 183 x(newly-esta)S 2 x(blished)S 183 x(context)S 2 x(.)S
3899 X 897 y(\201)S 854 x(GSS_CONT)S -2 x(INUE_NEEDE)S -2 x(D)S 215 x
(indicate)S 2 x(s)S 215 x(that)S 215 x(control)S 217 x(informat)S 2 x
(ion)S 215 x(in)S 215 x(the)S 215 x(retur)S 2 x(ned)S 215 x(output_token)S
216 x(must)S 4945 X 647 y(be)S 194 x(sent)S 195 x(to)S 194 x(the)S 194 x
(tar)S -9 x(get,)S 198 x(and)S 194 x(that)S 195 x(a)S 194 x(reply)S
195 x(must)S 194 x(be)S 194 x(rece)S 2 x(ived)S 194 x(and)S 194 x(passed)S
195 x(as)S 194 x(the)S 195 x(input_token)S 195 x(ar)S -10 x(gument)S
195 x(to)S 4945 X 648 y(a)S 193 x(continuati)S 2 x(on)S 193 x(call)S
194 x(to)S 193 x(GSS_Init_sec_context)S(\()S 85 x(\))S(,)S 196 x(before)S
194 x(per)S -10 x(-message)S 194 x(proces)S 2 x(sing)S 193 x(can)S 193 x
(be)S 193 x(perfor)S 2 x(med)S 193 x(in)S 4945 X 647 y(conjunction)S
184 x(with)S 183 x(this)S 183 x(context.)S 22808 37373 XY F36(1)S -27 x
(1\203June\2031991)S 499 x(13)S
%%EndCustomColor: 0
13 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 14 14
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(GSS_D)S -2 x(EFECTIVE_T)S -10 x
(OKEN)S 172 x(indicat)S 2 x(es)S 174 x(that)S 175 x(consistency)S 175 x
(checks)S 175 x(perform)S 2 x(ed)S 174 x(on)S 174 x(the)S 174 x(input_token)S
175 x(failed,)S 4945 X 648 y(preventi)S 2 x(ng)S 182 x(furthe)S 2 x
(r)S 183 x(processing)S 184 x(from)S 184 x(being)S 183 x(perfor)S 2 x
(med)S 183 x(based)S 183 x(on)S 183 x(that)S 183 x(token.)S 3899 X 897 y
(\201)S 854 x(GSS_D)S -2 x(EFECTIVE_CREDENTIAL)S 226 x(indicate)S 2 x
(s)S 227 x(that)S 227 x(consiste)S 2 x(ncy)S 227 x(checks)S 227 x(perfor)S
2 x(med)S 227 x(on)S 227 x(the)S 227 x(credent)S 2 x(ial)S 4945 X 647 y
(structur)S 2 x(e)S 192 x(refe)S 2 x(renced)S 193 x(by)S 192 x(claim)S
2 x(ant_cred_handl)S 2 x(e)S 192 x(faile)S 2 x(d,)S 194 x(preventi)S
2 x(ng)S 192 x(further)S 194 x(processing)S 193 x(from)S 194 x(being)S
192 x(per-)S 4945 X 648 y(formed)S 184 x(using)S 183 x(that)S 184 x
(credenti)S 2 x(al)S 183 x(structur)S 2 x(e.)S 3899 X 896 y(\201)S 854 x
(GSS_BAD_S)S -2 x(IG)S 202 x(indicat)S 2 x(es)S 202 x(that)S 202 x(the)S
203 x(receive)S 2 x(d)S 201 x(input_token)S 203 x(contains)S 203 x(an)S
202 x(incorr)S 2 x(ect)S 202 x(signatur)S 2 x(e,)S 206 x(so)S 202 x
(context)S 4945 X 648 y(setup)S 183 x(cannot)S 184 x(be)S 183 x(accomplis)S
2 x(hed.)S 3899 X 897 y(\201)S 854 x(GSS_N)S -2 x(O_CRED)S 150 x(indicates)S
151 x(that)S 150 x(no)S 149 x(context)S 151 x(was)S 149 x(establi)S
2 x(shed,)S 156 x(either)S 151 x(because)S 151 x(the)S 149 x(input)S
150 x(cred_ha)S 2 x(ndle)S 149 x(was)S 4945 X 647 y(invalid,)S 220 x
(because)S 213 x(the)S 212 x(ref)S 2 x(erenced)S 213 x(credent)S 2 x
(ials)S 212 x(are)S 213 x(valid)S 213 x(for)S 212 x(context)S 213 x
(accept)S 2 x(or)S 212 x(use)S 212 x(only)S -35 x(,)S 219 x(or)S 212 x
(because)S 213 x(the)S 4945 X 648 y(caller)S 185 x(lacks)S 183 x(authori)S
2 x(zation)S 183 x(to)S 183 x(acce)S 2 x(ss)S 182 x(the)S 184 x(refer)S
2 x(enced)S 183 x(credent)S 2 x(ials.)S 3899 X 896 y(\201)S 854 x(GSS_CREDENT)S
-2 x(IALS_EXPIRED)S 136 x(indica)S 2 x(tes)S 137 x(that)S 138 x(the)S
138 x(credenti)S 2 x(als)S 138 x(provided)S 137 x(through)S 138 x(the)S
138 x(input)S 137 x(clai)S 2 x(mant_)S 4945 X 648 y(cred_handle)S 184 x
(ar)S -9 x(gument)S 184 x(are)S 183 x(no)S 183 x(longer)S 184 x(valid,)S
183 x(so)S 183 x(context)S 184 x(establis)S 2 x(hment)S 183 x(cannot)S
184 x(be)S 183 x(completed.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_BINDING)S
-2 x(S)S 220 x(indicates)S 221 x(that)S 221 x(a)S 219 x(mism)S 2 x(atch)S
220 x(between)S 220 x(the)S 220 x(call)S 2 x(er)S -10 x(-provided)S
220 x(chan_bindi)S 2 x(ngs)S 219 x(and)S 4945 X 647 y(those)S 166 x
(extract)S 2 x(ed)S 165 x(from)S 166 x(the)S 165 x(input_token)S 166 x
(was)S 165 x(detect)S 2 x(ed,)S 168 x(signifyi)S 2 x(ng)S 165 x(a)S
165 x(securit)S 2 x(y-releva)S 2 x(nt)S 165 x(event)S 166 x(and)S 165 x
(prevent-)S 4945 X 648 y(ing)S 189 x(context)S 191 x(establis)S 2 x
(hment.)S 264 x(\(This)S 190 x(result)S 190 x(will)S 190 x(be)S 190 x
(returned)S 190 x(by)S 190 x(GSS_Init_sec_context)S 191 x(only)S 189 x
(for)S 190 x(contexts)S 4945 X 647 y(where)S 183 x(mutual_s)S 2 x(tate)S
183 x(is)S 184 x(TRUE.\))S 3899 X 897 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S
208 x(indicate)S 2 x(s)S 209 x(that)S 210 x(no)S 209 x(valid)S 210 x
(context)S 210 x(was)S 209 x(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S
210 x(input)S 210 x(context_handle)S 4945 X 648 y(provided;)S 215 x
(this)S 204 x(major)S 205 x(status)S 205 x(will)S 204 x(be)S 203 x(retur)S
2 x(ned)S 203 x(only)S 204 x(for)S 204 x(success)S 2 x(or)S 203 x(call)S
2 x(s)S 203 x(following)S 205 x(GSS_)S -2 x(CONTINUE_)S 4945 X 647 y
(NEEDED)S 181 x(status)S 184 x(returns.)S 3899 X 897 y(\201)S 854 x
(GSS_BAD_N)S -2 x(AMETYPE)S 155 x(indica)S 2 x(tes)S 157 x(that)S 158 x
(the)S 158 x(provided)S 158 x(tar)S -9 x(gname)S 158 x(is)S 157 x(of)S
158 x(a)S 157 x(type)S 157 x(uninter)S 2 x(pretable)S 159 x(or)S 157 x
(unsup-)S 4945 X 647 y(ported)S 184 x(by)S 182 x(the)S 183 x(supporti)S
2 x(ng)S 182 x(GSS-API)S 182 x(impleme)S 2 x(ntation,)S 184 x(so)S 182 x
(context)S 184 x(establ)S 2 x(ishment)S 184 x(cannot)S 183 x(be)S 183 x
(complete)S 2 x(d.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_N)S -2 x(AME)S
287 x(indicate)S 2 x(s)S 287 x(that)S 289 x(the)S 287 x(provided)S 289 x
(tar)S -9 x(gname)S 288 x(is)S 288 x(inconsiste)S 2 x(nt)S 287 x(in)S
288 x(terms)S 289 x(of)S 288 x(internal)S 2 x(ly-)S 4945 X 648 y(incorpora)S
2 x(ted)S 183 x(type)S 183 x(speci\211er)S 184 x(inform)S 2 x(ation,)S
183 x(so)S 183 x(context)S 184 x(establis)S 2 x(hment)S 183 x(cannot)S
184 x(be)S 183 x(accomplishe)S 2 x(d.)S 3899 X 896 y(\201)S 854 x(GSS_F)S
-42 x(AILURE)S 212 x(indica)S 2 x(tes)S 213 x(that)S 214 x(context)S
214 x(setup)S 213 x(could)S 214 x(not)S 213 x(be)S 213 x(accomplishe)S
2 x(d)S 212 x(for)S 214 x(reasons)S 214 x(unspeci\211ed)S 214 x(at)S
4945 X 648 y(the)S 183 x(GSS-API)S 182 x(level,)S 184 x(and)S 183 x
(that)S 183 x(no)S 183 x(interf)S 2 x(ace-de\211ned)S 184 x(recover)S
2 x(y)S 182 x(action)S 184 x(is)S 183 x(availa)S 2 x(ble.)S 3899 22856 XY
(Used)S 217 x(by)S 218 x(context)S 218 x(initi)S 2 x(ator)S -21 x(,)S
226 x(providing)S 218 x(an)S 218 x(output_token)S 219 x(suitable)S 219 x
(for)S 218 x(use)S 218 x(by)S 217 x(the)S 218 x(tar)S -9 x(get)S 219 x
(within)S 217 x(the)S 219 x(selected)S 3899 X 647 y(mech_type')S -28 x
(s)S 137 x(protocol.)S 229 x(Using)S 137 x(inform)S 2 x(ation)S 137 x
(in)S 138 x(the)S 137 x(crede)S 2 x(ntials)S 138 x(structur)S 2 x(e)S
137 x(refe)S 2 x(renced)S 138 x(by)S 137 x(claimant)S 2 x(_cred_handle,)S
3899 X 648 y(initial)S 2 x(ize)S 177 x(the)S 176 x(data)S 177 x(struct)S
2 x(ures)S 177 x(required)S 177 x(to)S 177 x(establis)S 2 x(h)S 176 x
(a)S 176 x(securit)S 2 x(y)S 176 x(context)S 177 x(with)S 176 x(tar)S
-9 x(get)S 177 x(tar)S -9 x(gname.)S 242 x(The)S 176 x(clai)S 2 x(mant_)S
3899 X 647 y(cred_handle)S 252 x(must)S 250 x(corre)S 2 x(spond)S 249 x
(to)S 251 x(the)S 250 x(same)S 251 x(valid)S 251 x(credenti)S 2 x(als)S
250 x(struct)S 2 x(ure)S 250 x(on)S 250 x(the)S 251 x(initial)S 251 x
(call)S 251 x(to)S 250 x(GSS_Init_)S 3899 X 648 y(sec_context)S 2 x
(\()S 83 x(\))S 260 x(and)S 260 x(on)S 259 x(any)S 260 x(successor)S
261 x(calls)S 261 x(resulting)S 261 x(from)S 260 x(GSS_CONTINUE)S -2 x
(_NEEDED)S 258 x(status)S 260 x(ret)S 2 x(urns;)S 3899 X 647 y(dif)S
-9 x(ferent)S 146 x(protocol)S 145 x(sequences)S 145 x(modeled)S 145 x
(by)S 144 x(the)S 145 x(GSS_CON)S -2 x(TINUE_NEED)S -2 x(ED)S 144 x
(mechanism)S 146 x(will)S 144 x(requir)S 2 x(e)S 144 x(access)S 3899 X
648 y(to)S 183 x(credenti)S 2 x(als)S 183 x(at)S 183 x(dif)S -9 x(fer)S
2 x(ent)S 183 x(points)S 183 x(in)S 183 x(the)S 183 x(context)S 184 x
(establ)S 2 x(ishment)S 184 x(sequence.)S 3899 27737 XY(The)S 279 x
(input_context_ha)S 2 x(ndle)S 279 x(ar)S -9 x(gument)S 280 x(is)S 279 x
(0,)S 303 x(specifyi)S 2 x(ng)S 278 x("not)S 279 x(yet)S 280 x(assigned",)S
303 x(on)S 279 x(the)S 279 x(\211rst)S 280 x(GSS_Init_sec_)S 3899 X
648 y(context)S(\()S 85 x(\))S 241 x(call)S 243 x(relati)S 2 x(ng)S
241 x(to)S 241 x(a)S 242 x(given)S 241 x(context.)S 420 x(That)S 242 x
(call)S 242 x(retur)S 2 x(ns)S 241 x(an)S 241 x(output_cont)S 2 x(ext_handle)S
242 x(for)S 242 x(future)S 243 x(ref-)S 3899 X 647 y(erences)S 210 x
(to)S 208 x(this)S 209 x(context.)S 321 x(When)S 209 x(continuati)S
2 x(on)S 208 x(attempts)S 210 x(to)S 208 x(GSS_Init_sec_conte)S 2 x
(xt)S(\()S 83 x(\))S 209 x(are)S 209 x(needed)S 209 x(to)S 209 x(perform)S
3899 X 648 y(context)S 198 x(establ)S 2 x(ishment,)S 202 x(the)S 198 x
(previously-)S 2 x(returne)S 2 x(d)S 197 x(non-zero)S 199 x(handle)S
198 x(value)S 198 x(is)S 198 x(entere)S 2 x(d)S 197 x(into)S 198 x(the)S
198 x(input_context_)S 3899 X 648 y(handle)S 202 x(ar)S -9 x(gument)S
202 x(and)S 201 x(will)S 202 x(be)S 201 x(echoed)S 202 x(in)S 201 x
(the)S 202 x(returne)S 2 x(d)S 201 x(output_context_ha)S 2 x(ndle)S
201 x(ar)S -9 x(gument.)S 300 x(On)S 201 x(such)S 201 x(contin-)S 3899 X
647 y(uation)S 190 x(attem)S 2 x(pts)S 189 x(\(and)S 190 x(only)S 190 x
(on)S 189 x(continuat)S 2 x(ion)S 189 x(atte)S 2 x(mpts\))S 190 x(the)S
190 x(input_token)S 191 x(value)S 190 x(is)S 190 x(used,)S 191 x(to)S
190 x(provide)S 190 x(the)S 190 x(token)S 3899 X 648 y(returne)S 2 x
(d)S 182 x(from)S 184 x(the)S 183 x(context)S 2 x(')S -30 x(s)S 183 x
(tar)S -9 x(get.)S 3899 32619 XY(The)S 216 x(chan_bindings)S 217 x(ar)S
-10 x(gument)S 217 x(is)S 216 x(used)S 216 x(by)S 216 x(the)S 216 x
(call)S 2 x(er)S 216 x(to)S 216 x(provide)S 217 x(inform)S 2 x(ation)S
216 x(binding)S 216 x(the)S 217 x(securit)S 2 x(y)S 215 x(context)S
3899 X 648 y(to)S 164 x(securit)S 2 x(y-relat)S 2 x(ed)S 164 x(charact)S
2 x(eristic)S 2 x(s)S 163 x(\(e.g.,)S 169 x(addresses,)S 169 x(cryptographi)S
2 x(c)S 164 x(keys\))S 164 x(of)S 164 x(the)S 164 x(underlying)S 165 x
(communica)S 2 x(tions)S 3899 X 647 y(channel.)S 245 x(See)S 182 x(Section)S
184 x(1.1.6)S 182 x(of)S 183 x(this)S 184 x(document)S 184 x(for)S 183 x
(more)S 184 x(discussion)S 184 x(of)S 183 x(this)S 183 x(ar)S -9 x(gument')S
-29 x(s)S 183 x(usage.)S 3899 37373 XY F36(14)S 498 x(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
14 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 15 15
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(The)S 245 x(input_token)S
245 x(ar)S -9 x(gument)S 246 x(contains)S 246 x(a)S 245 x(message)S
246 x(recei)S 2 x(ved)S 244 x(from)S 246 x(the)S 246 x(tar)S -9 x(get,)S
261 x(and)S 244 x(is)S 246 x(signi\211cant)S 246 x(only)S 245 x(on)S
244 x(a)S 3899 X 648 y(call)S 178 x(to)S 176 x(GSS_Init_sec_cont)S 2 x
(ext)S(\()S 84 x(\))S 177 x(which)S 176 x(follows)S 178 x(a)S 176 x
(previous)S 178 x(retur)S 2 x(n)S 176 x(indicat)S 2 x(ing)S 176 x(GSS_CONTINU)S
-2 x(E_NEEDED)S 3899 X 648 y(major_st)S 2 x(atus.)S 3899 6268 XY(It)S
245 x(is)S 245 x(the)S 245 x(calle)S 2 x(r)S 20 x(')S -29 x(s)S 244 x
(responsi)S 2 x(bility)S 246 x(to)S 244 x(establ)S 2 x(ish)S 245 x(a)S
244 x(communi)S 2 x(cations)S 245 x(path)S 245 x(to)S 245 x(the)S 245 x
(tar)S -8 x(get,)S 260 x(and)S 245 x(to)S 245 x(transmit)S 246 x(any)S
3899 X 647 y(returne)S 2 x(d)S 175 x(output_token)S 177 x(\(indepe)S
2 x(ndent)S 176 x(of)S 176 x(the)S 176 x(accom)S 2 x(panying)S 176 x
(returne)S 2 x(d)S 175 x(major)S 2 x(_status)S 177 x(value\))S 177 x
(to)S 176 x(the)S 176 x(tar)S -9 x(get)S 177 x(over)S 3899 X 648 y(that)S
179 x(path.)S 242 x(The)S 178 x(output_token)S 179 x(can,)S 179 x(however)S
-21 x(,)S 179 x(be)S 178 x(transmi)S 2 x(tted)S 178 x(along)S 179 x
(with)S 178 x(the)S 178 x(\211rst)S 179 x(applicati)S 2 x(on-provided)S
179 x(input)S 3899 X 648 y(message)S 184 x(to)S 183 x(be)S 183 x(processed)S
184 x(by)S 183 x(GSS_S)S -2 x(ign)S(\()S 84 x(\))S 183 x(or)S 183 x
(GSS_Seal)S(\()S 83 x(\))S 183 x(in)S 183 x(conjuncti)S 2 x(on)S 182 x
(with)S 183 x(this)S 184 x(context.)S 3899 9207 XY(The)S 156 x(initiat)S
2 x(or)S 156 x(may)S 157 x(request)S 157 x(various)S 157 x(context-)S
2 x(level)S 157 x(functions)S 157 x(through)S 157 x(input)S 156 x(\212ags:)S
231 x(the)S 156 x(deleg_r)S 2 x(eq_\212ag)S 156 x(requests)S 3899 X
647 y(delegati)S 2 x(on)S 191 x(of)S 191 x(acce)S 2 x(ss)S 191 x(rights,)S
194 x(the)S 192 x(mutual_r)S 2 x(eq_\212ag)S 191 x(request)S 2 x(s)S
191 x(mutual)S 192 x(authenti)S 2 x(cation,)S 194 x(the)S 192 x(replay_de)S
2 x(t_req_\212ag)S 3899 X 648 y(requests)S 172 x(that)S 171 x(repla)S
2 x(y)S 170 x(detect)S 2 x(ion)S 170 x(feat)S 2 x(ures)S 171 x(be)S
171 x(applied)S 172 x(to)S 170 x(messa)S 2 x(ges)S 170 x(tra)S 2 x(nsferre)S
2 x(d)S 170 x(on)S 171 x(the)S 171 x(establishe)S 2 x(d)S 170 x(context,)S
174 x(and)S 3899 X 648 y(the)S 172 x(sequence_r)S 2 x(eq_\212ag)S 171 x
(request)S 2 x(s)S 171 x(that)S 173 x(sequencing)S 173 x(be)S 171 x
(enforc)S 2 x(ed.)S 240 x(\(See)S 172 x(Section)S 172 x(1.2.3)S 172 x
(for)S 172 x(more)S 173 x(informat)S 2 x(ion)S 172 x(on)S 3899 X 647 y
(replay)S 184 x(detecti)S 2 x(on)S 182 x(and)S 183 x(sequencing)S 184 x
(featur)S 2 x(es.\))S 3899 12793 XY(Not)S 224 x(all)S 226 x(of)S 225 x
(the)S 225 x(optionally-)S 2 x(requestabl)S 2 x(e)S 225 x(feature)S
2 x(s)S 224 x(will)S 225 x(be)S 225 x(availa)S 2 x(ble)S 225 x(in)S
225 x(all)S 225 x(underlying)S 226 x(mech_types;)S 247 x(the)S 225 x
(cor-)S 3899 X 648 y(responding)S 211 x(return)S 211 x(state)S 212 x
(values)S 211 x(\(deleg_sta)S 2 x(te,)S 217 x(mutual_st)S 2 x(ate,)S
217 x(repla)S 2 x(y_det_state)S 2 x(,)S 216 x(sequence)S 2 x(_state\))S
211 x(indica)S 2 x(te,)S 217 x(as)S 3899 X 648 y(a)S 240 x(function)S
241 x(of)S 240 x(mech_type)S 241 x(processing)S 241 x(capabili)S 2 x
(ties)S 240 x(and)S 240 x(initia)S 2 x(tor)S -10 x(-provided)S 241 x
(input)S 240 x(\212ags,)S 254 x(the)S 240 x(set)S 240 x(of)S 240 x(feat)S
2 x(ures)S 3899 X 647 y(which)S 223 x(will)S 223 x(be)S 223 x(acti)S
2 x(ve)S 223 x(on)S 222 x(the)S 224 x(context.)S 365 x(These)S 223 x
(state)S 225 x(indicator)S 2 x(s')S 223 x(values)S 224 x(are)S 224 x
(unde\211ned)S 223 x(unless)S 223 x(the)S 224 x(routine')S -29 x(s)S
3899 X 648 y(major_st)S 2 x(atus)S 167 x(indicates)S 168 x(COMPLETE.)S
165 x(Failure)S 168 x(to)S 166 x(provide)S 167 x(the)S 167 x(preci)S
2 x(se)S 166 x(set)S 167 x(of)S 167 x(featur)S 2 x(es)S 166 x(reques)S
2 x(ted)S 166 x(by)S 167 x(the)S 166 x(call)S 2 x(er)S 3899 X 647 y
(does)S 175 x(not)S 175 x(cause)S 175 x(context)S 176 x(establis)S 2 x
(hment)S 175 x(to)S 175 x(fail;)S 179 x(it)S 175 x(is)S 175 x(the)S
175 x(caller)S 22 x(')S -30 x(s)S 175 x(preroga)S 2 x(tive)S 175 x(to)S
175 x(delete)S 176 x(the)S 175 x(context)S 176 x(if)S 175 x(the)S 175 x
(fea-)S 3899 X 648 y(ture)S 192 x(set)S 192 x(provided)S 192 x(is)S
192 x(unsuitable)S 193 x(for)S 192 x(the)S 192 x(caller)S 22 x(')S -30 x
(s)S 192 x(use.)S 270 x(The)S 191 x(returne)S 2 x(d)S 191 x(mech_type)S
192 x(value)S 192 x(indica)S 2 x(tes)S 192 x(the)S 191 x(speci)S 2 x
(\211c)S 3899 X 647 y(mechanism)S 184 x(employe)S 2 x(d)S 182 x(on)S
183 x(the)S 183 x(context,)S 184 x(and)S 183 x(will)S 183 x(never)S
184 x(indicate)S 184 x(the)S 183 x(value)S 184 x(for)S 183 x("default".)S
3899 18323 XY(The)S 182 x(conf_avai)S 2 x(l)S 182 x(retur)S 2 x(n)S
182 x(value)S 183 x(indicate)S 2 x(s)S 182 x(whether)S 183 x(the)S 183 x
(context)S 183 x(supports)S 183 x(per)S -10 x(-mess)S 2 x(age)S 182 x
(con\211dential)S 2 x(ity)S 183 x(services,)S 3899 X 647 y(and)S 145 x
(so)S 145 x(inform)S 2 x(s)S 145 x(the)S 145 x(calle)S 2 x(r)S 145 x
(whether)S 146 x(or)S 145 x(not)S 146 x(a)S 145 x(request)S 146 x(for)S
146 x(encrypti)S 2 x(on)S 144 x(through)S 146 x(the)S 146 x(conf_req_\212ag)S
146 x(input)S 145 x(to)S 146 x(GSS)S -2 x(_)S 3899 X 648 y(Seal)S(\()S
84 x(\))S 216 x(can)S 217 x(be)S 216 x(honored.)S 343 x(In)S 217 x(similar)S
218 x(fashion,)S 225 x(the)S 216 x(integ_ava)S 2 x(il)S 216 x(retur)S
2 x(n)S 216 x(value)S 216 x(indicat)S 2 x(es)S 216 x(whether)S 217 x
(per)S -10 x(-message)S 3899 X 647 y(integri)S 2 x(ty)S 183 x(services)S
184 x(are)S 184 x(availabl)S 2 x(e)S 183 x(\(through)S 183 x(either)S
185 x(GSS_S)S -2 x(ign)S(\()S 84 x(\))S 183 x(or)S 183 x(GSS_Seal)S
(\()S 83 x(\))S(\))S 184 x(on)S 182 x(the)S 183 x(esta)S 2 x(blished)S
183 x(context.)S 3899 21262 XY(The)S 191 x(lifet)S 2 x(ime_req)S 192 x
(input)S 192 x(speci\211es)S 192 x(a)S 192 x(desired)S 192 x(upper)S
192 x(bound)S 191 x(for)S 192 x(the)S 192 x(lifeti)S 2 x(me)S 191 x
(of)S 192 x(the)S 191 x(context)S 193 x(to)S 191 x(be)S 191 x(establ)S
2 x(ished,)S 3899 X 647 y(with)S 170 x(a)S 169 x(value)S 171 x(of)S
169 x(0)S 170 x(used)S 170 x(to)S 169 x(request)S 171 x(a)S 170 x(default)S
171 x(lifet)S 2 x(ime.)S 240 x(The)S 169 x(life)S 2 x(time_re)S 2 x
(c)S 169 x(retur)S 2 x(n)S 169 x(value)S 170 x(indica)S 2 x(tes)S 170 x
(the)S 170 x(length)S 170 x(of)S 3899 X 648 y(time)S 135 x(for)S 135 x
(which)S 135 x(the)S 134 x(context)S 136 x(will)S 134 x(be)S 135 x(valid,)S
145 x(expressed)S 135 x(as)S 135 x(an)S 134 x(of)S -9 x(fset)S 135 x
(from)S 136 x(the)S 134 x(prese)S 2 x(nt;)S 151 x(depending)S 134 x
(on)S 135 x(mechanism)S 3899 X 647 y(capabili)S 2 x(ties,)S 140 x(crede)S
2 x(ntial)S 130 x(lifet)S 2 x(imes,)S 140 x(and)S 130 x(local)S 130 x
(policy)S -35 x(,)S 140 x(it)S 129 x(may)S 130 x(not)S 129 x(corres)S
2 x(pond)S 128 x(to)S 130 x(the)S 129 x(value)S 130 x(requeste)S 2 x
(d)S 129 x(in)S 129 x(lifet)S 2 x(ime_)S 3899 X 648 y(req.)S 369 x(If)S
225 x(no)S 224 x(constr)S 2 x(aints)S 225 x(on)S 224 x(context)S 225 x
(lif)S 2 x(etime)S 225 x(are)S 226 x(imposed,)S 235 x(this)S 225 x(may)S
225 x(be)S 225 x(indicate)S 2 x(d)S 224 x(by)S 224 x(retur)S 2 x(ning)S
224 x(a)S 225 x(reserved)S 3899 X 647 y(value)S 224 x(represent)S 2 x
(ing)S 223 x(INDEFINITE)S 222 x(lifet)S 2 x(ime_req.)S 365 x(The)S 223 x
(values)S 224 x(of)S 223 x(conf_avai)S 2 x(l,)S 233 x(integ_avai)S 2 x
(l,)S 233 x(and)S 223 x(lifet)S 2 x(ime_rec)S 3899 X 648 y(are)S 184 x
(unde\211ned)S 182 x(unless)S 184 x(the)S 183 x(routine')S -28 x(s)S
183 x(major_sta)S 2 x(tus)S 183 x(indicate)S 2 x(s)S 182 x(COMPLETE.)S
3899 26143 XY(If)S 175 x(the)S 175 x(mutual)S 2 x(_state)S 175 x(is)S
175 x(TRUE,)S 174 x(this)S 176 x(fact)S 176 x(will)S 175 x(be)S 174 x
(re\212ect)S 2 x(ed)S 174 x(within)S 175 x(the)S 175 x(output_token.)S
242 x(A)S 174 x(call)S 176 x(to)S 175 x(GSS_A)S -2 x(ccept_)S 3899 X
648 y(sec_context)S 2 x(\()S 83 x(\))S 193 x(at)S 194 x(the)S 193 x
(tar)S -9 x(get)S 194 x(in)S 193 x(conjunction)S 194 x(with)S 193 x
(such)S 193 x(a)S 193 x(context)S 194 x(will)S 193 x(retur)S 2 x(n)S
192 x(a)S 193 x(token,)S 196 x(to)S 193 x(be)S 193 x(processe)S 2 x
(d)S 192 x(by)S 193 x(a)S 3899 X 647 y(continuati)S 2 x(on)S 182 x(call)S
184 x(to)S 183 x(GSS_Init_sec_conte)S 2 x(xt)S(\()S 83 x(\))S(,)S 183 x
(in)S 183 x(order)S 184 x(to)S 183 x(achieve)S 184 x(mutual)S 184 x
(authenti)S 2 x(cation.)S 3899 28833 XY F32(2.2.2)S 547 x(GSS)S 2 x
(_Acc)S -2 x(ept_sec_c)S -2 x(ontext)S 183 x(call)S 3899 X 897 y F74
(Inputs:)S 3899 X 897 y(\201)S 854 x(acceptor)S 2 x(_cred_handle)S 184 x
(OCTET)S 182 x(STRING,\202NULL)S 181 x(speci\211es)S 184 x("use)S 183 x
(default")S 3899 X 896 y(\201)S 854 x(input_context)S 2 x(_handle)S
183 x(INTEGER,)S 182 x(\2020)S 183 x(speci\211es)S 184 x("not)S 182 x
(yet)S 183 x(assigned")S 3899 X 897 y(\201)S 854 x(chan_bindings)S 184 x
(OCTET)S 182 x(STRING,)S 3899 X 896 y(\201)S 854 x(input_token)S 184 x
(OCTET)S 182 x(STRING)S 3899 34412 XY(Outputs:)S 3899 X 897 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 22808 37373 XY F36(1)S
-27 x(1\203June\2031991)S 499 x(15)S
%%EndCustomColor: 0
15 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 16 16
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x
(INTEGER,)S 3899 X 897 y(\201)S 854 x(srcname)S 184 x(INTERNAL)S 182 x
(NAME,)S 3899 X 897 y(\201)S 854 x(mech_type)S 184 x(OBJECT)S 183 x
(IDENTIFIER,)S 3899 X 896 y(\201)S 854 x(output_context)S 2 x(_handle)S
183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(deleg_sta)S 2 x(te)S 183 x
(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(mutual_st)S 2 x(ate)S
183 x(BOOLEAN,)S 3899 X 896 y(\201)S 854 x(replay_de)S 2 x(t_state)S
184 x(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(sequence_st)S 2 x
(ate)S 183 x(BOOLEAN,)S 3899 X 897 y(\201)S 854 x(conf_avai)S 2 x(l)S
182 x(BOOLEAN,)S 3899 X 896 y(\201)S 854 x(integ_avai)S 2 x(l)S 183 x
(BOOLEAN)S -2 x(,)S 3899 X 897 y(\201)S 854 x(lifet)S 2 x(ime_rec)S
184 x(INTEGER,)S 182 x(\202)S 183 x(in)S 183 x(seconds,)S 183 x(or)S
184 x(reserved)S 184 x(value)S 184 x(for)S 183 x(INDEFINITE)S 3899 X
896 y(\201)S 854 x(delegate)S 2 x(d_cred_handle)S 184 x(OCTET)S 182 x
(STRING,)S 3899 X 897 y(\201)S 854 x(output_token)S 184 x(OCTET)S 182 x
(STRING)S 182 x(\202NULL)S 181 x(or)S 184 x(token)S 183 x(to)S 183 x
(pass)S 183 x(to)S 183 x(context)S 184 x(initiat)S 2 x(or)S 3899 15832 XY
(This)S 191 x(call)S 192 x(may)S 191 x(block)S 191 x(pending)S 191 x
(network)S 192 x(interac)S 2 x(tions)S 191 x(for)S 191 x(those)S 192 x
(mech_types)S 192 x(in)S 191 x(which)S 191 x(a)S 191 x(director)S 2 x
(y)S 191 x(service)S 192 x(or)S 3899 X 648 y(other)S 209 x(network)S
208 x(entity)S 209 x(must)S 208 x(be)S 208 x(consulted)S 209 x(on)S
208 x(behalf)S 209 x(of)S 208 x(a)S 208 x(context)S 209 x(acceptor)S
209 x(in)S 208 x(order)S 209 x(to)S 208 x(validat)S 2 x(e)S 208 x(a)S
208 x(received)S 3899 X 647 y(input_token.)S 3899 18123 XY(Return)S
184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x
(GSS_COMPLE)S -2 x(TE)S 173 x(indica)S 2 x(tes)S 174 x(that)S 174 x
(context-)S 2 x(level)S 175 x(data)S 174 x(structur)S 2 x(es)S 174 x
(were)S 174 x(successf)S 2 x(ully)S 174 x(initial)S 2 x(ized,)S 176 x
(and)S 174 x(that)S 4945 X 648 y(per)S -10 x(-message)S 184 x(process)S
2 x(ing)S 182 x(can)S 184 x(now)S 182 x(be)S 183 x(perform)S 2 x(ed)S
183 x(in)S 183 x(conjunction)S 184 x(with)S 183 x(this)S 183 x(context.)S
3899 X 896 y(\201)S 854 x(GSS_CONT)S -2 x(INUE_NEEDE)S -2 x(D)S 142 x
(indicates)S 143 x(that)S 143 x(control)S 143 x(informat)S 2 x(ion)S
142 x(in)S 142 x(the)S 142 x(returne)S 2 x(d)S 141 x(output_token)S
143 x(must)S 142 x(be)S 4945 X 648 y(sent)S 162 x(to)S 161 x(the)S 162 x
(initiat)S 2 x(or)S -22 x(,)S 166 x(and)S 161 x(that)S 162 x(a)S 161 x
(response)S 163 x(must)S 161 x(be)S 162 x(receive)S 2 x(d)S 161 x(and)S
161 x(passed)S 162 x(as)S 162 x(the)S 161 x(input_token)S 162 x(ar)S
-9 x(gument)S 162 x(to)S 4945 X 647 y(a)S 176 x(continuati)S 2 x(on)S
175 x(call)S 177 x(to)S 176 x(GSS_Accept_sec_conte)S 2 x(xt)S(\()S 83 x
(\))S(,)S 178 x(before)S 177 x(per)S -10 x(-messa)S 2 x(ge)S 176 x(processing)S
177 x(can)S 176 x(be)S 176 x(perfor)S 2 x(med)S 4945 X 648 y(in)S 183 x
(conjunction)S 184 x(with)S 183 x(this)S 183 x(context.)S 3899 X 897 y
(\201)S 854 x(GSS_D)S -2 x(EFECTIVE_T)S -10 x(OKEN)S 172 x(indicat)S
2 x(es)S 174 x(that)S 175 x(consistency)S 175 x(checks)S 175 x(perform)S
2 x(ed)S 174 x(on)S 174 x(the)S 174 x(input_token)S 175 x(failed,)S
4945 X 647 y(preventi)S 2 x(ng)S 182 x(furthe)S 2 x(r)S 183 x(processing)S
184 x(from)S 184 x(being)S 183 x(perfor)S 2 x(med)S 183 x(based)S 183 x
(on)S 183 x(that)S 183 x(token.)S 3899 X 897 y(\201)S 854 x(GSS_D)S
-2 x(EFECTIVE_CREDENTIAL)S 226 x(indicate)S 2 x(s)S 227 x(that)S 227 x
(consiste)S 2 x(ncy)S 227 x(checks)S 227 x(perfor)S 2 x(med)S 227 x
(on)S 227 x(the)S 227 x(credent)S 2 x(ial)S 4945 X 647 y(structur)S
2 x(e)S 195 x(ref)S 2 x(erenced)S 196 x(by)S 195 x(accept)S 2 x(or_cred_handl)S
2 x(e)S 195 x(faile)S 2 x(d,)S 198 x(preventi)S 2 x(ng)S 195 x(further)S
197 x(processing)S 196 x(from)S 197 x(being)S 195 x(per-)S 4945 X 648 y
(formed)S 184 x(using)S 183 x(that)S 184 x(credenti)S 2 x(al)S 183 x
(structur)S 2 x(e.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_S)S -2 x(IG)S
202 x(indicat)S 2 x(es)S 202 x(that)S 202 x(the)S 203 x(receive)S 2 x
(d)S 201 x(input_token)S 203 x(contains)S 203 x(an)S 202 x(incorr)S
2 x(ect)S 202 x(signatur)S 2 x(e,)S 206 x(so)S 202 x(context)S 4945 X
647 y(setup)S 183 x(cannot)S 184 x(be)S 183 x(accomplis)S 2 x(hed.)S
3899 X 897 y(\201)S 854 x(GSS_D)S -2 x(UPLICA)S -61 x(TE_T)S -10 x(OKEN)S
222 x(indicate)S 2 x(s)S 223 x(that)S 225 x(the)S 224 x(signature)S
225 x(on)S 223 x(the)S 224 x(recei)S 2 x(ved)S 223 x(input_toke)S 2 x
(n)S 223 x(was)S 223 x(corr)S 2 x(ect,)S 4945 X 647 y(but)S 155 x(that)S
157 x(the)S 155 x(input_toke)S 2 x(n)S 155 x(was)S 155 x(recogniz)S
2 x(ed)S 155 x(as)S 156 x(a)S 155 x(duplica)S 2 x(te)S 155 x(of)S 156 x
(an)S 156 x(input_token)S 156 x(alrea)S 2 x(dy)S 155 x(processed.)S
236 x(No)S 155 x(new)S 4945 X 648 y(context)S 184 x(is)S 183 x(establi)S
2 x(shed.)S 3899 X 897 y(\201)S 854 x(GSS_O)S -2 x(LD_T)S -10 x(OKEN)S
212 x(indicate)S 2 x(s)S 213 x(that)S 215 x(the)S 214 x(signature)S
215 x(on)S 213 x(the)S 214 x(rece)S 2 x(ived)S 214 x(input_token)S 214 x
(was)S 214 x(correct)S 2 x(,)S 221 x(but)S 214 x(that)S 4945 X 647 y
(the)S 183 x(input_token)S 184 x(is)S 183 x(too)S 183 x(old)S 183 x
(to)S 183 x(be)S 183 x(checked)S 184 x(for)S 184 x(duplication)S 184 x
(against)S 184 x(previousl)S 2 x(y-processe)S 2 x(d)S 182 x(input_tokens.)S
4945 X 648 y(No)S 182 x(new)S 183 x(context)S 184 x(is)S 183 x(establishe)S
2 x(d.)S 3899 X 896 y(\201)S 854 x(GSS_N)S -2 x(O_CRED)S 150 x(indicates)S
151 x(that)S 150 x(no)S 149 x(context)S 151 x(was)S 149 x(establi)S
2 x(shed,)S 156 x(either)S 151 x(because)S 151 x(the)S 149 x(input)S
150 x(cred_ha)S 2 x(ndle)S 149 x(was)S 4945 X 648 y(invalid,)S 231 x
(because)S 221 x(the)S 220 x(ref)S 2 x(erenced)S 221 x(crede)S 2 x(ntials)S
221 x(are)S 221 x(valid)S 221 x(for)S 221 x(context)S 221 x(initi)S
2 x(ator)S 221 x(use)S 220 x(only)S -35 x(,)S 229 x(or)S 221 x(because)S
221 x(the)S 4945 X 647 y(caller)S 185 x(lacks)S 183 x(authori)S 2 x
(zation)S 183 x(to)S 183 x(acce)S 2 x(ss)S 182 x(the)S 184 x(refer)S
2 x(enced)S 183 x(credent)S 2 x(ials.)S 3899 37373 XY F36(16)S 498 x
(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
16 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 17 17
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(GSS_CREDENT)S
-2 x(IALS_EXPIRED)S 140 x(indicate)S 2 x(s)S 140 x(that)S 142 x(the)S
141 x(credenti)S 2 x(als)S 141 x(provided)S 141 x(through)S 141 x(the)S
142 x(input)S 141 x(acceptor_)S 4945 X 648 y(cred_handle)S 184 x(ar)S
-9 x(gument)S 184 x(are)S 183 x(no)S 183 x(longer)S 184 x(valid,)S 183 x
(so)S 183 x(context)S 184 x(establis)S 2 x(hment)S 183 x(cannot)S 184 x
(be)S 183 x(completed.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_BINDING)S
-2 x(S)S 220 x(indicates)S 221 x(that)S 221 x(a)S 219 x(mism)S 2 x(atch)S
220 x(between)S 220 x(the)S 220 x(call)S 2 x(er)S -10 x(-provided)S
220 x(chan_bindi)S 2 x(ngs)S 219 x(and)S 4945 X 647 y(those)S 166 x
(extract)S 2 x(ed)S 165 x(from)S 166 x(the)S 165 x(input_token)S 166 x
(was)S 165 x(detect)S 2 x(ed,)S 168 x(signifyi)S 2 x(ng)S 165 x(a)S
165 x(securit)S 2 x(y-releva)S 2 x(nt)S 165 x(event)S 166 x(and)S 165 x
(prevent-)S 4945 X 648 y(ing)S 183 x(context)S 184 x(establis)S 2 x
(hment.)S 3899 X 896 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S
2 x(s)S 209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x
(was)S 209 x(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S
210 x(context_handle)S 4945 X 648 y(provided;)S 215 x(this)S 204 x(major)S
205 x(status)S 205 x(will)S 204 x(be)S 203 x(retur)S 2 x(ned)S 203 x
(only)S 204 x(for)S 204 x(success)S 2 x(or)S 203 x(call)S 2 x(s)S 203 x
(following)S 205 x(GSS_)S -2 x(CONTINUE_)S 4945 X 648 y(NEEDED)S 181 x
(status)S 184 x(returns.)S 3899 X 896 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S
212 x(indica)S 2 x(tes)S 213 x(that)S 214 x(context)S 214 x(setup)S
213 x(could)S 214 x(not)S 213 x(be)S 213 x(accomplishe)S 2 x(d)S 212 x
(for)S 214 x(reasons)S 214 x(unspeci\211ed)S 214 x(at)S 4945 X 648 y
(the)S 183 x(GSS-API)S 182 x(level,)S 184 x(and)S 183 x(that)S 183 x
(no)S 183 x(interf)S 2 x(ace-de\211ned)S 184 x(recover)S 2 x(y)S 182 x
(action)S 184 x(is)S 183 x(availa)S 2 x(ble.)S 3899 11648 XY(Used)S
180 x(by)S 180 x(context)S 181 x(tar)S -9 x(get.)S 243 x(Using)S 180 x
(inform)S 2 x(ation)S 180 x(in)S 181 x(the)S 180 x(crede)S 2 x(ntials)S
181 x(structur)S 2 x(e)S 180 x(refe)S 2 x(renced)S 181 x(by)S 180 x
(the)S 180 x(input)S 181 x(acceptor_)S 3899 X 647 y(cred_handle)S 2 x
(,)S 208 x(verify)S 204 x(the)S 203 x(incomi)S 2 x(ng)S 202 x(input_token)S
204 x(and)S 203 x(\(assum)S 2 x(ing)S 203 x(success\))S 204 x(ret)S
2 x(urn)S 203 x(the)S 203 x(authenti)S 2 x(cated)S 204 x(srcname)S 3899 X
648 y(and)S 269 x(the)S 269 x(mech_type)S 270 x(used.)S 501 x(The)S
269 x(acceptor_c)S 2 x(red_handle)S 270 x(must)S 269 x(corres)S 2 x
(pond)S 268 x(to)S 269 x(the)S 269 x(same)S 269 x(valid)S 270 x(credenti)S
2 x(als)S 3899 X 647 y(structur)S 2 x(e)S 146 x(on)S 146 x(the)S 147 x
(initia)S 2 x(l)S 146 x(call)S 147 x(to)S 147 x(GSS_A)S -2 x(ccept_s)S
2 x(ec_context)S(\()S 85 x(\))S 146 x(and)S 147 x(on)S 146 x(any)S 146 x
(successor)S 148 x(calls)S 147 x(resul)S 2 x(ting)S 146 x(from)S 148 x
(GSS)S -2 x(_)S 3899 X 648 y(CONTINUE_N)S -2 x(EEDED)S 192 x(status)S
195 x(returns;)S 200 x(dif)S -9 x(ferent)S 195 x(protocol)S 194 x(sequences)S
195 x(modeled)S 194 x(by)S 193 x(the)S 194 x(GSS_)S -2 x(CONTINUE_)S
3899 X 648 y(NEEDE)S -2 x(D)S 207 x(mechanism)S 208 x(will)S 208 x(require)S
208 x(access)S 208 x(to)S 207 x(crede)S 2 x(ntials)S 208 x(at)S 207 x
(dif)S -9 x(ferent)S 208 x(points)S 208 x(in)S 207 x(the)S 207 x(context)S
208 x(establis)S 2 x(hment)S 3899 X 647 y(sequence.)S 3899 16529 XY
(The)S 216 x(input_context_handl)S 2 x(e)S 216 x(ar)S -10 x(gument)S
217 x(is)S 216 x(0,)S 224 x(specifyi)S 2 x(ng)S 215 x("not)S 216 x(yet)S
216 x(assigned",)S 224 x(on)S 216 x(the)S 216 x(\211rst)S 216 x(GSS_Accept_sec_)S
3899 X 648 y(context)S(\()S 85 x(\))S 143 x(call)S 145 x(relat)S 2 x
(ing)S 143 x(to)S 144 x(a)S 143 x(given)S 144 x(context.)S 232 x(That)S
144 x(call)S 144 x(retur)S 2 x(ns)S 143 x(an)S 144 x(output_context_ha)S
2 x(ndle)S 143 x(for)S 145 x(future)S 145 x(refere)S 2 x(nces)S 3899 X
648 y(to)S 162 x(this)S 164 x(context;)S 170 x(when)S 162 x(continuat)S
2 x(ion)S 162 x(atte)S 2 x(mpts)S 163 x(to)S 162 x(GSS_Accept_sec_context)S
2 x(\()S 83 x(\))S 163 x(are)S 163 x(needed)S 163 x(to)S 163 x(perfor)S
2 x(m)S 162 x(context)S 3899 X 647 y(establi)S 2 x(shment,)S 183 x(that)S
184 x(handle)S 183 x(value)S 184 x(will)S 183 x(be)S 183 x(entere)S
2 x(d)S 182 x(into)S 183 x(the)S 184 x(input_context_ha)S 2 x(ndle)S
183 x(ar)S -9 x(gument.)S 3899 19468 XY(The)S 216 x(chan_bindings)S
217 x(ar)S -10 x(gument)S 217 x(is)S 216 x(used)S 216 x(by)S 216 x(the)S
216 x(call)S 2 x(er)S 216 x(to)S 216 x(provide)S 217 x(inform)S 2 x
(ation)S 216 x(binding)S 216 x(the)S 217 x(securit)S 2 x(y)S 215 x(context)S
3899 X 648 y(to)S 164 x(securit)S 2 x(y-relat)S 2 x(ed)S 164 x(charact)S
2 x(eristic)S 2 x(s)S 163 x(\(e.g.,)S 169 x(addresses,)S 169 x(cryptographi)S
2 x(c)S 164 x(keys\))S 164 x(of)S 164 x(the)S 164 x(underlying)S 165 x
(communica)S 2 x(tions)S 3899 X 647 y(channel.)S 245 x(See)S 182 x(Section)S
184 x(1.1.6)S 182 x(of)S 183 x(this)S 184 x(document)S 184 x(for)S 183 x
(more)S 184 x(discussion)S 184 x(of)S 183 x(this)S 183 x(ar)S -9 x(gument')S
-29 x(s)S 183 x(usage.)S 3899 21760 XY(The)S 241 x(returned)S 242 x
(state)S 242 x(result)S 2 x(s)S 240 x(\(dele)S 2 x(g_state,)S 256 x
(mutual_s)S 2 x(tate,)S 256 x(replay_det)S 2 x(_state,)S 256 x(and)S
241 x(sequence_s)S 2 x(tate\))S 242 x(re\212ect)S 242 x(the)S 3899 X
647 y(same)S 184 x(context)S 183 x(state)S 184 x(values)S 184 x(as)S
183 x(retur)S 2 x(ned)S 183 x(to)S 182 x(GSS_Init_sec_cont)S 2 x(ext)S
(\()S 84 x(\))S(')S -29 x(s)S 182 x(call)S 2 x(er)S 183 x(at)S 183 x
(the)S 184 x(initiator)S 184 x(system)S 2 x(.)S 3899 23404 XY(The)S
182 x(conf_avai)S 2 x(l)S 182 x(retur)S 2 x(n)S 182 x(value)S 183 x
(indicate)S 2 x(s)S 182 x(whether)S 183 x(the)S 183 x(context)S 183 x
(supports)S 183 x(per)S -10 x(-mess)S 2 x(age)S 182 x(con\211dential)S
2 x(ity)S 183 x(services,)S 3899 X 647 y(and)S 145 x(so)S 145 x(inform)S
2 x(s)S 145 x(the)S 145 x(calle)S 2 x(r)S 145 x(whether)S 146 x(or)S
145 x(not)S 146 x(a)S 145 x(request)S 146 x(for)S 146 x(encrypti)S 2 x
(on)S 144 x(through)S 146 x(the)S 146 x(conf_req_\212ag)S 146 x(input)S
145 x(to)S 146 x(GSS)S -2 x(_)S 3899 X 648 y(Seal)S(\()S 84 x(\))S 216 x
(can)S 217 x(be)S 216 x(honored.)S 343 x(In)S 217 x(similar)S 218 x
(fashion,)S 225 x(the)S 216 x(integ_ava)S 2 x(il)S 216 x(retur)S 2 x
(n)S 216 x(value)S 216 x(indicat)S 2 x(es)S 216 x(whether)S 217 x(per)S
-10 x(-message)S 3899 X 647 y(integri)S 2 x(ty)S 183 x(services)S 184 x
(are)S 184 x(availabl)S 2 x(e)S 183 x(\(through)S 183 x(either)S 185 x
(GSS_S)S -2 x(ign)S(\()S 84 x(\))S 183 x(or)S 183 x(GSS_Seal)S(\()S
83 x(\))S(\))S 184 x(on)S 182 x(the)S 183 x(esta)S 2 x(blished)S 183 x
(context.)S 3899 26343 XY(The)S 180 x(lifeti)S 2 x(me_rec)S 181 x(return)S
181 x(value)S 181 x(indicates)S 181 x(the)S 181 x(length)S 180 x(of)S
180 x(time)S 181 x(for)S 181 x(which)S 179 x(the)S 181 x(context)S 181 x
(will)S 180 x(be)S 180 x(valid,)S 181 x(expressed)S 3899 X 647 y(as)S
182 x(an)S 183 x(of)S -10 x(fset)S 184 x(from)S 183 x(the)S 183 x(present.)S
245 x(The)S 182 x(values)S 183 x(of)S 182 x(deleg_st)S 2 x(ate,)S 183 x
(mutual_sta)S 2 x(te,)S 182 x(repl)S 2 x(ay_det_state)S 2 x(,)S 182 x
(sequence_st)S 2 x(ate,)S 3899 X 648 y(conf_avail)S 2 x(,)S 208 x(integ_avail)S
2 x(,)S 207 x(and)S 204 x(lifeti)S 2 x(me_rec)S 204 x(are)S 204 x(unde\211ned)S
203 x(unless)S 203 x(the)S 204 x(accompanying)S 204 x(major)S 2 x(_status)S
204 x(indicates)S 3899 X 647 y(COMPLETE.)S 3899 29282 XY(The)S 205 x
(delegated_c)S 2 x(red_handle)S 206 x(result)S 206 x(is)S 205 x(signi\211cant)S
206 x(only)S 205 x(when)S 205 x(deleg_sta)S 2 x(te)S 205 x(is)S 205 x
(TRUE,)S 205 x(and)S 205 x(provides)S 205 x(a)S 205 x(means)S 3899 X
647 y(for)S 168 x(the)S 168 x(tar)S -9 x(get)S 168 x(to)S 167 x(refe)S
2 x(rence)S 168 x(the)S 168 x(delegate)S 2 x(d)S 167 x(credenti)S 2 x
(als.)S 239 x(The)S 167 x(output_token)S 168 x(result)S 2 x(,)S 170 x
(when)S 167 x(non-NULL,)S 166 x(provides)S 3899 X 648 y(a)S 158 x(context-)S
2 x(level)S 159 x(token)S 159 x(to)S 158 x(be)S 158 x(ret)S 2 x(urned)S
158 x(to)S 159 x(the)S 158 x(context)S 160 x(initiat)S 2 x(or)S 158 x
(to)S 158 x(continue)S 160 x(a)S 158 x(multi-)S 2 x(step)S 159 x(context)S
159 x(establis)S 2 x(hment)S 3899 X 647 y(sequence.)S 282 x(As)S 195 x
(noted)S 195 x(with)S 196 x(GSS_Init_sec_context)S 2 x(\()S 83 x(\))S
(,)S 199 x(any)S 195 x(retur)S 2 x(ned)S 195 x(token)S 196 x(should)S
195 x(be)S 195 x(tra)S 2 x(nsferre)S 2 x(d)S 195 x(to)S 195 x(the)S
196 x(con-)S 3899 X 648 y(text')S -29 x(s)S 214 x(peer)S 215 x(\(in)S
215 x(this)S 215 x(case,)S 223 x(the)S 214 x(context)S 215 x(initi)S
2 x(ator\),)S 223 x(independent)S 215 x(of)S 215 x(the)S 214 x(value)S
215 x(of)S 215 x(the)S 214 x(accompanyi)S 2 x(ng)S 214 x(returned)S
3899 X 647 y(major_st)S 2 x(atus.)S 3899 33516 XY(Note:)S 236 x(A)S
167 x(tar)S -9 x(get)S 168 x(must)S 168 x(be)S 167 x(able)S 168 x(to)S
167 x(disti)S 2 x(nguish)S 167 x(a)S 167 x(context)S 2 x(-level)S 168 x
(input_token,)S 172 x(which)S 167 x(is)S 167 x(passed)S 168 x(to)S 168 x
(GSS_A)S -2 x(ccept_)S 3899 X 647 y(sec_context)S 2 x(\()S 83 x(\))S
(,)S 149 x(from)S 140 x(the)S 140 x(per)S -10 x(-messa)S 2 x(ge)S 139 x
(data)S 141 x(elements)S 141 x(passed)S 140 x(to)S 140 x(GSS_V)S -63 x
(eri)S 2 x(fy)S(\()S 83 x(\))S 140 x(or)S 140 x(GSS_Unseal)S(\()S 83 x
(\))S(.)S 230 x(These)S 140 x(data)S 3899 X 648 y(element)S 2 x(s)S
161 x(may)S 162 x(arri)S 2 x(ve)S 161 x(in)S 162 x(a)S 161 x(single)S
163 x(applicat)S 2 x(ion)S 161 x(message)S 2 x(,)S 165 x(and)S 162 x
(GSS_A)S -2 x(ccept_s)S 2 x(ec_context)S(\()S 85 x(\))S 162 x(must)S
162 x(be)S 161 x(perfor)S 2 x(med)S 3899 X 647 y(before)S 184 x(per)S
-10 x(-message)S 184 x(process)S 2 x(ing)S 183 x(can)S 183 x(be)S 183 x
(perform)S 2 x(ed)S 182 x(succes)S 2 x(sfully)S -35 x(.)S 22808 37373 XY
F36(1)S -27 x(1\203June\2031991)S 499 x(17)S
%%EndCustomColor: 0
17 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 18 18
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 4013 XY F32(2.2.3)S 547 x(GSS)S 2 x(_Delete_)S -2 x
(sec_co)S -2 x(ntext)S 183 x(call)S 3899 X 896 y F74(Input:)S 3899 X
897 y(\201)S 854 x(context_handl)S 2 x(e)S 183 x(INTEGER)S 3899 6902 XY
(Outputs:)S 3899 X 896 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S
3899 X 897 y(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(output_context)S 2 x(_token)S 183 x(OCTET)S 182 x
(STRING)S 3899 10688 XY(Return)S 184 x(major_s)S 2 x(tatus)S 183 x(codes:)S
3899 X 896 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 167 x(indicat)S 2 x
(es)S 168 x(that)S 168 x(the)S 168 x(context)S 168 x(was)S 168 x(recognized,)S
172 x(that)S 168 x(releva)S 2 x(nt)S 167 x(context-)S 2 x(speci\211c)S
168 x(inform)S 2 x(a-)S 4945 X 648 y(tion)S 213 x(was)S 213 x(\212ushed,)S
220 x(and)S 213 x(that)S 214 x(the)S 213 x(returne)S 2 x(d)S 212 x(output_conte)S
2 x(xt_token)S 213 x(is)S 213 x(ready)S 214 x(for)S 214 x(transfer)S
215 x(to)S 213 x(the)S 213 x(context')S -29 x(s)S 4945 X 647 y(peer)S
-29 x(.)S 3899 X 897 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S
2 x(s)S 209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x
(was)S 209 x(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S
210 x(context_handle)S 4945 X 648 y(provide,)S 184 x(so)S 182 x(no)S
183 x(deletion)S 184 x(was)S 183 x(perform)S 2 x(ed.)S 3899 X 896 y
(\201)S 854 x(GSS_F)S -42 x(AILURE)S 253 x(indicates)S 254 x(that)S
254 x(the)S 254 x(context)S 254 x(is)S 253 x(recogniz)S 2 x(ed,)S 270 x
(but)S 253 x(that)S 254 x(the)S 254 x(GSS_D)S -2 x(elete)S 2 x(_sec_context)S
2 x(\()S 83 x(\))S 4945 X 648 y(operati)S 2 x(on)S 182 x(could)S 183 x
(not)S 183 x(be)S 183 x(perfor)S 2 x(med)S 183 x(for)S 184 x(reasons)S
184 x(unspeci\211ed)S 183 x(at)S 183 x(the)S 184 x(GSS-AP)S -2 x(I)S
183 x(level)S 2 x(.)S 3899 17064 XY(This)S 204 x(call)S 206 x(may)S
204 x(block)S 205 x(pending)S 205 x(network)S 205 x(interac)S 2 x(tions)S
204 x(for)S 205 x(mech_t)S 2 x(ypes)S 204 x(in)S 205 x(which)S 204 x
(active)S 206 x(noti\211cation)S 205 x(must)S 205 x(be)S 3899 X 647 y
(made)S 183 x(to)S 183 x(a)S 183 x(centr)S 2 x(al)S 183 x(server)S 184 x
(when)S 183 x(a)S 183 x(security)S 184 x(context)S 184 x(is)S 183 x
(to)S 183 x(be)S 183 x(deleted.)S 3899 18707 XY(This)S 201 x(call)S
202 x(can)S 202 x(be)S 201 x(made)S 202 x(by)S 201 x(eithe)S 2 x(r)S
201 x(peer)S 202 x(in)S 202 x(a)S 201 x(securit)S 2 x(y)S 201 x(context,)S
207 x(to)S 201 x(\212ush)S 201 x(context-s)S 2 x(peci\211c)S 201 x(infor)S
2 x(mation)S 202 x(and)S 201 x(to)S 3899 X 648 y(return)S 221 x(an)S
220 x(output_context)S 2 x(_token)S 220 x(which)S 220 x(can)S 220 x
(be)S 220 x(passed)S 221 x(to)S 220 x(the)S 220 x(context')S -29 x(s)S
220 x(peer)S 221 x(informi)S 2 x(ng)S 219 x(it)S 221 x(that)S 220 x
(the)S 221 x(peer)S 21 x(')S -30 x(s)S 3899 X 648 y(corres)S 2 x(ponding)S
152 x(context)S 154 x(informat)S 2 x(ion)S 152 x(can)S 153 x(also)S
153 x(be)S 153 x(\212ushed.)S 234 x(\(Once)S 153 x(a)S 152 x(context)S
154 x(is)S 153 x(establishe)S 2 x(d,)S 158 x(the)S 153 x(peers)S 154 x
(involved)S 3899 X 647 y(are)S 153 x(expecte)S 2 x(d)S 152 x(to)S 152 x
(retai)S 2 x(n)S 152 x(cached)S 153 x(crede)S 2 x(ntial)S 153 x(and)S
152 x(context-)S 2 x(relat)S 2 x(ed)S 152 x(inform)S 2 x(ation)S 153 x
(until)S 153 x(the)S 152 x(infor)S 2 x(mation')S -29 x(s)S 153 x(expirati)S
2 x(on)S 3899 X 648 y(time)S 218 x(is)S 218 x(reac)S 2 x(hed)S 217 x
(or)S 218 x(until)S 218 x(a)S 218 x(GSS_D)S -2 x(elet)S 2 x(e_sec_context)S
2 x(\()S 83 x(\))S 218 x(call)S 219 x(is)S 217 x(made.\))S 349 x(Attempts)S
219 x(to)S 218 x(perform)S 219 x(per)S -10 x(-message)S 3899 X 647 y
(processing)S 184 x(on)S 183 x(a)S 183 x(deleted)S 184 x(context)S 184 x
(will)S 183 x(result)S 184 x(in)S 183 x(error)S 184 x(retur)S 2 x(ns.)S
3899 23340 XY F32(2.2.4)S 547 x(GSS)S 2 x(_Process)S -2 x(_context_token)S
181 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X 896 y(\201)S 854 x(context_handl)S
2 x(e)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(input_context)S 2 x
(_token)S 183 x(OCTET)S 182 x(STRING)S 3899 27126 XY(Outputs:)S 3899 X
897 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y
(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 30015 XY(Return)S
184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x
(GSS_COMPLE)S -2 x(TE)S 161 x(indicates)S 162 x(that)S 162 x(the)S 161 x
(input_conte)S 2 x(xt_token)S 161 x(was)S 161 x(successf)S 2 x(ully)S
161 x(processed)S 162 x(in)S 161 x(conjuncti)S 2 x(on)S 4945 X 647 y
(with)S 183 x(the)S 183 x(context)S 184 x(refer)S 2 x(enced)S 183 x
(by)S 183 x(context_handl)S 2 x(e.)S 3899 X 897 y(\201)S 854 x(GSS_D)S
-2 x(EFECTIVE_T)S -10 x(OKEN)S 201 x(indicat)S 2 x(es)S 203 x(that)S
203 x(consiste)S 2 x(ncy)S 203 x(checks)S 203 x(perfor)S 2 x(med)S 203 x
(on)S 203 x(the)S 203 x(receive)S 2 x(d)S 202 x(context_)S 4945 X 648 y
(token)S 183 x(fail)S 2 x(ed,)S 182 x(prevent)S 2 x(ing)S 183 x(further)S
184 x(process)S 2 x(ing)S 182 x(from)S 184 x(being)S 184 x(performe)S
2 x(d)S 182 x(with)S 183 x(that)S 184 x(token.)S 3899 X 896 y(\201)S
854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S 2 x(s)S 209 x(that)S
210 x(no)S 209 x(valid)S 210 x(context)S 210 x(was)S 209 x(recogni)S
2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S 210 x(context_handle)S
4945 X 648 y(provided.)S 3899 37373 XY F36(18)S 498 x(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
18 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 19 19
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(GSS_F)S
-42 x(AILURE)S 178 x(indicat)S 2 x(es)S 178 x(that)S 180 x(the)S 179 x
(context)S 179 x(is)S 179 x(recogniz)S 2 x(ed,)S 179 x(but)S 179 x(that)S
179 x(the)S 179 x(GSS_Process_context_toke)S 2 x(n)S(\()S 83 x(\))S
4945 X 648 y(operati)S 2 x(on)S 182 x(could)S 183 x(not)S 183 x(be)S
183 x(perfor)S 2 x(med)S 183 x(for)S 184 x(reasons)S 184 x(unspeci\211ed)S
183 x(at)S 183 x(the)S 184 x(GSS-AP)S -2 x(I)S 183 x(level)S 2 x(.)S
3899 5720 XY(This)S 216 x(call)S 217 x(is)S 217 x(used)S 216 x(to)S
216 x(process)S 217 x(context_t)S 2 x(okens)S 216 x(recei)S 2 x(ved)S
216 x(from)S 217 x(a)S 216 x(peer)S 217 x(once)S 216 x(a)S 217 x(context)S
217 x(has)S 216 x(been)S 216 x(establ)S 2 x(ished,)S 3899 X 647 y(with)S
236 x(corr)S 2 x(esponding)S 236 x(impac)S 2 x(t)S 236 x(on)S 236 x
(context-)S 2 x(level)S 237 x(state)S 238 x(inform)S 2 x(ation.)S 405 x
(One)S 236 x(use)S 236 x(for)S 238 x(this)S 237 x(facili)S 2 x(ty)S
236 x(is)S 237 x(processi)S 2 x(ng)S 3899 X 648 y(of)S 210 x(the)S 210 x
(context_tokens)S 211 x(generate)S 2 x(d)S 209 x(by)S 209 x(GSS_Delete_sec_cont)S
2 x(ext)S(\()S 84 x(\))S(;)S 223 x(GSS_Process_context_t)S 2 x(oken)S
(\()S 83 x(\))S 210 x(will)S 210 x(not)S 3899 X 648 y(block)S 163 x
(pending)S 164 x(network)S 164 x(interac)S 2 x(tions)S 164 x(for)S 163 x
(that)S 164 x(purpose.)S 238 x(Another)S 164 x(use)S 163 x(is)S 164 x
(to)S 163 x(proces)S 2 x(s)S 163 x(tokens)S 163 x(indica)S 2 x(ting)S
163 x(remot)S 2 x(e-)S 3899 X 647 y(peer)S 183 x(context)S 184 x(establi)S
2 x(shment)S 183 x(fail)S 2 x(ures)S 183 x(afte)S 2 x(r)S 182 x(the)S
184 x(point)S 183 x(where)S 183 x(the)S 183 x(local)S 184 x(GSS-AP)S
-2 x(I)S 183 x(imple)S 2 x(mentation)S 184 x(has)S 183 x(alrea)S 2 x
(dy)S 3899 X 648 y(indicate)S 2 x(d)S 182 x(GSS_COMPLET)S -2 x(E)S 183 x
(status.)S 3899 10353 XY F32(2.2.5)S 547 x(GSS)S 2 x(_Contex)S -2 x
(t_time)S 184 x(call)S 3899 X 896 y F74(Input:)S 3899 X 897 y(\201)S
854 x(context_handl)S 2 x(e)S 183 x(INTEGER,)S 3899 13242 XY(Outputs:)S
3899 X 896 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y
(\201)S 854 x(lifet)S 2 x(ime_rec)S 184 x(INTEGER)S 182 x(\202)S 183 x
(in)S 183 x(seconds,)S 183 x(or)S 184 x(reserved)S 184 x(value)S 184 x
(for)S 183 x(INDEFINITE)S 3899 17027 XY(Return)S 184 x(major_s)S 2 x
(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x
(TE)S 136 x(indicat)S 2 x(es)S 137 x(that)S 137 x(the)S 137 x(refe)S
2 x(renced)S 137 x(context)S 138 x(is)S 137 x(valid,)S 146 x(and)S 137 x
(will)S 137 x(remai)S 2 x(n)S 136 x(valid)S 137 x(for)S 138 x(the)S
137 x(amount)S 4945 X 648 y(of)S 183 x(time)S 184 x(indicate)S 2 x(d)S
182 x(in)S 183 x(life)S 2 x(time_re)S 2 x(c.)S 3899 X 896 y(\201)S 854 x
(GSS_CONT)S -2 x(EXT_EXPIRED)S 149 x(indicates)S 151 x(that)S 151 x
(data)S 151 x(items)S 151 x(relate)S 2 x(d)S 149 x(to)S 150 x(the)S
151 x(refer)S 2 x(enced)S 150 x(context)S 151 x(have)S 150 x(expired.)S
3899 X 897 y(\201)S 854 x(GSS_CREDENT)S -2 x(IALS_EXPIRED)S 238 x(indica)S
2 x(tes)S 239 x(that)S 240 x(the)S 240 x(context)S 240 x(is)S 240 x
(recogniz)S 2 x(ed,)S 253 x(but)S 239 x(that)S 240 x(its)S 240 x(associ)S
2 x(ated)S 4945 X 648 y(credent)S 2 x(ials)S 183 x(have)S 183 x(expire)S
2 x(d.)S 3899 X 896 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S
2 x(s)S 209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x
(was)S 209 x(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S
210 x(context_handle)S 4945 X 648 y(provided.)S 3899 X 896 y(\201)S
854 x(GSS_F)S -42 x(AILURE)S 162 x(indicate)S 2 x(s)S 162 x(that)S 163 x
(the)S 162 x(reques)S 2 x(ted)S 162 x(operat)S 2 x(ion)S 162 x(faile)S
2 x(d)S 162 x(for)S 163 x(reasons)S 163 x(unspeci\211ed)S 163 x(at)S
163 x(the)S 162 x(GSS-API)S 4945 X 648 y(level.)S 3899 25197 XY(This)S
188 x(call)S 189 x(is)S 188 x(used)S 189 x(to)S 188 x(determi)S 2 x
(ne)S 188 x(the)S 188 x(amount)S 189 x(of)S 188 x(time)S 190 x(for)S
188 x(which)S 188 x(a)S 188 x(curr)S 2 x(ently)S 188 x(establ)S 2 x
(ished)S 188 x(context)S 189 x(will)S 189 x(remain)S 3899 X 647 y(valid.)S
3899 27339 XY F32(2.3)S 547 x(Per-message)S 182 x(calls)S 3899 28335 XY
F74(This)S 251 x(group)S 251 x(of)S 251 x(calls)S 252 x(is)S 251 x(used)S
251 x(to)S 251 x(perf)S 2 x(orm)S 251 x(per)S -10 x(-message)S 252 x
(protec)S 2 x(tion)S 251 x(processi)S 2 x(ng)S 250 x(on)S 251 x(an)S
251 x(establi)S 2 x(shed)S 251 x(security)S 3899 X 648 y(context.)S
422 x(None)S 242 x(of)S 242 x(these)S 243 x(calls)S 243 x(block)S 243 x
(pending)S 242 x(network)S 242 x(inter)S 2 x(actions.)S 422 x(These)S
242 x(call)S 2 x(s)S 242 x(may)S 242 x(be)S 242 x(invoked)S 242 x(by)S
242 x(a)S 3899 X 647 y(context')S -29 x(s)S 210 x(initiat)S 2 x(or)S
209 x(or)S 210 x(by)S 209 x(the)S 210 x(context')S -28 x(s)S 209 x(tar)S
-9 x(get.)S 324 x(The)S 209 x(four)S 211 x(members)S 211 x(of)S 209 x
(this)S 210 x(group)S 210 x(should)S 210 x(be)S 209 x(consider)S 2 x
(ed)S 209 x(as)S 3899 X 648 y(two)S 211 x(pairs;)S 228 x(the)S 211 x
(output)S 212 x(from)S 213 x(GSS_Sign)S(\()S 82 x(\))S 212 x(is)S 212 x
(properl)S 2 x(y)S 211 x(input)S 212 x(to)S 212 x(GSS_V)S -63 x(erif)S
2 x(y)S(\()S 83 x(\))S(,)S 219 x(and)S 212 x(the)S 212 x(output)S 212 x
(from)S 213 x(GSS)S -2 x(_)S 3899 X 647 y(Seal)S(\()S 84 x(\))S 183 x
(is)S 183 x(properl)S 2 x(y)S 182 x(input)S 183 x(to)S 183 x(GSS_Unseal)S
(\()S 83 x(\))S(.)S 3899 31922 XY(GSS_S)S -2 x(ign)S(\()S 84 x(\))S
251 x(and)S 251 x(GSS_V)S -62 x(erify)S(\()S 85 x(\))S 250 x(support)S
252 x(data)S 251 x(origin)S 252 x(authentica)S 2 x(tion)S 251 x(and)S
250 x(data)S 252 x(integrit)S 2 x(y)S 250 x(servic)S 2 x(es.)S 447 x
(When)S 3899 X 647 y(GSS_S)S -2 x(ign)S(\()S 84 x(\))S 181 x(is)S 181 x
(invoked)S 181 x(on)S 181 x(an)S 181 x(input)S 181 x(message)S 2 x(,)S
181 x(it)S 181 x(yields)S 181 x(a)S 181 x(per)S -10 x(-messa)S 2 x(ge)S
181 x(token)S 181 x(containing)S 182 x(data)S 181 x(item)S 2 x(s)S 180 x
(which)S 3899 X 648 y(allow)S 140 x(underlyi)S 2 x(ng)S 139 x(mechani)S
2 x(sms)S 140 x(to)S 140 x(provide)S 141 x(the)S 140 x(speci\211ed)S
141 x(securi)S 2 x(ty)S 140 x(services)S 2 x(.)S 229 x(The)S 140 x(original)S
141 x(message)S 2 x(,)S 148 x(along)S 140 x(with)S 3899 X 647 y(the)S
169 x(generat)S 2 x(ed)S 169 x(per)S -11 x(-mes)S 2 x(sage)S 169 x(token,)S
172 x(is)S 169 x(passed)S 169 x(to)S 169 x(the)S 170 x(remote)S 170 x
(peer;)S 174 x(these)S 170 x(two)S 169 x(data)S 169 x(eleme)S 2 x(nts)S
169 x(are)S 169 x(process)S 2 x(ed)S 169 x(by)S 3899 X 648 y(GSS_V)S
-62 x(erify)S(\()S 85 x(\))S(,)S 183 x(which)S 183 x(validates)S 184 x
(the)S 183 x(messa)S 2 x(ge)S 182 x(in)S 183 x(conjuncti)S 2 x(on)S
182 x(with)S 183 x(the)S 184 x(separate)S 184 x(token.)S 230 x 37373 Y
F36(1)S -27 x(1\203June\2031991)S 499 x(19)S
%%EndCustomColor: 0
19 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 20 20
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(GSS_S)S -2 x(eal)S(\()S 85 x(\))S 252 x
(and)S 251 x(GSS_Unseal)S(\()S 83 x(\))S 252 x(support)S 252 x(calle)S
2 x(r)S -11 x(-reques)S 2 x(ted)S 251 x(con\211dentia)S 2 x(lity)S 252 x
(in)S 251 x(additi)S 2 x(on)S 251 x(to)S 251 x(the)S 252 x(data)S 252 x
(origin)S 3899 X 648 y(authentic)S 2 x(ation)S 149 x(and)S 150 x(data)S
149 x(integr)S 2 x(ity)S 149 x(servi)S 2 x(ces)S 149 x(of)S -9 x(fered)S
150 x(by)S 149 x(GSS_Sign)S(\()S 82 x(\))S 150 x(and)S 149 x(GSS_V)S
-62 x(erify)S(\()S 85 x(\))S(.)S 232 x(GSS_Seal)S(\()S 83 x(\))S 150 x
(outputs)S 3899 X 648 y(a)S 125 x(single)S 127 x(data)S 126 x(element)S
2 x(,)S 136 x(encapsul)S 2 x(ating)S 126 x(optionally-)S 2 x(enciphered)S
127 x(user)S 126 x(data)S 126 x(as)S 125 x(well)S 126 x(as)S 126 x(associat)S
2 x(ed)S 125 x(token)S 126 x(data)S 126 x(items.)S 3899 X 647 y(The)S
169 x(data)S 171 x(element)S 171 x(output)S 170 x(from)S 171 x(GSS)S
-2 x(_Seal)S(\()S 85 x(\))S 169 x(is)S 170 x(passed)S 171 x(to)S 169 x
(the)S 170 x(remot)S 2 x(e)S 169 x(peer)S 171 x(and)S 170 x(processed)S
171 x(by)S 169 x(GSS_U)S -2 x(nseal)S 2 x(\()S 83 x(\))S 3899 X 648 y
(at)S 168 x(that)S 168 x(system.)S 239 x(GSS_Unseal)S(\()S 83 x(\))S
168 x(combines)S 168 x(decipher)S 2 x(ment)S 168 x(\(as)S 168 x(require)S
2 x(d\))S 167 x(with)S 168 x(validation)S 168 x(of)S 168 x(data)S 168 x
(items)S 168 x(rel)S 2 x(ated)S 3899 X 647 y(to)S 183 x(authentic)S
2 x(ation)S 183 x(and)S 183 x(integri)S 2 x(ty)S -36 x(.)S 3899 8609 XY
F32(2.3.1)S 547 x(GSS)S 2 x(_Sign)S 182 x(call)S 3899 X 897 y F74(Inputs:)S
3899 X 896 y(\201)S 854 x(context_handl)S 2 x(e)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(qop_req)S 183 x(INTEGER,\2020)S 182 x(speci\211es)S
184 x(default)S 184 x(QOP)S 3899 X 897 y(\201)S 854 x(message)S 184 x
(OCTET)S 182 x(STRING)S 3899 13292 XY(Outputs:)S 3899 X 896 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x
(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x(per_msg_toke)S
2 x(n)S 182 x(OCTET)S 182 x(STRING)S 3899 17077 XY(Return)S 184 x(major_s)S
2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x
(TE)S 198 x(indica)S 2 x(tes)S 199 x(that)S 199 x(a)S 199 x(signatur)S
2 x(e,)S 203 x(suitable)S 200 x(for)S 199 x(an)S 199 x(establ)S 2 x
(ished)S 199 x(securit)S 2 x(y)S 198 x(context,)S 204 x(was)S 199 x
(suc-)S 4945 X 648 y(cessful)S 2 x(ly)S 152 x(applie)S 2 x(d)S 152 x
(and)S 153 x(that)S 153 x(the)S 153 x(message)S 154 x(and)S 153 x(corresponding)S
154 x(per_msg_token)S 154 x(are)S 153 x(ready)S 154 x(for)S 153 x(transm)S
2 x(ission.)S 3899 X 896 y(\201)S 854 x(GSS_CONT)S -2 x(EXT_EXPIRED)S
206 x(indicat)S 2 x(es)S 207 x(that)S 208 x(context)S 2 x(-relat)S 2 x
(ed)S 207 x(data)S 208 x(items)S 209 x(have)S 207 x(expire)S 2 x(d,)S
213 x(so)S 207 x(that)S 208 x(the)S 208 x(re-)S 4945 X 648 y(quested)S
184 x(operation)S 184 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S
3899 X 896 y(\201)S 854 x(GSS_CREDENT)S -2 x(IALS_EXPIRED)S 238 x(indica)S
2 x(tes)S 239 x(that)S 240 x(the)S 240 x(context)S 240 x(is)S 240 x
(recogniz)S 2 x(ed,)S 253 x(but)S 239 x(that)S 240 x(its)S 240 x(associ)S
2 x(ated)S 4945 X 648 y(credent)S 2 x(ials)S 183 x(have)S 183 x(expire)S
2 x(d,)S 182 x(so)S 183 x(that)S 184 x(the)S 183 x(requeste)S 2 x(d)S
182 x(operat)S 2 x(ion)S 183 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x
(med.)S 3899 X 897 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S
2 x(s)S 209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x
(was)S 209 x(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S
210 x(context_handle)S 4945 X 647 y(provided.)S 3899 X 897 y(\201)S
854 x(GSS_F)S -42 x(AILURE)S 190 x(indicat)S 2 x(es)S 190 x(that)S 192 x
(the)S 191 x(context)S 191 x(is)S 191 x(recogniz)S 2 x(ed,)S 192 x(but)S
191 x(that)S 191 x(the)S 191 x(request)S 2 x(ed)S 190 x(operat)S 2 x
(ion)S 190 x(could)S 191 x(not)S 4945 X 647 y(be)S 183 x(perform)S 2 x
(ed)S 183 x(for)S 183 x(reasons)S 184 x(unspeci\211ed)S 184 x(at)S 183 x
(the)S 183 x(GSS-API)S 182 x(level.)S 3899 25894 XY(Using)S 192 x(the)S
193 x(securit)S 2 x(y)S 192 x(context)S 193 x(refe)S 2 x(renced)S 193 x
(by)S 192 x(context_ha)S 2 x(ndle,)S 195 x(apply)S 192 x(a)S 193 x(signature)S
194 x(to)S 192 x(the)S 193 x(input)S 193 x(message)S 193 x(\(al)S 2 x
(ong)S 3899 X 648 y(with)S 159 x(times)S 2 x(tamps)S 160 x(and/or)S
160 x(other)S 160 x(data)S 160 x(included)S 160 x(in)S 159 x(support)S
160 x(of)S 160 x(mech_type-s)S 2 x(peci\211c)S 159 x(mecha)S 2 x(nisms\))S
160 x(and)S 159 x(retur)S 2 x(n)S 159 x(the)S 3899 X 647 y(result)S
186 x(in)S 185 x(per_msg_toke)S 2 x(n.)S 249 x(The)S 185 x(qop_req)S
185 x(paramet)S 2 x(er)S 185 x(allows)S 185 x(qualit)S 2 x(y-of-prot)S
2 x(ection)S 185 x(contr)S 2 x(ol.)S 249 x(The)S 185 x(caller)S 186 x
(passes)S 3899 X 648 y(the)S 183 x(message)S 184 x(and)S 183 x(the)S
183 x(per_msg_t)S 2 x(oken)S 183 x(to)S 183 x(the)S 183 x(tar)S -9 x
(get.)S 3899 28833 XY(The)S 134 x(GSS_Sign)S(\()S 82 x(\))S 135 x(function)S
135 x(complet)S 2 x(es)S 134 x(befor)S 2 x(e)S 134 x(the)S 135 x(message)S
135 x(and)S 135 x(per_msg_token)S 135 x(is)S 135 x(sent)S 135 x(to)S
134 x(the)S 135 x(peer;)S 151 x(succes)S 2 x(sful)S 3899 X 648 y(applicat)S
2 x(ion)S 261 x(of)S 262 x(GSS_)S -2 x(Sign)S(\()S 84 x(\))S 261 x(does)S
262 x(not)S 261 x(guarant)S 2 x(ee)S 261 x(that)S 262 x(a)S 262 x(corresponding)S
263 x(GSS)S -2 x(_V)S -61 x(erif)S 2 x(y)S(\()S 83 x(\))S 262 x(has)S
261 x(been)S 262 x(\(or)S 262 x(can)S 3899 X 647 y(necessar)S 2 x(ily)S
183 x(be\))S 183 x(perf)S 2 x(ormed)S 183 x(success)S 2 x(fully)S 183 x
(when)S 183 x(the)S 183 x(message)S 184 x(arri)S 2 x(ves)S 183 x(at)S
183 x(the)S 183 x(destina)S 2 x(tion.)S 3899 31523 XY F32(2.3.2)S 547 x
(GSS)S 2 x(_V)S -30 x(erify)S 183 x(call)S 3899 X 897 y F74(Inputs:)S
3899 X 896 y(\201)S 854 x(context_handl)S 2 x(e)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(message)S 184 x(OCTET)S 182 x(STRING,)S 3899 37373 XY
F36(20)S 498 x(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
20 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 21 21
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(per_msg_toke)S
2 x(n)S 182 x(OCTET)S 182 x(STRING)S 3899 5072 XY(Outputs:)S 3899 X
897 y(\201)S 854 x(qop_state)S 184 x(INTEGER,)S 3899 X 897 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x
(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 8858 XY(Return)S 184 x
(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S
-2 x(TE)S 183 x(indicates)S 184 x(that)S 184 x(the)S 183 x(message)S
184 x(was)S 183 x(successful)S 2 x(ly)S 183 x(veri\211ed.)S 3899 X 896 y
(\201)S 854 x(GSS_D)S -2 x(EFECTIVE_T)S -10 x(OKEN)S 171 x(indicates)S
174 x(that)S 173 x(consistenc)S 2 x(y)S 172 x(checks)S 173 x(perfor)S
2 x(med)S 172 x(on)S 172 x(the)S 173 x(rece)S 2 x(ived)S 172 x(per_ms)S
2 x(g_)S 4945 X 648 y(token)S 183 x(fail)S 2 x(ed,)S 182 x(prevent)S
2 x(ing)S 183 x(further)S 184 x(process)S 2 x(ing)S 182 x(from)S 184 x
(being)S 184 x(performe)S 2 x(d)S 182 x(with)S 183 x(that)S 184 x(token.)S
3899 X 897 y(\201)S 854 x(GSS_BAD_S)S -2 x(IG)S 218 x(indicate)S 2 x
(s)S 217 x(that)S 218 x(the)S 219 x(received)S 219 x(per_msg_toke)S
2 x(n)S 217 x(contains)S 219 x(an)S 217 x(incorr)S 2 x(ect)S 218 x(signatur)S
2 x(e)S 218 x(for)S 218 x(the)S 4945 X 647 y(message.)S 3899 X 897 y
(\201)S 854 x(GSS_D)S -2 x(UPLICA)S -61 x(TE_T)S -10 x(OKEN)S -2 x(,)S
297 x(GSS_OLD)S -2 x(_T)S -10 x(OKEN,)S 296 x(and)S 297 x(GSS_U)S -2 x
(NSEQ_T)S -11 x(OKEN)S 295 x(values)S 298 x(appear)S 298 x(in)S 4945 X
647 y(conjunction)S 272 x(with)S 272 x(the)S 271 x(optional)S 272 x
(per)S -10 x(-messa)S 2 x(ge)S 271 x(replay)S 272 x(detec)S 2 x(tion)S
271 x(featur)S 2 x(es)S 271 x(descr)S 2 x(ibed)S 271 x(in)S 271 x(Section)S
272 x(1.2.3;)S 4945 X 648 y(their)S 184 x(semanti)S 2 x(cs)S 183 x(are)S
183 x(descr)S 2 x(ibed)S 183 x(in)S 183 x(that)S 183 x(secti)S 2 x(on.)S
3899 X 897 y(\201)S 854 x(GSS_CONT)S -2 x(EXT_EXPIRED)S 206 x(indicat)S
2 x(es)S 207 x(that)S 208 x(context)S 2 x(-relat)S 2 x(ed)S 207 x(data)S
208 x(items)S 209 x(have)S 207 x(expire)S 2 x(d,)S 213 x(so)S 207 x
(that)S 208 x(the)S 208 x(re-)S 4945 X 647 y(quested)S 184 x(operation)S
184 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X 897 y(\201)S
854 x(GSS_CREDENT)S -2 x(IALS_EXPIRED)S 238 x(indica)S 2 x(tes)S 239 x
(that)S 240 x(the)S 240 x(context)S 240 x(is)S 240 x(recogniz)S 2 x
(ed,)S 253 x(but)S 239 x(that)S 240 x(its)S 240 x(associ)S 2 x(ated)S
4945 X 647 y(credent)S 2 x(ials)S 183 x(have)S 183 x(expire)S 2 x(d,)S
182 x(so)S 183 x(that)S 184 x(the)S 183 x(requeste)S 2 x(d)S 182 x(operat)S
2 x(ion)S 183 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X
897 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S 2 x(s)S
209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x(was)S 209 x
(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S 210 x(context_handle)S
4945 X 648 y(provided.)S 3899 X 896 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S
181 x(indica)S 2 x(tes)S 182 x(that)S 183 x(the)S 182 x(context)S 183 x
(is)S 182 x(recogniz)S 2 x(ed,)S 182 x(but)S 182 x(that)S 182 x(the)S
183 x(GSS_V)S -63 x(eri)S 2 x(fy)S(\()S 83 x(\))S 183 x(operation)S
183 x(could)S 4945 X 648 y(not)S 183 x(be)S 183 x(perform)S 2 x(ed)S
183 x(for)S 183 x(reasons)S 184 x(unspeci\211ed)S 184 x(at)S 183 x(the)S
183 x(GSS-API)S 182 x(level.)S 3899 22308 XY(Using)S 153 x(the)S 153 x
(securi)S 2 x(ty)S 153 x(context)S 154 x(refer)S 2 x(enced)S 153 x(by)S
153 x(context_handl)S 2 x(e,)S 159 x(verify)S 154 x(that)S 154 x(the)S
153 x(input)S 154 x(per_msg_token)S 154 x(contains)S 154 x(an)S 3899 X
647 y(appropria)S 2 x(te)S 150 x(signature)S 151 x(for)S 151 x(the)S
150 x(input)S 150 x(message,)S 157 x(and)S 150 x(apply)S 150 x(any)S
150 x(active)S 151 x(repla)S 2 x(y)S 149 x(detect)S 2 x(ion)S 149 x
(or)S 150 x(sequenci)S 2 x(ng)S 149 x(feat)S 2 x(ures.)S 3899 X 648 y
(Return)S 155 x(an)S 153 x(indicati)S 2 x(on)S 153 x(of)S 153 x(the)S
154 x(quality-)S 2 x(of-prote)S 2 x(ction)S 154 x(applied)S 154 x(to)S
153 x(the)S 154 x(processe)S 2 x(d)S 153 x(message)S 154 x(in)S 154 x
(the)S 154 x(qop_state)S 154 x(result.)S 3899 24998 XY F32(2.3.3)S 547 x
(GSS)S 2 x(_Seal)S 182 x(call)S 3899 X 896 y F74(Inputs:)S 3899 X 897 y
(\201)S 854 x(context_handl)S 2 x(e)S 183 x(INTEGER,)S 3899 X 897 y
(\201)S 854 x(conf_req_\212ag)S 184 x(BOOLEAN)S -2 x(,)S 3899 X 896 y
(\201)S 854 x(qop_req)S 183 x(INTEGER,\2020)S 182 x(speci\211es)S 184 x
(default)S 184 x(QOP)S 3899 X 897 y(\201)S 854 x(input_messa)S 2 x(ge)S
183 x(OCTET)S 182 x(STRING)S 3899 30577 XY(Outputs:)S 3899 X 896 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x
(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(conf_stat)S
2 x(e)S 183 x(BOOLEAN)S -2 x(,)S 3899 X 896 y(\201)S 854 x(output_messa)S
2 x(ge)S 183 x(OCTET)S 182 x(STRING)S 22808 37373 XY F36(1)S -27 x(1\203June\2031991)S
499 x(21)S
%%EndCustomColor: 0
21 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 22 22
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(Return)S 184 x(major_s)S 2 x(tatus)S 183 x
(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 159 x(indicat)S
2 x(es)S 159 x(that)S 160 x(the)S 160 x(input_messa)S 2 x(ge)S 159 x
(was)S 159 x(succes)S 2 x(sfully)S 160 x(processe)S 2 x(d)S 159 x(and)S
159 x(that)S 160 x(the)S 160 x(output_)S 4945 X 648 y(message)S 184 x
(is)S 183 x(ready)S 184 x(for)S 183 x(trans)S 2 x(mission.)S 3899 X
896 y(\201)S 854 x(GSS_CONT)S -2 x(EXT_EXPIRED)S 206 x(indicat)S 2 x
(es)S 207 x(that)S 208 x(context)S 2 x(-relat)S 2 x(ed)S 207 x(data)S
208 x(items)S 209 x(have)S 207 x(expire)S 2 x(d,)S 213 x(so)S 207 x
(that)S 208 x(the)S 208 x(re-)S 4945 X 648 y(quested)S 184 x(operation)S
184 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X 896 y(\201)S
854 x(GSS_CREDENT)S -2 x(IALS_EXPIRED)S 238 x(indica)S 2 x(tes)S 239 x
(that)S 240 x(the)S 240 x(context)S 240 x(is)S 240 x(recogniz)S 2 x
(ed,)S 253 x(but)S 239 x(that)S 240 x(its)S 240 x(associ)S 2 x(ated)S
4945 X 648 y(credent)S 2 x(ials)S 183 x(have)S 183 x(expire)S 2 x(d,)S
182 x(so)S 183 x(that)S 184 x(the)S 183 x(requeste)S 2 x(d)S 182 x(operat)S
2 x(ion)S 183 x(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X
897 y(\201)S 854 x(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S 2 x(s)S
209 x(that)S 210 x(no)S 209 x(valid)S 210 x(context)S 210 x(was)S 209 x
(recogni)S 2 x(zed)S 209 x(for)S 210 x(the)S 210 x(input)S 210 x(context_handle)S
4945 X 647 y(provided.)S 3899 X 897 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S
216 x(indicat)S 2 x(es)S 217 x(that)S 217 x(the)S 217 x(context)S 218 x
(is)S 217 x(recognize)S 2 x(d,)S 225 x(but)S 216 x(that)S 218 x(the)S
217 x(GSS_S)S -2 x(eal)S(\()S 85 x(\))S 217 x(operation)S 218 x(could)S
4945 X 647 y(not)S 183 x(be)S 183 x(perform)S 2 x(ed)S 183 x(for)S 183 x
(reasons)S 184 x(unspeci\211ed)S 184 x(at)S 183 x(the)S 183 x(GSS-API)S
182 x(level.)S 3899 12793 XY(Performs)S 206 x(the)S 206 x(data)S 206 x
(origin)S 206 x(authentica)S 2 x(tion)S 205 x(and)S 205 x(data)S 206 x
(integri)S 2 x(ty)S 205 x(functions)S 206 x(of)S 205 x(GSS_Sign)S(\()S
83 x(\))S(.)S 310 x(If)S 206 x(the)S 205 x(input)S 206 x(conf_)S 3899 X
648 y(req_\212ag)S 168 x(is)S 168 x(TRUE,)S 167 x(requests)S 169 x(that)S
168 x(con\211dentia)S 2 x(lity)S 168 x(be)S 168 x(applied)S 168 x(to)S
168 x(the)S 168 x(input_messa)S 2 x(ge.)S 238 x(Con\211dentia)S 2 x
(lity)S 168 x(may)S 168 x(not)S 3899 X 648 y(be)S 171 x(supporte)S 2 x
(d)S 171 x(in)S 172 x(all)S 172 x(mech_types)S 173 x(or)S 171 x(by)S
172 x(all)S 172 x(implem)S 2 x(entations;)S 177 x(the)S 172 x(returned)S
173 x(conf_state)S 173 x(\212ag)S 171 x(indicat)S 2 x(es)S 172 x(whether)S
3899 X 647 y(con\211dentiali)S 2 x(ty)S 174 x(was)S 175 x(provided)S
175 x(for)S 175 x(the)S 175 x(input_messa)S 2 x(ge.)S 241 x(The)S 174 x
(qop_req)S 175 x(parame)S 2 x(ter)S 175 x(allows)S 175 x(quality-)S
2 x(of-prote)S 2 x(ction)S 3899 X 648 y(control.)S 3899 16380 XY(In)S
240 x(all)S 240 x(cases,)S 255 x(the)S 239 x(GSS_Seal)S(\()S 83 x(\))S
240 x(call)S 241 x(yields)S 240 x(a)S 240 x(single)S 240 x(output_mess)S
2 x(age)S 239 x(data)S 241 x(element)S 241 x(containing)S 241 x(\(optionally)S
3899 X 647 y(enciphere)S 2 x(d\))S 183 x(user)S 183 x(data)S 184 x(as)S
183 x(well)S 183 x(as)S 183 x(control)S 184 x(inform)S 2 x(ation.)S
3899 18422 XY F32(2.3.4)S 547 x(GSS)S 2 x(_Uns)S -2 x(eal)S 183 x(call)S
3899 X 897 y F74(Inputs:)S 3899 X 897 y(\201)S 854 x(context_handl)S
2 x(e)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x(input_messa)S 2 x
(ge)S 183 x(OCTET)S 182 x(STRING)S 3899 22208 XY(Outputs:)S 3899 X 897 y
(\201)S 854 x(conf_stat)S 2 x(e)S 183 x(BOOLEAN)S -2 x(,)S 3899 X 896 y
(\201)S 854 x(qop_state)S 184 x(INTEGER,)S 3899 X 897 y(\201)S 854 x
(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(minor_sta)S
2 x(tus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S 854 x(output_messa)S
2 x(ge)S 183 x(OCTET)S 182 x(STRING)S 3899 27787 XY(Return)S 184 x(major_s)S
2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x
(TE)S 137 x(indicate)S 2 x(s)S 137 x(that)S 138 x(the)S 138 x(input_message)S
139 x(was)S 137 x(successful)S 2 x(ly)S 137 x(processe)S 2 x(d)S 137 x
(and)S 137 x(that)S 138 x(the)S 138 x(resulti)S 2 x(ng)S 4945 X 647 y
(output_messa)S 2 x(ge)S 183 x(is)S 183 x(available)S 2 x(.)S 3899 X
897 y(\201)S 854 x(GSS_D)S -2 x(EFECTIVE_T)S -10 x(OKEN)S 272 x(indicate)S
2 x(s)S 273 x(that)S 275 x(consistenc)S 2 x(y)S 273 x(checks)S 275 x
(performe)S 2 x(d)S 273 x(on)S 274 x(the)S 274 x(per_msg_token)S 4945 X
648 y(extrac)S 2 x(ted)S 183 x(from)S 184 x(the)S 183 x(input_messa)S
2 x(ge)S 183 x(failed,)S 184 x(preventing)S 184 x(furthe)S 2 x(r)S 183 x
(processing)S 184 x(from)S 184 x(being)S 183 x(perfor)S 2 x(med.)S 3899 X
896 y(\201)S 854 x(GSS_BAD_S)S -2 x(IG)S 183 x(indicate)S 2 x(s)S 183 x
(that)S 183 x(an)S 183 x(incorre)S 2 x(ct)S 183 x(signatur)S 2 x(e)S
182 x(was)S 183 x(detect)S 2 x(ed)S 183 x(for)S 183 x(the)S 183 x(messa)S
2 x(ge.)S 3899 X 897 y(\201)S 854 x(GSS_D)S -2 x(UPLICA)S -61 x(TE_T)S
-10 x(OKEN)S -2 x(,)S 297 x(GSS_OLD)S -2 x(_T)S -10 x(OKEN,)S 296 x
(and)S 297 x(GSS_U)S -2 x(NSEQ_T)S -11 x(OKEN)S 295 x(values)S 298 x
(appear)S 298 x(in)S 4945 X 647 y(conjunction)S 272 x(with)S 272 x(the)S
271 x(optional)S 272 x(per)S -10 x(-messa)S 2 x(ge)S 271 x(replay)S
272 x(detec)S 2 x(tion)S 271 x(featur)S 2 x(es)S 271 x(descr)S 2 x(ibed)S
271 x(in)S 271 x(Section)S 272 x(1.2.3;)S 4945 X 648 y(their)S 184 x
(semanti)S 2 x(cs)S 183 x(are)S 183 x(descr)S 2 x(ibed)S 183 x(in)S
183 x(that)S 183 x(secti)S 2 x(on.)S 3899 X 897 y(\201)S 854 x(GSS_CONT)S
-2 x(EXT_EXPIRED)S 206 x(indicat)S 2 x(es)S 207 x(that)S 208 x(context)S
2 x(-relat)S 2 x(ed)S 207 x(data)S 208 x(items)S 209 x(have)S 207 x
(expire)S 2 x(d,)S 213 x(so)S 207 x(that)S 208 x(the)S 208 x(re-)S 4945 X
647 y(quested)S 184 x(operation)S 184 x(cannot)S 183 x(be)S 183 x(perfor)S
2 x(med.)S 3899 37373 XY F36(22)S 498 x(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
22 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 23 23
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(GSS_CREDENT)S
-2 x(IALS_EXPIRED)S 238 x(indica)S 2 x(tes)S 239 x(that)S 240 x(the)S
240 x(context)S 240 x(is)S 240 x(recogniz)S 2 x(ed,)S 253 x(but)S 239 x
(that)S 240 x(its)S 240 x(associ)S 2 x(ated)S 4945 X 648 y(credent)S
2 x(ials)S 183 x(have)S 183 x(expire)S 2 x(d,)S 182 x(so)S 183 x(that)S
184 x(the)S 183 x(requeste)S 2 x(d)S 182 x(operat)S 2 x(ion)S 183 x
(cannot)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X 897 y(\201)S 854 x
(GSS_N)S -2 x(O_CONTEXT)S 208 x(indicate)S 2 x(s)S 209 x(that)S 210 x
(no)S 209 x(valid)S 210 x(context)S 210 x(was)S 209 x(recogni)S 2 x
(zed)S 209 x(for)S 210 x(the)S 210 x(input)S 210 x(context_handle)S
4945 X 647 y(provided.)S 3899 X 897 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S
169 x(indicates)S 170 x(that)S 170 x(the)S 169 x(context)S 170 x(is)S
170 x(recognized,)S 173 x(but)S 169 x(that)S 170 x(the)S 169 x(GSS_Unseal)S
(\()S 83 x(\))S 170 x(operation)S 170 x(could)S 4945 X 647 y(not)S 183 x
(be)S 183 x(perform)S 2 x(ed)S 183 x(for)S 183 x(reasons)S 184 x(unspeci\211ed)S
184 x(at)S 183 x(the)S 183 x(GSS-API)S 182 x(level.)S 3899 8808 XY(Processes)S
268 x(a)S 267 x(data)S 267 x(element)S 268 x(generat)S 2 x(ed)S 266 x
(\(and)S 268 x(optionally)S 268 x(enciphered\))S 268 x(by)S 267 x(GSS_S)S
-2 x(eal)S(\()S 85 x(\))S(,)S 288 x(provided)S 267 x(as)S 267 x(input_)S
3899 X 648 y(message.)S 483 x(The)S 261 x(ret)S 2 x(urned)S 262 x(conf_sta)S
2 x(te)S 262 x(value)S 263 x(indicate)S 2 x(s)S 262 x(whether)S 262 x
(con\211dential)S 2 x(ity)S 262 x(was)S 262 x(applied)S 263 x(to)S 262 x
(the)S 263 x(input_)S 3899 X 647 y(message.)S 277 x(If)S 195 x(conf_stat)S
2 x(e)S 193 x(is)S 194 x(TRUE,)S 193 x(GSS_Unseal)S(\()S 84 x(\))S 193 x
(deciphe)S 2 x(rs)S 194 x(the)S 194 x(input_messa)S 2 x(ge.)S 276 x
(Returns)S 195 x(an)S 194 x(indicati)S 2 x(on)S 193 x(of)S 3899 X 648 y
(the)S 174 x(quality-)S 2 x(of-prot)S 2 x(ection)S 175 x(applied)S 174 x
(to)S 175 x(the)S 174 x(processe)S 2 x(d)S 173 x(message)S 176 x(in)S
174 x(the)S 174 x(qop_state)S 175 x(result)S 2 x(.)S 240 x(GSS_Seal)S
(\()S 83 x(\))S 174 x(perf)S 2 x(orms)S 3899 X 648 y(the)S 235 x(data)S
236 x(integrit)S 2 x(y)S 234 x(and)S 235 x(data)S 235 x(origi)S 2 x
(n)S 234 x(authenti)S 2 x(cation)S 235 x(checking)S 236 x(functions)S
236 x(of)S 235 x(GSS_V)S -62 x(erify)S(\()S 85 x(\))S 235 x(on)S 234 x
(the)S 236 x(plaintext)S 3899 X 647 y(data.)S 244 x(Plaintext)S 184 x
(data)S 184 x(is)S 183 x(retur)S 2 x(ned)S 182 x(in)S 183 x(output_me)S
2 x(ssage.)S 3899 13541 XY F32(2.4)S 547 x(Support)S 183 x(calls)S 3899 14537 XY
F74(This)S 224 x(group)S 223 x(of)S 224 x(calls)S 225 x(provides)S 224 x
(support)S 225 x(functions)S 224 x(useful)S 225 x(to)S 224 x(GSS-AP)S
-2 x(I)S 224 x(calle)S 2 x(rs,)S 234 x(independent)S 224 x(of)S 224 x
(the)S 224 x(state)S 225 x(of)S 3899 X 647 y(establi)S 2 x(shed)S 206 x
(contexts.)S 314 x(Their)S 207 x(charact)S 2 x(erizat)S 2 x(ion)S 206 x
(with)S 206 x(regard)S 207 x(to)S 206 x(blocking)S 207 x(or)S 206 x
(non-blocki)S 2 x(ng)S 205 x(stat)S 2 x(us)S 205 x(in)S 207 x(terms)S
207 x(of)S 3899 X 648 y(network)S 183 x(inter)S 2 x(actions)S 184 x
(is)S 183 x(unspeci\211ed.)S 3899 17227 XY F32(2.4.1)S 547 x(GSS)S 2 x
(_Display)S -2 x(_status)S 182 x(call)S 3899 X 896 y F74(Inputs:)S 3899 X
897 y(\201)S 854 x(status_val)S 2 x(ue)S 183 x(INTEGER,\202GS)S -2 x
(S-API)S 183 x(major_st)S 2 x(atus)S 183 x(or)S 183 x(minor_st)S 2 x
(atus)S 183 x(retur)S 2 x(n)S 182 x(value)S 3899 X 897 y(\201)S 854 x
(status_type)S 184 x(INTEGER,\2021)S 182 x(if)S 184 x(major_st)S 2 x
(atus,)S 183 x(2)S 183 x(if)S 183 x(minor_st)S 2 x(atus)S 3899 X 896 y
(\201)S 854 x(mech_type)S 184 x(OBJECT)S 183 x(IDENTIFIER\202mech_type)S
184 x(to)S 183 x(be)S 183 x(used)S 183 x(for)S 184 x(minor_stat)S 2 x
(us)S 182 x(trans)S 2 x(lation)S 3899 21909 XY(Outputs:)S 3899 X 897 y
(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y(\201)S
854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x
(status_st)S 2 x(ring_set)S 184 x(SET)S 182 x(OF)S 182 x(OCTET)S 182 x
(STRING)S 3899 25695 XY(Return)S 184 x(major_s)S 2 x(tatus)S 183 x(codes:)S
3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 184 x(indicat)S 2 x
(es)S 184 x(that)S 185 x(a)S 185 x(valid)S 185 x(printa)S 2 x(ble)S
184 x(status)S 186 x(represe)S 2 x(ntation)S 185 x(\(possibly)S 186 x
(represe)S 2 x(nting)S 184 x(more)S 4945 X 647 y(than)S 174 x(one)S
174 x(status)S 174 x(event)S 174 x(encoded)S 174 x(within)S 174 x(the)S
174 x(status)S 2 x(_value\))S 174 x(is)S 174 x(availa)S 2 x(ble)S 174 x
(in)S 173 x(the)S 174 x(retur)S 2 x(ned)S 173 x(status)S 2 x(_string_set.)S
3899 X 897 y(\201)S 854 x(GSS_BAD_ME)S -2 x(CH)S 255 x(indicate)S 2 x
(s)S 254 x(that)S 255 x(trans)S 2 x(lation)S 255 x(in)S 255 x(accordanc)S
2 x(e)S 254 x(with)S 255 x(an)S 254 x(unsupported)S 256 x(mech_type)S
255 x(was)S 4945 X 647 y(requeste)S 2 x(d,)S 182 x(so)S 183 x(transl)S
2 x(ation)S 183 x(could)S 183 x(not)S 183 x(be)S 183 x(perfor)S 2 x
(med.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_S)S -2 x(T)S -44 x(A)S -61 x
(TUS)S 188 x(indicates)S 190 x(that)S 190 x(the)S 189 x(input)S 189 x
(status_va)S 2 x(lue)S 189 x(was)S 188 x(invali)S 2 x(d,)S 190 x(or)S
189 x(that)S 189 x(the)S 190 x(input)S 189 x(status_type)S 4945 X 648 y
(carri)S 2 x(ed)S 183 x(a)S 183 x(value)S 183 x(other)S 184 x(than)S
183 x(1)S 183 x(or)S 183 x(2,)S 182 x(so)S 183 x(transl)S 2 x(ation)S
183 x(could)S 183 x(not)S 183 x(be)S 183 x(perfor)S 2 x(med.)S 3899 X
896 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S 134 x(indicate)S 2 x(s)S 134 x
(that)S 135 x(the)S 135 x(requeste)S 2 x(d)S 134 x(operati)S 2 x(on)S
134 x(could)S 135 x(not)S 134 x(be)S 135 x(performe)S 2 x(d)S 134 x
(for)S 135 x(reasons)S 136 x(unspeci\211ed)S 4945 X 648 y(at)S 183 x
(the)S 183 x(GSS-API)S 182 x(level.)S 3899 32968 XY(Provides)S 190 x
(a)S 189 x(means)S 190 x(for)S 190 x(caller)S 2 x(s)S 189 x(to)S 189 x
(tra)S 2 x(nslate)S 190 x(GSS-API-returned)S 190 x(major)S 191 x(and)S
189 x(minor)S 190 x(status)S 190 x(codes)S 190 x(into)S 190 x(printable)S
3899 X 647 y(string)S 184 x(represe)S 2 x(ntations.)S 22808 37373 XY
F36(1)S -27 x(1\203June\2031991)S 499 x(23)S
%%EndCustomColor: 0
23 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 24 24
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 4013 XY F32(2.4.2)S 547 x(GSS)S 2 x(_Indicate_me)S -2 x
(chs)S 182 x(call)S 3899 X 896 y F74(Input:)S 3899 X 897 y(\201)S 854 x
(\(none\))S 3899 6902 XY(Outputs:)S 3899 X 896 y(\201)S 854 x(major_st)S
2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(minor_sta)S 2 x
(tus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x(mech_set)S 184 x(SET)S
182 x(OF)S 182 x(OBJECT)S 183 x(IDENTIFIER)S 3899 10688 XY(Return)S
184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 896 y(\201)S 854 x
(GSS_COMPLE)S -2 x(TE)S 183 x(indicates)S 184 x(that)S 184 x(a)S 183 x
(set)S 183 x(of)S 183 x(availa)S 2 x(ble)S 183 x(mechanism)S 2 x(s)S
183 x(has)S 183 x(been)S 183 x(returne)S 2 x(d)S 182 x(in)S 183 x(mech_set)S
2 x(.)S 3899 X 897 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S 134 x(indicate)S
2 x(s)S 134 x(that)S 135 x(the)S 135 x(requeste)S 2 x(d)S 134 x(operati)S
2 x(on)S 134 x(could)S 135 x(not)S 134 x(be)S 135 x(performe)S 2 x(d)S
134 x(for)S 135 x(reasons)S 136 x(unspeci\211ed)S 4945 X 647 y(at)S
183 x(the)S 183 x(GSS-API)S 182 x(level.)S 3899 14224 XY(Allows)S 253 x
(caller)S 2 x(s)S 252 x(to)S 253 x(deter)S 2 x(mine)S 253 x(the)S 253 x
(set)S 254 x(of)S 253 x(mechanis)S 2 x(m)S 253 x(types)S 253 x(availabl)S
2 x(e)S 253 x(on)S 252 x(the)S 254 x(local)S 253 x(system)S 2 x(.)S
453 x(This)S 253 x(call)S 254 x(is)S 3899 X 648 y(intended)S 197 x(for)S
196 x(support)S 197 x(of)S 196 x(speciali)S 2 x(zed)S 196 x(caller)S
2 x(s)S 195 x(who)S 196 x(need)S 196 x(to)S 196 x(request)S 197 x(non-default)S
197 x(mech_type)S 197 x(sets)S 197 x(from)S 197 x(GSS)S -2 x(_)S 3899 X
647 y(Acquire_cr)S 2 x(ed)S(\()S 83 x(\))S(,)S 183 x(and)S 183 x(should)S
183 x(not)S 183 x(be)S 183 x(needed)S 184 x(by)S 182 x(other)S 184 x
(caller)S 2 x(s.)S 3899 16914 XY F32(2.4.3)S 547 x(GSS)S 2 x(_Compa)S
-2 x(re_name)S 182 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X 896 y
(\201)S 854 x(name1)S 183 x(INTERNAL)S 182 x(NAME,)S 3899 X 897 y(\201)S
854 x(name2)S 183 x(INTERNAL)S 182 x(NAME,)S 3899 X 897 y(\201)S 854 x
(name2_type)S 184 x(OBJECT)S 183 x(IDENTIFIER)S 3899 21597 XY(Outputs:)S
3899 X 896 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y
(\201)S 854 x(name_equal)S 184 x(BOOLEAN)S 3899 25382 XY(Return)S 184 x
(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S
-2 x(TE)S 141 x(indica)S 2 x(tes)S 142 x(that)S 142 x(name1)S 143 x
(and)S 142 x(name2)S 142 x(were)S 142 x(compar)S 2 x(able,)S 150 x(and)S
142 x(that)S 143 x(the)S 142 x(name_equal)S 143 x(result)S 4945 X 648 y
(indicate)S 2 x(s)S 183 x(whether)S 183 x(name1)S 184 x(and)S 182 x
(name2)S 184 x(were)S 183 x(equal)S 184 x(or)S 183 x(unequal.)S 3899 X
896 y(\201)S 854 x(GSS_BAD_N)S -2 x(AMETYPE)S 221 x(indicates)S 224 x
(that)S 223 x(one)S 222 x(or)S 222 x(both)S 223 x(of)S 222 x(name1)S
223 x(and)S 222 x(name2)S 223 x(contai)S 2 x(ned)S 222 x(internal)S
224 x(type)S 4945 X 648 y(speci\211ers)S 182 x(uninterpre)S 2 x(table)S
181 x(by)S 180 x(the)S 181 x(supporting)S 181 x(GSS-API)S 179 x(implem)S
2 x(entation,)S 182 x(or)S 180 x(that)S 181 x(the)S 181 x(two)S 180 x
(names')S 182 x(types)S 4945 X 647 y(are)S 184 x(dif)S -9 x(ferent)S
184 x(and)S 183 x(incompara)S 2 x(ble,)S 183 x(so)S 183 x(the)S 183 x
(equalit)S 2 x(y)S 182 x(compari)S 2 x(son)S 182 x(could)S 184 x(not)S
183 x(be)S 182 x(comple)S 2 x(ted.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_N)S
-2 x(AME)S 240 x(indicat)S 2 x(es)S 241 x(that)S 241 x(one)S 241 x(or)S
241 x(both)S 240 x(of)S 241 x(the)S 241 x(input)S 241 x(names)S 242 x
(was)S 240 x(ill-)S 2 x(formed)S 242 x(in)S 241 x(terms)S 242 x(of)S
241 x(its)S 4945 X 648 y(interna)S 2 x(l)S 183 x(type)S 183 x(speci\211er)S
-21 x(,)S 183 x(so)S 183 x(the)S 183 x(equality)S 184 x(compari)S 2 x
(son)S 182 x(could)S 184 x(not)S 183 x(be)S 182 x(comple)S 2 x(ted.)S
3899 X 896 y(\201)S 854 x(GSS_F)S -42 x(AILURE)S 134 x(indicate)S 2 x
(s)S 134 x(that)S 135 x(the)S 135 x(requeste)S 2 x(d)S 134 x(operati)S
2 x(on)S 134 x(could)S 135 x(not)S 134 x(be)S 135 x(performe)S 2 x(d)S
134 x(for)S 135 x(reasons)S 136 x(unspeci\211ed)S 4945 X 648 y(at)S
183 x(the)S 183 x(GSS-API)S 182 x(level.)S 3899 33303 XY(Allows)S 183 x
(caller)S 2 x(s)S 182 x(to)S 183 x(compar)S 2 x(e)S 182 x(two)S 183 x
(interna)S 2 x(l)S 183 x(name)S 183 x(repre)S 2 x(sentations)S 184 x
(for)S 184 x(equality)S -34 x(.)S 3899 37373 XY F36(24)S 498 x(1)S -28 x
(1\203June\2031991)S
%%EndCustomColor: 0
24 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 25 25
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 4013 XY F32(2.4.4)S 547 x
(GSS)S 2 x(_Display)S -2 x(_name)S 182 x(call)S 3899 X 896 y F74(Inputs:)S
3899 X 897 y(\201)S 854 x(name)S 183 x(INTERNAL)S 182 x(NAME)S 3899 6902 XY
(Outputs:)S 3899 X 896 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S
3899 X 897 y(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X
897 y(\201)S 854 x(name_str)S 2 x(ing)S 183 x(OCTET)S 182 x(STRING,)S
3899 X 896 y(\201)S 854 x(name_type)S 184 x(OBJECT)S 183 x(IDENTIFIER)S
3899 11584 XY(Return)S 184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X
897 y(\201)S 854 x(GSS_COMPLE)S -2 x(TE)S 207 x(indicate)S 2 x(s)S 207 x
(that)S 207 x(a)S 208 x(valid)S 207 x(printa)S 2 x(ble)S 207 x(name)S
208 x(represe)S 2 x(ntation)S 208 x(is)S 207 x(availa)S 2 x(ble)S 207 x
(in)S 207 x(the)S 208 x(returned)S 4945 X 647 y(name_str)S 2 x(ing.)S
3899 X 897 y(\201)S 854 x(GSS_BAD_N)S -2 x(AMETYPE)S 246 x(indicate)S
2 x(s)S 247 x(that)S 249 x(the)S 248 x(provided)S 248 x(name)S 249 x
(was)S 247 x(of)S 248 x(a)S 248 x(type)S 248 x(uninterpre)S 2 x(table)S
248 x(by)S 248 x(the)S 4945 X 648 y(supporting)S 184 x(GSS-AP)S -2 x
(I)S 183 x(imple)S 2 x(mentati)S 2 x(on,)S 182 x(so)S 183 x(no)S 182 x
(print)S 2 x(able)S 183 x(repre)S 2 x(sentation)S 184 x(could)S 183 x
(be)S 183 x(generat)S 2 x(ed.)S 3899 X 896 y(\201)S 854 x(GSS_BAD_N)S
-2 x(AME)S 257 x(indicat)S 2 x(es)S 258 x(that)S 258 x(the)S 258 x(contents)S
259 x(of)S 258 x(the)S 258 x(provided)S 259 x(name)S 258 x(were)S 258 x
(inconsis)S 2 x(tent)S 258 x(with)S 258 x(the)S 4945 X 648 y(interna)S
2 x(lly-indic)S 2 x(ated)S 183 x(name)S 184 x(type,)S 183 x(so)S 183 x
(no)S 182 x(printa)S 2 x(ble)S 183 x(represe)S 2 x(ntation)S 184 x(could)S
183 x(be)S 183 x(generated.)S 3899 X 896 y(\201)S 854 x(GSS_F)S -42 x
(AILURE)S 134 x(indicate)S 2 x(s)S 134 x(that)S 135 x(the)S 135 x(requeste)S
2 x(d)S 134 x(operati)S 2 x(on)S 134 x(could)S 135 x(not)S 134 x(be)S
135 x(performe)S 2 x(d)S 134 x(for)S 135 x(reasons)S 136 x(unspeci\211ed)S
4945 X 648 y(at)S 183 x(the)S 183 x(GSS-API)S 182 x(level.)S 3899 18857 XY
(Allows)S 128 x(calle)S 2 x(rs)S 129 x(to)S 128 x(transl)S 2 x(ate)S
129 x(an)S 128 x(inter)S 2 x(nal)S 128 x(name)S 130 x(represent)S 2 x
(ation)S 129 x(into)S 129 x(a)S 128 x(printa)S 2 x(ble)S 128 x(form)S
130 x(with)S 128 x(associ)S 2 x(ated)S 129 x(namespace)S 3899 X 648 y
(type)S 183 x(descri)S 2 x(ptor)S -30 x(.)S 244 x(The)S 182 x(syntax)S
184 x(of)S 183 x(the)S 183 x(printabl)S 2 x(e)S 183 x(form)S 184 x(is)S
183 x(a)S 183 x(local)S 183 x(matt)S 2 x(er)S -30 x(.)S 3899 20899 XY
F32(2.4.5)S 547 x(GSS)S 2 x(_Import_name)S 182 x(call)S 3899 X 897 y
F74(Inputs:)S 3899 X 897 y(\201)S 854 x(input_name_st)S 2 x(ring)S 183 x
(OCTET)S 182 x(STRING,)S 3899 X 896 y(\201)S 854 x(input_name_t)S 2 x
(ype)S 183 x(OBJECT)S 182 x(IDENTIFIER)S 3899 24685 XY(Outputs:)S 3899 X
897 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 896 y
(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S
854 x(output_name)S 184 x(INTERNAL)S 182 x(NAME)S 3899 28471 XY(Return)S
184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x
(GSS_COMPLE)S -2 x(TE)S 146 x(indicate)S 2 x(s)S 146 x(that)S 146 x
(a)S 147 x(valid)S 146 x(name)S 147 x(repre)S 2 x(sentation)S 147 x
(is)S 147 x(output)S 146 x(in)S 146 x(output_name)S 148 x(and)S 146 x
(described)S 4945 X 647 y(by)S 183 x(the)S 183 x(type)S 183 x(value)S
183 x(in)S 183 x(output_nam)S 2 x(e_type.)S 3899 X 897 y(\201)S 854 x
(GSS_BAD_N)S -2 x(AMETYPE)S 219 x(indicat)S 2 x(es)S 221 x(that)S 221 x
(the)S 221 x(input_nam)S 2 x(e_type)S 221 x(is)S 221 x(unsupported)S
222 x(by)S 220 x(the)S 222 x(GSS-AP)S -2 x(I)S 221 x(im-)S 4945 X 647 y
(plementa)S 2 x(tion,)S 183 x(so)S 183 x(the)S 183 x(import)S 184 x
(operati)S 2 x(on)S 182 x(could)S 183 x(not)S 183 x(be)S 183 x(complet)S
2 x(ed.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_N)S -2 x(AME)S 140 x(indica)S
2 x(tes)S 141 x(that)S 142 x(the)S 141 x(provided)S 142 x(input_name_st)S
2 x(ring)S 141 x(is)S 141 x(ill-)S 2 x(formed)S 142 x(in)S 141 x(terms)S
142 x(of)S 142 x(the)S 141 x(input_)S 4945 X 648 y(name_type,)S 184 x
(so)S 183 x(the)S 183 x(import)S 184 x(operati)S 2 x(on)S 182 x(could)S
183 x(not)S 183 x(be)S 183 x(complet)S 2 x(ed.)S 3899 X 896 y(\201)S
854 x(GSS_F)S -42 x(AILURE)S 134 x(indicate)S 2 x(s)S 134 x(that)S 135 x
(the)S 135 x(requeste)S 2 x(d)S 134 x(operati)S 2 x(on)S 134 x(could)S
135 x(not)S 134 x(be)S 135 x(performe)S 2 x(d)S 134 x(for)S 135 x(reasons)S
136 x(unspeci\211ed)S 4945 X 648 y(at)S 183 x(the)S 183 x(GSS-API)S
182 x(level.)S 22808 37373 XY F36(1)S -27 x(1\203June\2031991)S 499 x
(25)S
%%EndCustomColor: 0
25 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 26 26
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(Allows)S 144 x(caller)S 2 x(s)S 144 x(to)S
144 x(provide)S 145 x(a)S 144 x(printa)S 2 x(ble)S 144 x(name)S 145 x
(repre)S 2 x(sentation,)S 153 x(designate)S 146 x(the)S 144 x(type)S
145 x(of)S 144 x(namespac)S 2 x(e)S 144 x(in)S 144 x(conjuncti)S 2 x
(on)S 3899 X 648 y(with)S 176 x(which)S 176 x(it)S 176 x(should)S 176 x
(be)S 177 x(parsed,)S 178 x(and)S 176 x(convert)S 177 x(that)S 177 x
(printable)S 177 x(repr)S 2 x(esentation)S 177 x(to)S 176 x(an)S 176 x
(inter)S 2 x(nal)S 176 x(form)S 177 x(suitable)S 178 x(for)S 3899 X
648 y(input)S 183 x(to)S 183 x(other)S 184 x(GSS-AP)S -2 x(I)S 184 x
(routines.)S 245 x(The)S 182 x(syntax)S 184 x(of)S 183 x(the)S 183 x
(input_name)S 184 x(is)S 183 x(a)S 183 x(local)S 184 x(matter)S -28 x
(.)S 3899 6666 XY F32(2.4.6)S 547 x(GSS)S 2 x(_Relea)S -2 x(se_name)S
181 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X 897 y(\201)S 854 x(name)S
183 x(INTERNAL)S 182 x(NAME)S 3899 9556 XY(Outputs:)S 3899 X 896 y(\201)S
854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y(\201)S 854 x
(minor_sta)S 2 x(tus)S 183 x(INTEGER)S 3899 12445 XY(Return)S 184 x
(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 896 y(\201)S 854 x(GSS_COMPLE)S
-2 x(TE)S 227 x(indicat)S 2 x(es)S 227 x(that)S 228 x(the)S 228 x(storage)S
229 x(associate)S 2 x(d)S 227 x(with)S 227 x(the)S 228 x(input)S 228 x
(name)S 228 x(was)S 227 x(successful)S 2 x(ly)S 227 x(re-)S 4945 X 648 y
(leased.)S 3899 X 897 y(\201)S 854 x(GSS_BAD_N)S -2 x(AME)S 182 x(indica)S
2 x(tes)S 183 x(that)S 184 x(the)S 183 x(input)S 183 x(name)S 183 x
(ar)S -9 x(gument)S 184 x(did)S 183 x(not)S 183 x(contain)S 183 x(a)S
183 x(valid)S 184 x(name.)S 3899 X 896 y(\201)S 854 x(GSS_F)S -42 x
(AILURE)S 134 x(indicate)S 2 x(s)S 134 x(that)S 135 x(the)S 135 x(requeste)S
2 x(d)S 134 x(operati)S 2 x(on)S 134 x(could)S 135 x(not)S 134 x(be)S
135 x(performe)S 2 x(d)S 134 x(for)S 135 x(reasons)S 136 x(unspeci\211ed)S
4945 X 648 y(at)S 183 x(the)S 183 x(GSS-API)S 182 x(level.)S 3899 17526 XY
(Allows)S 183 x(caller)S 2 x(s)S 182 x(to)S 183 x(rele)S 2 x(ase)S 183 x
(the)S 183 x(storage)S 184 x(associ)S 2 x(ated)S 183 x(with)S 183 x
(an)S 183 x(interna)S 2 x(l)S 182 x(name)S 184 x(repres)S 2 x(entation.)S
3899 18920 XY F32(2.4.7)S 547 x(GSS)S 2 x(_Relea)S -2 x(se_buffer)S
182 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X 897 y(\201)S 854 x(buf)S
-9 x(fer)S 183 x(OCTET)S 182 x(STRING)S 3899 21810 XY(Outputs:)S 3899 X
896 y(\201)S 854 x(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 X 897 y
(\201)S 854 x(minor_sta)S 2 x(tus)S 183 x(INTEGER)S 3899 24699 XY(Return)S
184 x(major_s)S 2 x(tatus)S 183 x(codes:)S 3899 X 896 y(\201)S 854 x
(GSS_COMPLE)S -2 x(TE)S 215 x(indicat)S 2 x(es)S 215 x(that)S 217 x
(the)S 216 x(storage)S 216 x(associ)S 2 x(ated)S 216 x(with)S 215 x
(the)S 216 x(input)S 216 x(buf)S -9 x(fer)S 216 x(was)S 216 x(successful)S
2 x(ly)S 215 x(re-)S 4945 X 648 y(leased.)S 3899 X 897 y(\201)S 854 x
(GSS_F)S -42 x(AILURE)S 134 x(indicate)S 2 x(s)S 134 x(that)S 135 x
(the)S 135 x(requeste)S 2 x(d)S 134 x(operati)S 2 x(on)S 134 x(could)S
135 x(not)S 134 x(be)S 135 x(performe)S 2 x(d)S 134 x(for)S 135 x(reasons)S
136 x(unspeci\211ed)S 4945 X 647 y(at)S 183 x(the)S 183 x(GSS-API)S
182 x(level.)S 3899 28883 XY(Allows)S 222 x(call)S 2 x(ers)S 223 x(to)S
223 x(release)S 224 x(the)S 223 x(storage)S 224 x(associa)S 2 x(ted)S
223 x(with)S 222 x(an)S 223 x(OCTET)S 222 x(STRING)S 222 x(buf)S -9 x
(fer)S 223 x(alloca)S 2 x(ted)S 223 x(by)S 222 x(another)S 3899 X 648 y
(GSS-API)S 182 x(call.)S 3899 30925 XY F32(2.4.8)S 547 x(GSS)S 2 x(_Relea)S
-2 x(se_oid_s)S -2 x(et)S 183 x(call)S 3899 X 897 y F74(Inputs:)S 3899 X
897 y(\201)S 854 x(buf)S -9 x(fer)S 183 x(SET)S 182 x(OF)S 182 x(OBJECT)S
183 x(IDENTIFIER)S 3899 33815 XY(Outputs:)S 3899 X 896 y(\201)S 854 x
(major_st)S 2 x(atus)S 183 x(INTEGER,)S 3899 37373 XY F36(26)S 498 x
(1)S -28 x(1\203June\2031991)S
%%EndCustomColor: 0
26 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 27 27
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 3976 XY F74(\201)S 854 x(minor_sta)S
2 x(tus)S 183 x(INTEGER)S 3899 5072 XY(Return)S 184 x(major_s)S 2 x
(tatus)S 183 x(codes:)S 3899 X 897 y(\201)S 854 x(GSS_COMPLE)S -2 x
(TE)S 273 x(indicates)S 274 x(that)S 274 x(the)S 273 x(storage)S 274 x
(associ)S 2 x(ated)S 273 x(with)S 273 x(the)S 273 x(input)S 274 x(object)S
274 x(identi\211er)S 274 x(set)S 273 x(was)S 4945 X 648 y(successf)S
2 x(ully)S 183 x(relea)S 2 x(sed.)S 3899 X 896 y(\201)S 854 x(GSS_F)S
-42 x(AILURE)S 134 x(indicate)S 2 x(s)S 134 x(that)S 135 x(the)S 135 x
(requeste)S 2 x(d)S 134 x(operati)S 2 x(on)S 134 x(could)S 135 x(not)S
134 x(be)S 135 x(performe)S 2 x(d)S 134 x(for)S 135 x(reasons)S 136 x
(unspeci\211ed)S 4945 X 648 y(at)S 183 x(the)S 183 x(GSS-API)S 182 x
(level.)S 3899 9257 XY(Allows)S 195 x(caller)S 2 x(s)S 195 x(to)S 195 x
(release)S 196 x(the)S 196 x(storage)S 196 x(associat)S 2 x(ed)S 195 x
(with)S 195 x(an)S 195 x(object)S 196 x(identi\211er)S 196 x(set)S 196 x
(object)S 196 x(allocate)S 2 x(d)S 194 x(by)S 195 x(another)S 3899 X
647 y(GSS-API)S 182 x(call.)S 3899 11399 XY F28(3)S 598 x(Example)S
201 x(Scenarios)S 3899 12395 XY F74(These)S 257 x(discussi)S 2 x(ons)S
256 x(are)S 258 x(intended)S 258 x(as)S 258 x(examples)S 258 x(for)S
258 x(clari\211ca)S 2 x(tion,)S 276 x(demonstrat)S 2 x(ing)S 257 x(how)S
256 x(GSS-API)S 256 x(functions)S 3899 X 647 y(can)S 228 x(be)S 227 x
(used)S 228 x(and)S 227 x(imple)S 2 x(mented)S 228 x(by)S 227 x(candidat)S
2 x(e)S 227 x(underlying)S 229 x(mechanism)S 2 x(s.)S 377 x(They)S 227 x
(should)S 228 x(not)S 228 x(be)S 227 x(regar)S 2 x(ded)S 227 x(as)S
3899 X 648 y(constric)S 2 x(tive)S 179 x(to)S 178 x(impleme)S 2 x(ntations)S
179 x(or)S 179 x(as)S 178 x(de\211ning)S 178 x(the)S 179 x(only)S 178 x
(means)S 179 x(through)S 179 x(which)S 178 x(GSS-API)S 177 x(functi)S
2 x(ons)S 178 x(can)S 178 x(be)S 3899 X 648 y(reali)S 2 x(zed)S 164 x
(with)S 165 x(a)S 164 x(parti)S 2 x(cular)S 165 x(underlying)S 166 x
(technology)S -35 x(,)S 168 x(and)S 164 x(do)S 164 x(not)S 165 x(demonstra)S
2 x(te)S 164 x(all)S 165 x(GSS-API)S 164 x(featur)S 2 x(es)S 164 x(with)S
165 x(each)S 3899 X 647 y(technology)S -35 x(.)S 3899 16480 XY F32(3.1)S
547 x(Client-Or)S 2 x(iented)S 182 x(Scenario)S 3899 17476 XY F74(Figure)S
164 x(2)S 164 x(illust)S 2 x(rates)S 165 x(the)S 165 x(data\212ows)S
164 x(involved)S 164 x(in)S 165 x(use)S 164 x(of)S 164 x(the)S 165 x
(GSS-AP)S -2 x(I)S 165 x(by)S 164 x(a)S 164 x(client)S 165 x(and)S 164 x
(server)S 166 x(in)S 164 x(a)S 164 x(mechani)S 2 x(sm-)S 3899 X 647 y
(independent)S 190 x(fashion,)S 192 x(establi)S 2 x(shing)S 189 x(a)S
189 x(secur)S 2 x(ity)S 189 x(context)S 190 x(and)S 190 x(transfe)S
2 x(rring)S 190 x(a)S 189 x(protect)S 2 x(ed)S 189 x(message.)S 264 x
(The)S 189 x(example)S 3899 X 648 y(assumes)S 204 x(that)S 203 x(crede)S
2 x(ntial)S 203 x(acquisi)S 2 x(tion)S 203 x(has)S 203 x(already)S 204 x
(been)S 203 x(complet)S 2 x(ed.)S 303 x(Only)S 203 x(a)S 202 x(subset)S
204 x(of)S 203 x(paramet)S 2 x(er)S 203 x(and)S 203 x(result)S 3899 X
648 y(values)S 184 x(are)S 183 x(illust)S 2 x(rated,)S 184 x(for)S 183 x
(reasons)S 184 x(of)S 183 x(clar)S 2 x(ity)S 183 x(in)S 183 x(exposition.)S
3899 20415 XY(The)S 124 x(client)S 125 x(call)S 2 x(s)S 124 x(GSS_Init_sec_context)S
2 x(\()S 83 x(\))S 125 x(to)S 124 x(establi)S 2 x(sh)S 124 x(a)S 124 x
(securit)S 2 x(y)S 124 x(context)S 125 x(to)S 124 x(the)S 125 x(server)S
125 x(identi)S 2 x(\211ed)S 123 x(by)S 124 x(tar)S -8 x(gname,)S 3899 X
647 y(and)S 175 x(elect)S 2 x(s)S 175 x(to)S 175 x(set)S 175 x(the)S
176 x(mutual_re)S 2 x(q_\212ag)S 174 x(so)S 175 x(that)S 176 x(mutual)S
176 x(authent)S 2 x(ication)S 176 x(is)S 175 x(perfor)S 2 x(med)S 175 x
(in)S 176 x(the)S 175 x(course)S 176 x(of)S 175 x(context)S 3899 X 648 y
(establi)S 2 x(shment.)S 242 x(GSS_Init_sec_conte)S 2 x(xt)S(\()S 83 x
(\))S 178 x(returns)S 178 x(an)S 178 x(output_token)S 178 x(to)S 177 x
(be)S 177 x(passed)S 178 x(to)S 177 x(the)S 178 x(server)S -21 x(,)S
178 x(and)S 178 x(indicates)S 3899 X 648 y(GSS_CON)S -2 x(TINUE_NEEDE)S
-2 x(D)S 253 x(status)S 254 x(pending)S 253 x(comple)S 2 x(tion)S 253 x
(of)S 254 x(the)S 253 x(mutual)S 254 x(authenti)S 2 x(cation)S 254 x
(sequence.)S 456 x(Had)S 3899 X 647 y(mutual_r)S 2 x(eq_\212ag)S 266 x
(not)S 267 x(been)S 266 x(set,)S 288 x(the)S 267 x(initia)S 2 x(l)S
266 x(call)S 268 x(to)S 266 x(GSS_Init_sec_cont)S 2 x(ext)S(\()S 84 x
(\))S 267 x(would)S 266 x(have)S 267 x(returned)S 268 x(GSS)S -2 x(_)S
3899 X 648 y(COMPLETE)S 182 x(status.)S 244 x(The)S 183 x(client)S 184 x
(sends)S 183 x(the)S 184 x(output_token)S 183 x(to)S 183 x(the)S 184 x
(server)S -29 x(.)S 3899 24649 XY(The)S 166 x(server)S 167 x(passes)S
167 x(the)S 167 x(receive)S 2 x(d)S 165 x(token)S 167 x(as)S 166 x(the)S
167 x(input_token)S 166 x(param)S 2 x(eter)S 167 x(to)S 166 x(GSS_Accept_sec_context)S
2 x(\()S 83 x(\))S(.)S 239 x(GSS)S -2 x(_)S 3899 X 647 y(Accept_sec_c)S
2 x(ontext)S 156 x(indica)S 2 x(tes)S 156 x(GSS_COMPLET)S -2 x(E)S 156 x
(status,)S 162 x(provides)S 157 x(the)S 157 x(client')S -28 x(s)S 156 x
(authentic)S 2 x(ated)S 156 x(identi)S 2 x(ty)S 156 x(in)S 156 x(the)S
3899 X 648 y(srcname)S 209 x(result)S 2 x(,)S 213 x(and)S 208 x(provides)S
209 x(an)S 208 x(output_token)S 208 x(to)S 208 x(be)S 208 x(passed)S
208 x(to)S 208 x(the)S 208 x(client)S 2 x(.)S 318 x(The)S 208 x(server)S
209 x(sends)S 208 x(the)S 208 x(output_)S 3899 X 648 y(token)S 183 x
(to)S 183 x(the)S 183 x(client)S 2 x(.)S 3899 27588 XY(The)S 193 x(client)S
194 x(passes)S 194 x(the)S 193 x(recei)S 2 x(ved)S 193 x(token)S 193 x
(as)S 193 x(the)S 193 x(input_token)S 194 x(parame)S 2 x(ter)S 193 x
(to)S 193 x(a)S 193 x(succes)S 2 x(sor)S 193 x(call)S 194 x(to)S 193 x
(GSS_Init_sec_)S 3899 X 647 y(context)S(\()S 85 x(\))S(,)S 238 x(which)S
227 x(processe)S 2 x(s)S 227 x(data)S 227 x(include)S 2 x(d)S 227 x
(in)S 227 x(the)S 227 x(token)S 228 x(in)S 227 x(order)S 228 x(to)S
227 x(achieve)S 229 x(mutual)S 228 x(authentica)S 2 x(tion)S 227 x(from)S
3899 X 648 y(the)S 186 x(client')S -28 x(s)S 185 x(viewpoint.)S 253 x
(This)S 185 x(call)S 187 x(to)S 186 x(GSS_Init_sec_context)S 2 x(\()S
83 x(\))S 186 x(retur)S 2 x(ns)S 185 x(GSS_COMPLE)S -2 x(TE)S 185 x
(status)S 2 x(,)S 186 x(indicati)S 2 x(ng)S 3899 X 648 y(successf)S
2 x(ul)S 183 x(mutual)S 183 x(authent)S 2 x(ication)S 184 x(and)S 183 x
(completed)S 184 x(context)S 184 x(establis)S 2 x(hment.)S 3899 30527 XY
(The)S 242 x(client)S 243 x(generate)S 2 x(s)S 241 x(a)S 242 x(data)S
243 x(message)S 243 x(and)S 242 x(passes)S 242 x(it)S 242 x(to)S 242 x
(GSS_Seal)S(\()S 83 x(\))S(.)S 421 x(GSS_Seal)S(\()S 83 x(\))S 242 x
(perfor)S 2 x(ms)S 242 x(data)S 242 x(origin)S 3899 X 647 y(authentic)S
2 x(ation,)S 193 x(data)S 192 x(integri)S 2 x(ty)S -36 x(,)S 193 x(and)S
191 x(\(optiona)S 2 x(l\))S 191 x(con\211dential)S 2 x(ity)S 191 x(processi)S
2 x(ng)S 191 x(on)S 190 x(the)S 192 x(message)S 192 x(and)S 191 x(encapsula)S
2 x(tes)S 3899 X 648 y(the)S 144 x(result)S 144 x(into)S 144 x(output_messa)S
2 x(ge,)S 151 x(indicati)S 2 x(ng)S 143 x(GSS_COMPL)S -2 x(ETE)S 143 x
(status.)S 231 x(The)S 144 x(client)S 144 x(sends)S 144 x(the)S 144 x
(output_message)S 3899 X 648 y(to)S 183 x(the)S 183 x(server)S -28 x
(.)S 22808 37373 XY F36(1)S -27 x(1\203June\2031991)S 499 x(27)S
%%EndCustomColor: 0
27 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 28 28
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 4013 XY F32(Figure)S 182 x(2:)S 498 x(Example)S 183 x
(Client)S 182 x(Scenario)S
3899 4731 XY
3899 26250 SPB
%%BeginDocument (api_client_examp.ps)
%!PS-Adobe-2.0 EPSF-1.2
%%Creator: DDIF WRITE_PS V02-001, Digital Equipment Corporation
%%CreationDate: 11-Sep-1990 10:49:57
%%DDIF$: V1.0
%%DDIF$ProductIdentifier: Write$
%%DDIF$ProductName: DECwrite V1.0
%%DDIF$Date: 19900911104953
%%BoundingBox: (at end)
%%Pages: (at end)
%%DocumentFonts: (at end)
%%DocumentNeededFonts: (at end)
%%EndComments
%%BeginProcSet: DEC_DDIF_WRITE_PS 1 1
/DEC_DDIF_WRITE_PS_dict 100 dict def DEC_DDIF_WRITE_PS_dict begin/version 1 def/revision 1 def/B{currentdict{dup type/arraytype eq{
bind def}{pop pop}ifelse}forall}def/I{0 setlinewidth 0 setlinecap 0 setlinejoin[]0 setdash 0 setgray 10 setmiterlimit}def mark
/ISOLatin1Encoding 0 1 44{StandardEncoding exch get}for/minus 46 1 143{StandardEncoding exch get}for/dotlessi 193 1 207{
StandardEncoding exch get}for/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine
/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered
/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde
/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute
/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex
/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute
/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis/ISOLatin1Encoding where not{
256 array astore def}if cleartomark/F{currentdict 6 index known{pop pop pop pop pop pop}{FontDirectory 2 index known{pop findfont}{2
index findfont dup maxlength dict begin{1 index/FID ne{def}{pop pop}ifelse}forall dup type/nulltype eq{pop}{/Encoding exch def}
ifelse dup/FontName exch def currentdict definefont end}ifelse exch pop exch dup type/arraytype eq{makefont}{scalefont}ifelse 1
index exch def cvx[exch/setfont load]cvx bind def}ifelse}def/P{/px exch def/pa 8 array def 0 1 7{/py exch def/pw 4 string def 0 1 3
{pw exch px py 1 getinterval putinterval}for pa py pw put}for}def/p{save exch/pi exch def clip newpath{clippath pathbbox}stopped not
{/ph exch def/pw exch def/py exch def/px exch def/px px 30.72 div floor 30.72 mul def/py py 30.72 div floor 30.72 mul def px py
translate/pw pw px sub 30.72 div floor 1 add cvi def/ph ph py sub 30.72 div floor 1 add cvi def pw 30.72 mul ph 30.72 mul scale/pw
pw 32 mul def/ph ph 32 mul def/px 0 def/py 0 def pw ph pi[pw 0 0 ph 0 0]{pa py get/px px 32 add def px pw ge{/px 0 def/py py 1 add
8 mod def}if}pi type/booleantype eq{imagemask}{image}ifelse}if restore}def/SN{transform floor .5 add exch floor .5 add exch
itransform}def end
%%EndProcSet
%%EndProlog
%%BeginSetup
DEC_DDIF_WRITE_PS_dict begin/world-save save def B I
%%EndSetup
%%Page: ? 1
%%PageBoundingBox: 0 0 612 792
%%PageFonts: Times-Bold
%%+ Times-Roman
%%IncludeFont: Times-Bold
/f2/F2 12/Times-Bold/DDIF$F2 ISOLatin1Encoding F
%%IncludeFont: Times-Roman
/f3/F3 12/Times-Roman/DDIF$F3 ISOLatin1Encoding F/page-save save def gsave newpath 0 792 SN moveto 0 0 SN lineto 612 0 SN lineto 612
792 SN lineto closepath clip f2 0 416.88 moveto(Client)show 72 416.88 moveto(Client GSSAPI)show 400.71 416.88 moveto(Server)show
288 416.88 moveto(Server GSSAPI)show f3 119.77 371.88 moveto(GSS_Init_sec_context\(\))show 35.69 353.88 moveto
(output_token, GSS_CONTINUE_NEEDED)show 333 326.88 moveto(input_token)show 211.5 308.88 moveto(GSS_Accept_sec_context\(\))show 198
294.5 moveto(output_token, srcname,GSS_COMPLETE)show 35.69 236.88 moveto(GSS_COMPLETE)show 31.19 173.88 moveto
(output_message,GSS_COMPLETE)show 31.5 215.26 moveto(input_message)show 324.73 159.5 moveto(input_message)show 225 119.88 moveto
(output_message, GSS_COMPLETE)show 9 402.5 moveto(targname,mutual_req_flag)show 189 326.88 moveto(token)show 189 272.88 moveto
(token)show 184.39 155.88 moveto(message)show 198 74.88 moveto(output_context_token, GSS_COMPLETE)show 171 47.88 moveto
(context_token)show 119.77 254.87 moveto(GSS_Init_sec_context\(\))show 124.38 195.5 moveto(GSS_Seal\(\))show 234 137.88 moveto
(GSS_Unseal\(\))show 171 92.88 moveto(GSS_Delete_sec_context\(\))show 31.19 2.88 moveto(GSS_COMPLETE)show 36.39 51.5 moveto
(input_context_token)show 119.77 20.87 moveto(GSS_Process_context_token\(\))show newpath 117 369 SN moveto 18 369 SN lineto 27 378
SN lineto 27 360 SN lineto 18 369 SN lineto 1 setlinewidth[]0 setdash stroke newpath 117 252 SN moveto 18 252 SN lineto 27 261 SN
lineto 27 243 SN lineto 18 252 SN lineto stroke newpath 117 189 SN moveto 18 189 SN lineto 27 198 SN lineto 27 180 SN lineto 18 189
SN lineto stroke newpath 117 18 SN moveto 18 18 SN lineto 27 27 SN lineto 27 9 SN lineto 18 18 SN lineto stroke newpath 414 324 SN
moveto 315 324 SN lineto 324 333 SN lineto 324 315 SN lineto 315 324 SN lineto stroke newpath 414 153 SN moveto 306 153 SN lineto
315.82 162 SN lineto 315.82 144 SN lineto 306 153 SN lineto stroke newpath 414 108 SN moveto 315 108 SN lineto 324 117 SN lineto
324 99 SN lineto 315 108 SN lineto stroke newpath 18 387 SN moveto 117 387 SN lineto 108 378 SN lineto 108 396 SN lineto 117 387 SN
lineto stroke newpath 18 270 SN moveto 117 270 SN lineto 108 261 SN lineto 108 279 SN lineto 117 270 SN lineto stroke newpath 18
207 SN moveto 117 207 SN lineto 108 198 SN lineto 108 216 SN lineto 117 207 SN lineto stroke newpath 18 36 SN moveto 117 36 SN
lineto 108 27 SN lineto 108 45 SN lineto 117 36 SN lineto stroke newpath 315 306 SN moveto 414 306 SN lineto 405 297 SN lineto 405
315 SN lineto 414 306 SN lineto stroke newpath 305.99 135 SN moveto 414 135 SN lineto 404.17 126 SN lineto 404.17 144 SN lineto 414
135 SN lineto stroke newpath 315 90 SN moveto 414 90 SN lineto 405 81 SN lineto 405 99 SN lineto 414 90 SN lineto stroke newpath 18
342 SN moveto 414 342 SN lineto 405 333 SN lineto 405 351 SN lineto 414 342 SN lineto stroke newpath 18 171 SN moveto 414 171 SN
lineto 405 162 SN lineto 405 180 SN lineto 414 171 SN lineto stroke newpath 414 288 SN moveto 18 288 SN lineto 27 297 SN lineto 27
279 SN lineto 18 288 SN lineto stroke newpath 414 63 SN moveto 18 63 SN lineto 27 72 SN lineto 27 54 SN lineto 18 63 SN lineto
stroke grestore page-save restore showpage
%%Trailer
world-save restore end
%%BoundingBox: 0 0 612 792
%%Pages: 1
%%DocumentFonts: Times-Bold
%%+ Times-Roman
%%DocumentNeededFonts: Times-Bold
%%+ Times-Roman
% End-of-file
%%EndDocument
SPE
3899 27822 XY F74(The)S 212 x(serve)S 2 x(r)S 213 x(passes)S 213 x(the)S
213 x(rece)S 2 x(ived)S 213 x(message)S 214 x(to)S 213 x(GSS_)S -2 x
(Unseal)S(\()S 85 x(\))S(.)S 333 x(GSS_Unseal)S 212 x(invert)S 2 x(s)S
212 x(the)S 214 x(encapsulati)S 2 x(on)S 212 x(per-)S 3899 X 647 y(formed)S
189 x(by)S 187 x(GSS_Seal)S(\()S 83 x(\))S(,)S 190 x(deciphers)S 189 x
(the)S 188 x(message)S 189 x(if)S 189 x(optional)S 188 x(con\211dential)S
2 x(ity)S 188 x(was)S 188 x(applied,)S 190 x(and)S 187 x(valida)S 2 x
(tes)S 188 x(the)S 3899 X 648 y(data)S 254 x(origin)S 254 x(authentica)S
2 x(tion)S 253 x(and)S 253 x(data)S 254 x(integri)S 2 x(ty)S 253 x(checking)S
254 x(quantitie)S 2 x(s.)S 454 x(GSS_Unseal)S(\()S 83 x(\))S 254 x(indicates)S
254 x(succes)S 2 x(sful)S 3899 X 648 y(validati)S 2 x(on)S 182 x(by)S
183 x(returni)S 2 x(ng)S 182 x(GSS_COMPLET)S -2 x(E)S 183 x(status)S
184 x(along)S 183 x(with)S 183 x(the)S 183 x(result)S 2 x(ant)S 183 x
(output_messa)S 2 x(ge.)S 3899 30761 XY(For)S 131 x(purposes)S 132 x
(of)S 131 x(this)S 132 x(example,)S 142 x(we)S 131 x(assume)S 132 x
(that)S 132 x(the)S 131 x(server)S 133 x(knows)S 130 x(by)S 131 x(out-of-)S
2 x(band)S 131 x(means)S 131 x(that)S 132 x(this)S 132 x(context)S 132 x
(will)S 3899 X 647 y(have)S 179 x(no)S 179 x(further)S 180 x(use)S 179 x
(aft)S 2 x(er)S 179 x(one)S 179 x(protect)S 2 x(ed)S 178 x(messa)S 2 x
(ge)S 179 x(is)S 179 x(transfe)S 2 x(rred)S 180 x(from)S 179 x(clie)S
2 x(nt)S 179 x(to)S 179 x(server)S -29 x(.)S 242 x(Given)S 179 x(this)S
180 x(premise,)S 3899 X 648 y(the)S 238 x(server)S 238 x(now)S 237 x
(calls)S 239 x(GSS_D)S -2 x(elet)S 2 x(e_sec_context)S 2 x(\()S 83 x
(\))S 238 x(to)S 237 x(\212ush)S 237 x(context-)S 2 x(level)S 238 x
(inform)S 2 x(ation.)S 408 x(GSS_D)S -2 x(elete)S 2 x(_sec_)S 3899 X
648 y(context)S 184 x(returns)S 184 x(a)S 183 x(context_toke)S 2 x(n)S
182 x(for)S 184 x(the)S 183 x(server)S 184 x(to)S 183 x(pass)S 183 x
(to)S 183 x(the)S 184 x(client.)S 3899 33700 XY(The)S 274 x(client)S
275 x(passes)S 275 x(the)S 274 x(retur)S 2 x(ned)S 274 x(context_token)S
275 x(to)S 274 x(GSS_Process_context_toke)S 2 x(n)S(\()S 83 x(\))S(,)S
297 x(which)S 274 x(retur)S 2 x(ns)S 274 x(GSS)S -2 x(_)S 3899 X 647 y
(COMPLETE)S 182 x(status)S 183 x(aft)S 2 x(er)S 183 x(deleting)S 184 x
(context-)S 2 x(level)S 184 x(informat)S 2 x(ion)S 183 x(at)S 183 x
(the)S 183 x(client)S 184 x(system.)S 3899 37373 XY F36(28)S 498 x(1)S
-28 x(1\203June\2031991)S
%%EndCustomColor: 0
28 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 29 29
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 4013 XY F32(3.2)S 547 x(Mechanism-Speci\211c)S
182 x(Scenarios)S 3899 5009 XY F74(This)S 183 x(section)S 183 x(provides)S
184 x(illustr)S 2 x(ative)S 183 x(overvie)S 2 x(ws)S 182 x(of)S 183 x
(the)S 183 x(use)S 183 x(of)S 183 x(various)S 183 x(candidat)S 2 x(e)S
182 x(mecha)S 2 x(nism)S 183 x(types)S 183 x(to)S 183 x(support)S 3899 X
647 y(the)S 183 x(GSS-API.)S 3899 7051 XY F32(3.2.1)S 547 x(Kerberos)S
182 x(V5,)S 183 x(single-TGT)S 3899 X 897 y F74(OS-speci\211c)S 139 x
(login)S 140 x(functions)S 140 x(yield)S 140 x(a)S 139 x(TGT)S 137 x
(to)S 140 x(the)S 139 x(local)S 140 x(realm)S 140 x(Kerberos)S 140 x
(server)S 2 x(;)S 154 x(TGT)S 138 x(is)S 139 x(placed)S 140 x(in)S 139 x
(a)S 139 x(credenti)S 2 x(als)S 3899 X 647 y(structur)S 2 x(e)S 186 x
(for)S 187 x(the)S 187 x(client.)S 255 x(Clie)S 2 x(nt)S 186 x(calls)S
187 x(GSS_Acquire_cred)S(\()S 85 x(\))S 186 x(to)S 187 x(acquire)S 187 x
(a)S 187 x(cred_handle)S 188 x(in)S 186 x(order)S 187 x(to)S 187 x(refer)S
2 x(ence)S 3899 X 648 y(the)S 183 x(credent)S 2 x(ials)S 183 x(for)S
184 x(use)S 183 x(in)S 183 x(establi)S 2 x(shing)S 183 x(securit)S 2 x
(y)S 182 x(contexts.)S 3899 10239 XY(Client)S 195 x(call)S 2 x(s)S 193 x
(GSS_Init_sec_cont)S 2 x(ext)S(\()S 84 x(\))S(.)S 277 x(If)S 194 x(the)S
195 x(requested)S 195 x(servic)S 2 x(e)S 194 x(is)S 194 x(located)S
195 x(in)S 194 x(a)S 194 x(dif)S -9 x(ferent)S 195 x(real)S 2 x(m,)S
196 x(GSS_Init_)S 3899 X 648 y(sec_context)S 2 x(\()S 83 x(\))S 201 x
(gets)S 201 x(the)S 200 x(necessa)S 2 x(ry)S 200 x(TGT/key)S 200 x(pairs)S
201 x(needed)S 201 x(to)S 201 x(traver)S 2 x(se)S 200 x(the)S 201 x
(path)S 201 x(from)S 201 x(local)S 201 x(to)S 201 x(tar)S -9 x(get)S
200 x(rea)S 2 x(lm;)S 3899 X 647 y(these)S 193 x(data)S 193 x(are)S
193 x(placed)S 193 x(in)S 193 x(the)S 192 x(owner)S 21 x(')S -30 x(s)S
192 x(TGT)S 192 x(cache.)S 272 x(After)S 194 x(any)S 192 x(needed)S
193 x(remote)S 194 x(realm)S 193 x(resol)S 2 x(ution,)S 194 x(GSS_Init_)S
3899 X 648 y(sec_context)S 2 x(\()S 83 x(\))S 228 x(yields)S 228 x(a)S
228 x(service)S 229 x(ticket)S 229 x(to)S 227 x(the)S 228 x(requeste)S
2 x(d)S 227 x(service)S 229 x(with)S 227 x(a)S 228 x(corres)S 2 x(ponding)S
227 x(session)S 228 x(key;)S 250 x(these)S 3899 X 648 y(data)S 215 x
(are)S 215 x(stored)S 215 x(in)S 214 x(conjunction)S 215 x(with)S 214 x
(the)S 215 x(context.)S 338 x(GSS-API)S 213 x(code)S 215 x(sends)S 214 x
(KRB_TGS_REQ)S 214 x(request\()S 2 x(s\))S 214 x(and)S 3899 X 647 y
(recei)S 2 x(ves)S 183 x(KRB_TGS_REP)S 182 x(response\(s)S 2 x(\))S
183 x(\(in)S 183 x(the)S 183 x(succes)S 2 x(sful)S 183 x(case\))S 184 x
(or)S 183 x(KRB_ERR)S 2 x(OR.)S 3899 14473 XY(Assuming)S 223 x(success,)S
234 x(GSS_Init_sec_conte)S 2 x(xt)S(\()S 83 x(\))S 224 x(builds)S 223 x
(a)S 223 x(Kerberos-)S 2 x(formatt)S 2 x(ed)S 223 x(KRB_AP_REQ)S 222 x
(message)S 2 x(,)S 232 x(and)S 3899 X 648 y(returns)S 184 x(it)S 183 x
(in)S 183 x(output_toke)S 2 x(n.)S 243 x(The)S 183 x(client)S 184 x
(sends)S 183 x(the)S 183 x(output_token)S 184 x(to)S 183 x(the)S 183 x
(servic)S 2 x(e.)S 3899 16117 XY(The)S 160 x(service)S 161 x(passes)S
161 x(the)S 160 x(receive)S 2 x(d)S 159 x(token)S 160 x(as)S 160 x(the)S
161 x(input_token)S 160 x(ar)S -9 x(gument)S 161 x(to)S 160 x(GSS_A)S
-2 x(ccept_se)S 2 x(c_context)S(\()S 85 x(\))S(,)S 164 x(which)S 3899 X
648 y(veri\211es)S 140 x(the)S 140 x(authent)S 2 x(icator)S -21 x(,)S
148 x(provides)S 141 x(the)S 140 x(service)S 141 x(with)S 139 x(the)S
140 x(clie)S 2 x(nt')S -30 x(s)S 140 x(authentic)S 2 x(ated)S 140 x
(name,)S 149 x(and)S 139 x(retur)S 2 x(ns)S 139 x(an)S 140 x(output_)S
3899 X 647 y(context_handl)S 2 x(e.)S 3899 18409 XY(Both)S 128 x(parties)S
128 x(now)S 127 x(hold)S 127 x(the)S 127 x(session)S 128 x(key)S 127 x
(associ)S 2 x(ated)S 127 x(with)S 128 x(the)S 127 x(servic)S 2 x(e)S
127 x(ticket,)S 139 x(and)S 128 x(can)S 127 x(use)S 127 x(this)S 128 x
(key)S 127 x(in)S 127 x(subsequent)S 3899 X 647 y(GSS_S)S -2 x(ign)S
(\()S 84 x(\))S(,)S 183 x(GSS_V)S -62 x(erif)S 2 x(y)S(\()S 83 x(\))S
(,)S 183 x(GSS_Seal)S(\()S 83 x(\))S(,)S 183 x(and)S 183 x(GSS_Unseal)S
(\()S 83 x(\))S 183 x(operati)S 2 x(ons.)S 3899 20451 XY F32(3.2.2)S
547 x(Kerberos)S 182 x(V5,)S 183 x(double-TGT)S 3899 X 897 y F74(TGT)S
182 x(acquisiti)S 2 x(on)S 182 x(as)S 183 x(above.)S 3899 22344 XY(Note:)S
280 x(T)S -39 x(o)S 200 x(avoid)S 201 x(unnecess)S 2 x(ary)S 201 x(frequent)S
202 x(invocations)S 202 x(of)S 201 x(error)S 202 x(paths)S 201 x(when)S
200 x(imple)S 2 x(menting)S 201 x(the)S 201 x(GSS-API)S 200 x(atop)S
3899 X 647 y(Kerberos)S 129 x(V5,)S 139 x(it)S 129 x(seems)S 129 x(appropr)S
2 x(iate)S 129 x(to)S 129 x(represent)S 130 x("single-TGT)S 128 x(K-V5")S
128 x(and)S 128 x("double-TGT)S 128 x(K-V5")S 128 x(with)S 128 x(separ)S
2 x(ate)S 3899 X 648 y(mech_types,)S 184 x(and)S 183 x(this)S 183 x
(discussi)S 2 x(on)S 182 x(makes)S 184 x(that)S 184 x(assumption.)S
3899 24635 XY(Based)S 129 x(on)S 129 x(the)S 129 x(\(speci\211ed)S 129 x
(or)S 129 x(default)S 2 x(ed\))S 129 x(mech_type,)S 140 x(GSS_Init_sec_cont)S
2 x(ext)S(\()S 84 x(\))S 128 x(deter)S 2 x(mines)S 129 x(that)S 129 x
(the)S 129 x(double-TGT)S 3899 X 648 y(protocol)S 141 x(should)S 141 x
(be)S 141 x(employed)S 141 x(for)S 141 x(the)S 141 x(speci\211ed)S 141 x
(tar)S -8 x(get.)S 230 x(GSS_)S -2 x(Init)S 2 x(_sec_context)S(\()S
85 x(\))S 141 x(returns)S 142 x(GSS_)S -2 x(CONTINUE_)S 3899 X 647 y
(NEEDE)S -2 x(D)S 172 x(major_st)S 2 x(atus)S -180 y F86(9)S 26 x 180 y
F74(,)S 174 x(and)S 172 x(its)S 172 x(retur)S 2 x(ned)S 172 x(output_token)S
173 x(contains)S 173 x(a)S 172 x(request)S 173 x(to)S 172 x(the)S 173 x
(service)S 173 x(for)S 173 x(the)S 172 x(servic)S 2 x(e')S -30 x(s)S
3899 X 648 y(TGT)S -41 x(.)S 161 x(\(If)S 163 x(a)S 162 x(servi)S 2 x
(ce)S 162 x(TGT)S 161 x(with)S 162 x(suitably)S 163 x(long)S 162 x(remai)S
2 x(ning)S 162 x(lifet)S 2 x(ime)S 162 x(alre)S 2 x(ady)S 162 x(exists)S
163 x(in)S 162 x(a)S 162 x(cache,)S 167 x(it)S 162 x(may)S 162 x(be)S
162 x(usable,)S 3899 X 648 y(obviating)S 184 x(the)S 183 x(need)S 183 x
(for)S 184 x(this)S 183 x(step.\))S 245 x(The)S 182 x(clie)S 2 x(nt)S
183 x(passes)S 183 x(the)S 184 x(output_token)S 183 x(to)S 183 x(the)S
183 x(servi)S 2 x(ce.)S 3899 28222 XY(The)S 160 x(service)S 161 x(passes)S
161 x(the)S 160 x(receive)S 2 x(d)S 159 x(token)S 160 x(as)S 160 x(the)S
161 x(input_token)S 160 x(ar)S -9 x(gument)S 161 x(to)S 160 x(GSS_A)S
-2 x(ccept_se)S 2 x(c_context)S(\()S 85 x(\))S(,)S 164 x(which)S 3899 X
647 y(recognize)S 2 x(s)S 140 x(it)S 141 x(as)S 141 x(a)S 141 x(request)S
142 x(for)S 141 x(TGT)S -41 x(.)S 141 x(\(Note)S 141 x(that)S 141 x
(curre)S 2 x(nt)S 140 x(Kerberos)S 142 x(V5)S 140 x(de\211nes)S 141 x
(no)S 140 x(intra)S 2 x(-protocol)S 142 x(mechanism)S 142 x(to)S 3899 X
648 y(repres)S 2 x(ent)S 153 x(such)S 153 x(a)S 153 x(request.\))S 235 x
(GSS_A)S -2 x(ccept)S 2 x(_sec_context)S(\()S 85 x(\))S 153 x(retur)S
2 x(ns)S 152 x(GSS_CONTINU)S -2 x(E_NEEDED)S 151 x(major_st)S 2 x(atus)S
3899 X 648 y(and)S 183 x(provides)S 184 x(the)S 183 x(service)S 2 x
(')S -30 x(s)S 183 x(TGT)S 182 x(in)S 182 x(its)S 184 x(output_token.)S
245 x(The)S 182 x(servic)S 2 x(e)S 183 x(sends)S 183 x(the)S 183 x(output_token)S
184 x(to)S 183 x(the)S 183 x(client.)S 3899 31161 XY(The)S 224 x(clie)S
2 x(nt)S 224 x(passes)S 226 x(the)S 225 x(recei)S 2 x(ved)S 224 x(token)S
225 x(as)S 225 x(the)S 225 x(input_token)S 226 x(ar)S -9 x(gument)S
225 x(to)S 225 x(a)S 225 x(continuation)S 226 x(of)S 225 x(GSS_Init_sec_)S
3899 X 647 y(context)S(\()S 85 x(\))S(.)S 421 x(GSS_Init_sec_context)S
2 x(\()S 83 x(\))S 242 x(caches)S 243 x(the)S 243 x(receive)S 2 x(d)S
241 x(servi)S 2 x(ce)S 242 x(TGT)S 241 x(and)S 242 x(uses)S 242 x(it)S
242 x(as)S 243 x(part)S 242 x(of)S 243 x(a)S 242 x(service)S 3899 X
648 y(ticket)S 208 x(request)S 208 x(to)S 207 x(the)S 207 x(Kerberos)S
208 x(authentic)S 2 x(ation)S 207 x(server)S -20 x(,)S 212 x(storing)S
208 x(the)S 207 x(retur)S 2 x(ned)S 206 x(servi)S 2 x(ce)S 207 x(ticket)S
208 x(and)S 207 x(session)S 207 x(key)S 3899 X 648 y(in)S 183 x(conjunction)S
183 x(with)S 183 x(the)S 183 x(context.)S 245 x(GSS)S -2 x(_Init)S 2 x
(_sec_context)S(\()S 85 x(\))S 183 x(builds)S 183 x(a)S 182 x(Kerber)S
2 x(os-forma)S 2 x(tted)S 183 x(authentic)S 2 x(ator)S -21 x(,)S 182 x
(and)S 3899 X 647 y(returns)S 143 x(it)S 142 x(in)S 142 x(output_token)S
143 x(along)S 142 x(with)S 141 x(GSS_COMPLETE)S 140 x(return)S 143 x
(major_st)S 2 x(atus.)S 230 x(The)S 142 x(client)S 143 x(sends)S 142 x
(the)S 142 x(output_)S 3899 X 648 y(token)S 183 x(to)S 183 x(the)S 183 x
(servic)S 2 x(e.)S 3899 X 543 y 6996 24 R 4123 35290 XY F90(9)S 225 x
141 y F86(This)S 171 x(scenario)S 171 x(illustrates)S 170 x(a)S 170 x
(dif)S -7 x(ferent)S 170 x(use)S 171 x(for)S 171 x(the)S 171 x(GSS_CON)S
-2 x(TINUE_NEEDE)S 2 x(D)S 170 x(status)S 171 x(return)S 171 x(facili)S
-2 x(ty)S 171 x(than)S 172 x(that)S 170 x(described)S 171 x(in)S 171 x
(Section)S 171 x(3.1)S 171 x(for)S 4497 X 448 y(purposes)S 130 x(of)S
130 x(mutual)S 130 x(authentication;)S 130 x(note)S 130 x(that)S 130 x
(both)S 130 x(uses)S 130 x(can)S 130 x(coexist)S 130 x(as)S 130 x(successive)S
130 x(operations)S 130 x(within)S 129 x(a)S 130 x(single)S 130 x(context)S
130 x(establishment)S 130 x(operation.)S 22808 37554 XY F36(1)S -27 x
(1\203June\2031991)S 499 x(29)S
%%EndCustomColor: 0
29 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 30 30
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 3899 2106 XY F40(Generic)S 150 x(Security)S 150 x(Service)S 151 x
(API:)S 149 x(Internet-Dra)S 2 x(ft)S 3899 X 548 y(Common)S 148 x(Authentication)S
150 x(T)S -34 x(echnology)S 150 x(WG:)S 150 x(John)S 149 x(Linn)S 149 x
(\(DEC\))S 3899 3976 XY F74(Service)S 145 x(passes)S 145 x(the)S 145 x
(recei)S 2 x(ved)S 144 x(token)S 145 x(as)S 144 x(the)S 145 x(input_token)S
145 x(ar)S -9 x(gument)S 145 x(to)S 144 x(a)S 145 x(continuation)S 145 x
(call)S 146 x(to)S 144 x(GSS_Accept_sec_)S 3899 X 648 y(context)S(\()S
85 x(\))S(.)S 364 x(GSS_Accept_sec_conte)S 2 x(xt)S(\()S 83 x(\))S 224 x
(veri\211es)S 224 x(the)S 223 x(authent)S 2 x(icator)S -21 x(,)S 233 x
(provides)S 224 x(the)S 224 x(service)S 225 x(with)S 223 x(the)S 223 x
(clie)S 2 x(nt')S -30 x(s)S 3899 X 648 y(authentic)S 2 x(ated)S 183 x
(name,)S 184 x(and)S 183 x(returns)S 184 x(major_st)S 2 x(atus)S 183 x
(GSS_COMPLE)S -2 x(TE.)S 3899 6268 XY(GSS_S)S -2 x(ign)S(\()S 84 x(\))S
(,)S 183 x(GSS_V)S -62 x(erif)S 2 x(y)S(\()S 83 x(\))S(,)S 183 x(GSS_Seal)S
(\()S 83 x(\))S(,)S 183 x(and)S 183 x(GSS_Unseal)S(\()S 83 x(\))S 183 x
(as)S 183 x(above.)S 3899 7663 XY F32(3.2.3)S 547 x(X.509)S 183 x(Authentication)S
182 x(Framework)S 3899 X 896 y F74(This)S 160 x(example)S 161 x(illustr)S
2 x(ates)S 161 x(use)S 160 x(of)S 160 x(the)S 160 x(GSS-API)S 159 x
(in)S 160 x(conjuncti)S 2 x(on)S 159 x(with)S 160 x(public-ke)S 2 x
(y)S 159 x(mecha)S 2 x(nisms,)S 165 x(consistent)S 161 x(with)S 3899 X
648 y(the)S 183 x(X.509)S 182 x(Direct)S 2 x(ory)S 183 x(Authenticati)S
2 x(on)S 182 x(Framework.)S 3899 10203 XY(The)S 123 x(GSS_A)S -2 x(cquire_c)S
2 x(red)S(\()S 84 x(\))S 123 x(call)S 124 x(establi)S 2 x(shes)S 123 x
(a)S 123 x(credent)S 2 x(ials)S 123 x(struc)S 2 x(ture,)S 135 x(making)S
124 x(the)S 123 x(client)S 2 x(')S -30 x(s)S 123 x(private)S 124 x(key)S
123 x(access)S 2 x(ible)S 3899 X 648 y(for)S 183 x(use)S 183 x(on)S
183 x(behalf)S 184 x(of)S 183 x(the)S 183 x(clie)S 2 x(nt.)S 3899 11847 XY
(The)S 239 x(client)S 241 x(calls)S 240 x(GSS_Init_sec_cont)S 2 x(ext)S
(\()S 84 x(\))S(,)S 253 x(which)S 240 x(interr)S 2 x(ogates)S 240 x
(the)S 240 x(Directory)S 241 x(to)S 239 x(acquire)S 241 x(\(and)S 240 x
(validate)S 2 x(\))S 239 x(a)S 3899 X 647 y(chain)S 149 x(of)S 148 x
(public-key)S 149 x(cert)S 2 x(i\211cates,)S 156 x(thereby)S 149 x(collect)S
2 x(ing)S 148 x(the)S 148 x(public)S 149 x(key)S 148 x(of)S 148 x(the)S
149 x(service.)S 233 x(The)S 148 x(cert)S 2 x(i\211cate)S 149 x(validati)S
2 x(on)S 3899 X 648 y(operati)S 2 x(on)S 147 x(determi)S 2 x(nes)S 148 x
(that)S 148 x(suitable)S 149 x(signature)S 2 x(s)S 147 x(were)S 148 x
(applied)S 149 x(by)S 147 x(truste)S 2 x(d)S 147 x(authorit)S 2 x(ies)S
148 x(and)S 147 x(that)S 149 x(those)S 148 x(certi\211ca)S 2 x(tes)S
3899 X 648 y(have)S 259 x(not)S 260 x(expired.)S 474 x(GSS_Init_sec_context)S
2 x(\()S 83 x(\))S 260 x(generates)S 261 x(a)S 259 x(secret)S 261 x
(key)S 259 x(for)S 260 x(use)S 259 x(in)S 260 x(per)S -10 x(-message)S
261 x(protecti)S 2 x(on)S 3899 X 647 y(operati)S 2 x(ons)S 182 x(on)S
183 x(the)S 183 x(context,)S 184 x(and)S 183 x(enciphers)S 184 x(that)S
184 x(secret)S 184 x(key)S 183 x(under)S 183 x(the)S 184 x(service')S
-28 x(s)S 183 x(public)S 183 x(key)S -35 x(.)S 3899 15433 XY(The)S 205 x
(enciphere)S 2 x(d)S 204 x(secr)S 2 x(et)S 205 x(key)S -35 x(,)S 210 x
(along)S 205 x(with)S 205 x(an)S 205 x(authenti)S 2 x(cator)S 206 x
(quantity)S 206 x(signed)S 205 x(with)S 205 x(the)S 206 x(client')S
-28 x(s)S 205 x(private)S 206 x(key)S -35 x(,)S 210 x(is)S 3899 X 648 y
(included)S 171 x(in)S 170 x(the)S 171 x(output_token)S 171 x(from)S
171 x(GSS_Init_sec_context)S 2 x(\()S 83 x(\))S(.)S 240 x(The)S 170 x
(output_token)S 171 x(also)S 170 x(car)S 2 x(ries)S 171 x(a)S 170 x
(certi)S 2 x(\211cation)S 3899 X 648 y(path,)S 223 x(consisting)S 216 x
(of)S 214 x(a)S 215 x(certi)S 2 x(\211cate)S 215 x(chain)S 215 x(leading)S
216 x(from)S 215 x(the)S 215 x(servi)S 2 x(ce)S 215 x(to)S 214 x(the)S
215 x(client)S 2 x(;)S 230 x(a)S 215 x(variant)S 216 x(approach)S 216 x
(would)S 3899 X 647 y(defer)S 220 x(this)S 219 x(path)S 220 x(resolution)S
220 x(to)S 219 x(be)S 219 x(perform)S 2 x(ed)S 219 x(by)S 218 x(the)S
219 x(servi)S 2 x(ce)S 219 x(instead)S 220 x(of)S 219 x(being)S 219 x
(assert)S 2 x(ed)S 219 x(by)S 218 x(the)S 219 x(clie)S 2 x(nt.)S 351 x
(The)S 3899 X 648 y(client)S 184 x(applica)S 2 x(tion)S 183 x(sends)S
183 x(the)S 183 x(output_token)S 184 x(to)S 183 x(the)S 183 x(servic)S
2 x(e.)S 3899 19020 XY(The)S 159 x(service)S 160 x(passes)S 160 x(the)S
159 x(receive)S 2 x(d)S 158 x(token)S 159 x(as)S 159 x(the)S 160 x(input_token)S
159 x(ar)S -9 x(gument)S 160 x(to)S 159 x(GSS_)S -2 x(Accept_se)S 2 x
(c_context)S(\()S 85 x(\))S(.)S 236 x(GSS)S -2 x(_)S 3899 X 648 y(Accept_sec_c)S
2 x(ontext)S(\()S 84 x(\))S 274 x(valida)S 2 x(tes)S 274 x(the)S 275 x
(certi\211ca)S 2 x(tion)S 274 x(path,)S 298 x(and)S 274 x(as)S 274 x
(a)S 274 x(resul)S 2 x(t)S 274 x(determi)S 2 x(nes)S 274 x(a)S 274 x
(cert)S 2 x(i\211ed)S 274 x(binding)S 3899 X 647 y(between)S 158 x(the)S
159 x(client')S -29 x(s)S 158 x(distingui)S 2 x(shed)S 158 x(name)S
158 x(and)S 158 x(the)S 158 x(clie)S 2 x(nt')S -30 x(s)S 158 x(public)S
159 x(key)S -36 x(.)S 236 x(Given)S 157 x(that)S 159 x(public)S 159 x
(key)S -36 x(,)S 163 x(GSS_A)S -2 x(ccept_)S 3899 X 648 y(sec_context)S
2 x(\()S 83 x(\))S 160 x(can)S 161 x(process)S 161 x(the)S 160 x(input_token')S
-29 x(s)S 160 x(authent)S 2 x(icator)S 161 x(quantity)S 161 x(and)S
160 x(verify)S 161 x(that)S 161 x(the)S 160 x(client)S 2 x(')S -30 x
(s)S 160 x(private)S 161 x(key)S 3899 X 647 y(was)S 144 x(used)S 145 x
(to)S 145 x(sign)S 145 x(the)S 145 x(input_toke)S 2 x(n.)S 230 x(At)S
145 x(this)S 145 x(point,)S 153 x(the)S 145 x(client)S 146 x(is)S 145 x
(authenti)S 2 x(cated)S 145 x(to)S 145 x(the)S 145 x(servi)S 2 x(ce.)S
231 x(The)S 145 x(service)S 146 x(uses)S 3899 X 648 y(its)S 166 x(private)S
167 x(key)S 165 x(to)S 165 x(decipher)S 167 x(the)S 166 x(enciphered)S
167 x(secret)S 166 x(key)S 166 x(provided)S 166 x(to)S 165 x(it)S 166 x
(for)S 166 x(per)S -10 x(-message)S 167 x(protecti)S 2 x(on)S 165 x
(operations)S 3899 X 647 y(on)S 182 x(the)S 184 x(context.)S 3899 23902 XY
(The)S 149 x(client)S 150 x(call)S 2 x(s)S 149 x(GSS_S)S -2 x(ign)S
(\()S 84 x(\))S 150 x(or)S 149 x(GSS_Seal)S(\()S 83 x(\))S 150 x(on)S
148 x(a)S 150 x(data)S 150 x(message,)S 157 x(which)S 149 x(causes)S
150 x(per)S -10 x(-messa)S 2 x(ge)S 149 x(authentic)S 2 x(ation,)S 3899 X
647 y(integri)S 2 x(ty)S -36 x(,)S 253 x(and)S 240 x(\(optional\))S
241 x(con\211dentialit)S 2 x(y)S 239 x(facili)S 2 x(ties)S 240 x(to)S
239 x(be)S 239 x(applied)S 240 x(to)S 240 x(that)S 240 x(message.)S
414 x(The)S 239 x(service)S 240 x(uses)S 240 x(the)S 3899 X 648 y(context')S
-29 x(s)S 183 x(shared)S 184 x(secret)S 184 x(key)S 183 x(to)S 183 x
(perfor)S 2 x(m)S 183 x(correspondi)S 2 x(ng)S 182 x(GSS_V)S -62 x(erify)S
(\()S 85 x(\))S 183 x(and)S 183 x(GSS_U)S -2 x(nseal)S(\()S 85 x(\))S
183 x(calls.)S 3899 26691 XY F28(4)S 598 x(Related)S 200 x(Activitie)S
2 x(s)S 3899 27688 XY F74(In)S 183 x(order)S 184 x(to)S 183 x(impleme)S
2 x(nt)S 182 x(the)S 184 x(GSS-AP)S -2 x(I)S 184 x(atop)S 183 x(existing,)S
184 x(emer)S -9 x(ging,)S 183 x(and)S 183 x(future)S 184 x(securi)S
2 x(ty)S 183 x(mechanisms)S 2 x(:)S 3899 X 896 y(\201)S 854 x(object)S
218 x(identi\211ers)S 218 x(must)S 218 x(be)S 217 x(assigned)S 217 x
(to)S 217 x(candidat)S 2 x(e)S 217 x(GSS-AP)S -2 x(I)S 218 x(mechanisms)S
218 x(and)S 217 x(the)S 217 x(name)S 218 x(types)S 217 x(which)S 4945 X
648 y(they)S 183 x(support)S 3899 X 896 y(\201)S 854 x(concret)S 2 x
(e)S 181 x(data)S 183 x(element)S 183 x(form)S 2 x(ats)S 182 x(must)S
182 x(be)S 182 x(de\211ned)S 182 x(for)S 182 x(candida)S 2 x(te)S 182 x
(mechanism)S 2 x(s)S 181 x(\(enca)S 2 x(psulation)S 183 x(within)S 182 x
(the)S 4945 X 648 y(mechanis)S 2 x(m-independent)S 211 x(token)S 209 x
(forma)S 2 x(t)S 209 x(de\211nition)S 210 x(in)S 209 x(Appendix)S 209 x
(B)S 210 x(of)S 209 x(this)S 210 x(document)S 210 x(is)S 209 x(recom)S
2 x(mended)S 4945 X 648 y(to)S 183 x(mechanism)S 184 x(designer)S 2 x
(s\))S 3899 32519 XY(Calli)S 2 x(ng)S 161 x(applic)S 2 x(ations)S 162 x
(must)S 163 x(implem)S 2 x(ent)S 162 x(forma)S 2 x(tting)S 162 x(conventions)S
163 x(which)S 162 x(will)S 163 x(enable)S 163 x(them)S 163 x(to)S 162 x
(distinguish)S 163 x(GSS-)S 3899 X 648 y(API)S 182 x(tokens)S 184 x
(from)S 183 x(other)S 184 x(data)S 184 x(carrie)S 2 x(d)S 182 x(in)S
183 x(their)S 184 x(applic)S 2 x(ation)S 183 x(protocols)S 2 x(.)S 3899 34163 XY
(Concret)S 2 x(e)S 172 x(language)S 172 x(bindings)S 173 x(are)S 172 x
(requir)S 2 x(ed)S 172 x(for)S 172 x(the)S 172 x(program)S 2 x(ming)S
172 x(environment)S 2 x(s)S 171 x(in)S 172 x(which)S 172 x(the)S 172 x
(GSS-API)S 171 x(is)S 172 x(to)S 3899 X 648 y(be)S 183 x(employed;)S
184 x(such)S 183 x(bindings)S 183 x(for)S 184 x(the)S 183 x(C)S 183 x
(language)S 184 x(are)S 184 x(being)S 183 x(developed)S 183 x(as)S 184 x
(of)S 183 x(this)S 183 x(writing.)S 3899 37373 XY F36(30)S 498 x(1)S
-28 x(1\203June\2031991)S
%%EndCustomColor: 0
30 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 31 31
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 17844 2106 XY F40(Generic)S 150 x(Security)S 151 x(Service)S 150 x
(API:)S 149 x(Internet-)S 2 x(Draft)S 14568 X 548 y(Comm)S -2 x(on)S
150 x(Authentication)S 149 x(T)S -33 x(echnology)S 149 x(WG:)S 150 x
(John)S 150 x(Linn)S 148 x(\(DEC\))S 3899 4032 XY F28(5)S 598 x(Acknowled)S
2 x(gments)S 3899 5028 XY F74(This)S 212 x(proposal)S 213 x(is)S 212 x
(the)S 212 x(resul)S 2 x(t)S 212 x(of)S 212 x(a)S 212 x(collabora)S
2 x(tive)S 212 x(ef)S -9 x(fort.)S 332 x(Acknowledgments)S 213 x(are)S
213 x(due)S 212 x(to)S 212 x(Kannan)S 212 x(Alagappan,)S 3899 X 647 y
(Doug)S 220 x(Barl)S 2 x(ow)S -36 x(,)S 230 x(Bill)S 222 x(Brown,)S
231 x(Clif)S -9 x(f)S 222 x(Kahn,)S 230 x(Charli)S 2 x(e)S 221 x(Kaufman,)S
231 x(Butler)S 222 x(Lampson,)S 231 x(Richar)S 2 x(d)S 220 x(Pitkin,)S
231 x(Joe)S 221 x(T)S -38 x(ardo,)S 3899 X 648 y(and)S 182 x(John)S
183 x(W)S -22 x(ray)S 183 x(of)S 183 x(Digital)S 184 x(Equipment)S 183 x
(Corpora)S 2 x(tion,)S 183 x(and)S 182 x(John)S 183 x(Carr)S -21 x(,)S
183 x(John)S 182 x(Kohl,)S 182 x(Jon)S 183 x(Rochlis,)S 184 x(Jef)S
-9 x(f)S 183 x(Schiller)S -21 x(,)S 3899 X 648 y(and)S 191 x(T)S -39 x
(ed)S 192 x(T')S -30 x(so)S 191 x(of)S 191 x(MIT)S 191 x(and)S 191 x
(Project)S 193 x(Athena.)S 268 x(Joe)S 192 x(Pato)S 191 x(and)S 191 x
(Bill)S 192 x(Sommerf)S 2 x(eld)S 191 x(of)S 192 x(HP/Apollo,)S 192 x
(W)S -43 x(alt)S 192 x(T)S -20 x(uvell)S 192 x(of)S 3899 X 647 y(OSF)S
-45 x(,)S 223 x(and)S 222 x(Bill)S 224 x(Grif)S -9 x(\211th)S 223 x
(and)S 223 x(Mike)S 223 x(Merri)S 2 x(tt)S 223 x(of)S 223 x(A)S -61 x
(T&T)S -41 x(,)S 222 x(provided)S 224 x(inputs)S 223 x(which)S 223 x
(helped)S 223 x(to)S 223 x(focus)S 224 x(and)S 222 x(clar)S 2 x(ify)S
3899 X 648 y(direct)S 2 x(ions.)S 330 x(Precursor)S 213 x(work)S 212 x
(by)S 211 x(Ric)S 2 x(hard)S 212 x(Pitkin,)S 219 x(meeti)S 2 x(ngs)S
211 x(of)S 212 x(the)S 212 x(T)S -19 x(rusted)S 213 x(Systems)S 212 x
(Inter)S 2 x(operabili)S 2 x(ty)S 211 x(Group)S 3899 X 647 y(\(TSIG\),)S
183 x(helped)S 183 x(to)S 183 x(demonstr)S 2 x(ate)S 183 x(the)S 184 x
(value)S 183 x(of)S 183 x(a)S 183 x(generic)S 2 x(,)S 182 x(mecha)S
2 x(nism-indepe)S 2 x(ndent)S 183 x(securit)S 2 x(y)S 182 x(servic)S
2 x(e)S 183 x(API.)S 22808 37373 XY F36(1)S -27 x(1\203June\2031991)S
499 x(31)S
%%EndCustomColor: 0
31 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 33 32
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 13172 6495 XY F24(APPENDIX)S 697 x(A)S 8817 7989 XY(P)S -51 x(ACS)S
281 x(AND)S 280 x(AUTH)S -2 x(ORIZA)S -53 x(TION)S 281 x(SER)S -13 x
(VICES)S 3899 9981 XY F74(Consider)S 2 x(ation)S 197 x(has)S 197 x(been)S
197 x(given)S 197 x(to)S 197 x(modifying)S 198 x(the)S 197 x(GSS-API)S
196 x(service)S 198 x(interf)S 2 x(ace)S 197 x(to)S 197 x(recogniz)S
2 x(e)S 197 x(and)S 196 x(manipul)S 2 x(ate)S 3899 X 648 y(Privilege)S
243 x(Attribute)S 243 x(Certi\211ca)S 2 x(tes)S 242 x(\(P)S -51 x(ACs\))S
242 x(as)S 242 x(in)S 241 x(ECMA)S 242 x(138,)S 255 x(carr)S 2 x(ying)S
241 x(authori)S 2 x(zation)S 242 x(data)S 242 x(as)S 242 x(a)S 241 x
(side)S 242 x(ef)S -9 x(fect)S 3899 X 648 y(of)S 204 x(establi)S 2 x
(shing)S 204 x(a)S 204 x(security)S 205 x(context,)S 210 x(but)S 204 x
(no)S 203 x(such)S 204 x(modi\211cat)S 2 x(ions)S 204 x(have)S 204 x
(been)S 204 x(incorpora)S 2 x(ted)S 204 x(at)S 204 x(this)S 205 x(time.)S
307 x(This)S 3899 X 647 y(appendix)S 177 x(provides)S 178 x(rational)S
2 x(e)S 176 x(for)S 178 x(this)S 177 x(decision)S 178 x(and)S 176 x
(discusse)S 2 x(s)S 176 x(compat)S 2 x(ibility)S 178 x(alterna)S 2 x
(tives)S 177 x(between)S 177 x(P)S -50 x(ACs)S 176 x(and)S 3899 X 648 y
(the)S 183 x(GSS-API)S 182 x(which)S 183 x(do)S 182 x(not)S 183 x(requir)S
2 x(e)S 183 x(that)S 183 x(P)S -51 x(ACs)S 183 x(be)S 183 x(made)S 184 x
(visible)S 184 x(to)S 183 x(GSS-AP)S -2 x(I)S 184 x(caller)S 2 x(s.)S
3899 13568 XY(Existing)S 191 x(candidate)S 191 x(mechani)S 2 x(sm)S
190 x(types)S 190 x(such)S 191 x(as)S 190 x(Kerberos)S 191 x(and)S 190 x
(X.509)S 189 x(do)S 190 x(not)S 190 x(incorpor)S 2 x(ate)S 190 x(P)S
-51 x(AC)S 190 x(manipul)S 2 x(ation)S 3899 X 648 y(featur)S 2 x(es,)S
151 x(and)S 143 x(exclusi)S 2 x(on)S 143 x(of)S 143 x(such)S 143 x(mecha)S
2 x(nisms)S 143 x(from)S 145 x(the)S 143 x(set)S 144 x(of)S 144 x(candidates)S
144 x(equipped)S 144 x(to)S 144 x(fully)S 144 x(support)S 143 x(the)S
144 x(GSS-)S 3899 X 647 y(API)S 213 x(seems)S 215 x(inappropr)S 2 x
(iate.)S 338 x(Inclusi)S 2 x(on)S 213 x(\(and)S 215 x(GSS-API)S 213 x
(visibili)S 2 x(ty\))S 214 x(of)S 215 x(a)S 214 x(featur)S 2 x(e)S 214 x
(supported)S 215 x(by)S 213 x(only)S 214 x(a)S 215 x(limited)S 3899 X
648 y(number)S 158 x(of)S 158 x(mechanisms)S 159 x(could)S 157 x(encoura)S
2 x(ge)S 157 x(the)S 158 x(development)S 159 x(of)S 157 x(allege)S 2 x
(dly)S 157 x(portable)S 159 x(applicat)S 2 x(ions)S 157 x(which)S 158 x
(would)S 3899 X 647 y(in)S 183 x(fact)S 184 x(have)S 183 x(only)S 183 x
(limit)S 2 x(ed)S 182 x(portabi)S 2 x(lity)S -35 x(.)S 3899 17155 XY
(The)S 243 x(status)S 244 x(quo,)S 257 x(in)S 243 x(which)S 243 x(P)S
-51 x(ACs)S 243 x(are)S 244 x(not)S 243 x(visible)S 244 x(across)S 244 x
(the)S 244 x(GSS-AP)S -2 x(I)S 243 x(inter)S 2 x(face,)S 259 x(does)S
243 x(not)S 243 x(preclude)S 244 x(im-)S 3899 X 647 y(plementa)S 2 x
(tions)S 218 x(in)S 218 x(which)S 217 x(P)S -51 x(ACs)S 218 x(are)S
218 x(carr)S 2 x(ied)S 218 x(transpar)S 2 x(ently)S -35 x(,)S 226 x
(within)S 218 x(the)S 218 x(tokens)S 218 x(de\211ned)S 218 x(and)S 217 x
(used)S 218 x(for)S 218 x(cer)S 2 x(tain)S 3899 X 648 y(mech_types,)S
235 x(and)S 223 x(stored)S 224 x(within)S 224 x(peers')S 225 x(credenti)S
2 x(als)S 223 x(and)S 224 x(context-l)S 2 x(evel)S 224 x(data)S 224 x
(structur)S 2 x(es.)S 365 x(While)S 224 x(invisibl)S 2 x(e)S 223 x(to)S
3899 X 647 y(API)S 152 x(caller)S 2 x(s,)S 158 x(such)S 152 x(P)S -51 x
(ACs)S 153 x(could)S 152 x(be)S 152 x(used)S 153 x(by)S 152 x(operating)S
153 x(system)S 153 x(or)S 153 x(other)S 153 x(local)S 153 x(functions)S
153 x(as)S 153 x(inputs)S 152 x(in)S 153 x(the)S 152 x(course)S 3899 X
648 y(of)S 208 x(mediat)S 2 x(ing)S 208 x(access)S 209 x(request)S 2 x
(s)S 208 x(made)S 209 x(by)S 207 x(call)S 2 x(ers.)S 320 x(This)S 208 x
(course)S 209 x(of)S 208 x(action)S 209 x(allows)S 209 x(dynamic)S 209 x
(select)S 2 x(ion)S 208 x(of)S 208 x(P)S -51 x(AC)S 3899 X 647 y(contents,)S
184 x(if)S 183 x(such)S 183 x(selec)S 2 x(tion)S 183 x(is)S 183 x(administ)S
2 x(rativel)S 2 x(y-direct)S 2 x(ed)S 183 x(rather)S 184 x(than)S 183 x
(call)S 2 x(er)S -11 x(-dir)S 2 x(ected.)S 3899 21389 XY(In)S 209 x
(a)S 209 x(distribut)S 2 x(ed)S 209 x(computing)S 209 x(environme)S
2 x(nt,)S 215 x(authenti)S 2 x(cation)S 209 x(must)S 210 x(span)S 209 x
(dif)S -9 x(ferent)S 210 x(systems;)S 223 x(the)S 209 x(need)S 210 x
(for)S 209 x(such)S 3899 X 647 y(authentic)S 2 x(ation)S 195 x(provides)S
195 x(motiva)S 2 x(tion)S 195 x(for)S 195 x(GSS-AP)S -2 x(I)S 195 x
(de\211nition)S 195 x(and)S 195 x(usage.)S 279 x(Heteroge)S 2 x(neous)S
194 x(system)S 2 x(s)S 194 x(in)S 195 x(a)S 194 x(net-)S 3899 X 648 y
(work)S 205 x(can)S 206 x(inter)S 2 x(communicat)S 2 x(e,)S 211 x(with)S
206 x(globally)S 206 x(authent)S 2 x(icated)S 206 x(names)S 207 x(comprisi)S
2 x(ng)S 205 x(the)S 206 x(common)S 206 x(bond)S 206 x(between)S 3899 X
647 y(locally)S 202 x(de\211ned)S 201 x(acce)S 2 x(ss)S 201 x(control)S
202 x(policie)S 2 x(s.)S 298 x(Access)S 202 x(control)S 202 x(policie)S
2 x(s)S 201 x(to)S 201 x(which)S 201 x(authenti)S 2 x(cation)S 202 x
(provides)S 202 x(inputs)S 3899 X 648 y(are)S 201 x(often)S 201 x(local)S
2 x(,)S 204 x(or)S 201 x(speci\211c)S 201 x(to)S 201 x(particul)S 2 x
(ar)S 201 x(operating)S 201 x(system)S 2 x(s)S 200 x(or)S 201 x(environments)S
2 x(.)S 296 x(If)S 201 x(the)S 201 x(GSS-API)S 199 x(made)S 201 x(par-)S
3899 X 648 y(ticular)S 213 x(authoriz)S 2 x(ation)S 212 x(models)S 212 x
(visible)S 213 x(across)S 212 x(its)S 212 x(servic)S 2 x(e)S 211 x(inter)S
2 x(face,)S 219 x(its)S 212 x(scope)S 212 x(of)S 212 x(applicat)S 2 x
(ion)S 211 x(would)S 211 x(become)S 3899 X 647 y(less)S 210 x(general.)S
323 x(The)S 209 x(curre)S 2 x(nt)S 209 x(GSS-AP)S -2 x(I)S 210 x(paradigm)S
210 x(is)S 209 x(consiste)S 2 x(nt)S 209 x(with)S 209 x(the)S 209 x
(prece)S 2 x(dent)S 209 x(set)S 210 x(by)S 208 x(Kerberos,)S 217 x(neither)S
3899 X 648 y(de\211ning)S 163 x(the)S 163 x(interpr)S 2 x(etation)S
164 x(of)S 163 x(authori)S 2 x(zation-r)S 2 x(elated)S 164 x(data)S
164 x(nor)S 163 x(enforcing)S 164 x(access)S 164 x(control)S 2 x(s)S
162 x(based)S 164 x(on)S 162 x(such)S 164 x(data.)S 3899 26918 XY(The)S
234 x(GSS-API)S 233 x(is)S 235 x(a)S 234 x(general)S 236 x(interf)S
2 x(ace,)S 247 x(whose)S 235 x(caller)S 2 x(s)S 234 x(may)S 234 x(resi)S
2 x(de)S 234 x(inside)S 235 x(or)S 235 x(outside)S 235 x(any)S 234 x
(de\211ned)S 234 x(TCB)S 235 x(or)S 3899 X 648 y(NTCB)S 170 x(boundaries)S
2 x(.)S 239 x(Given)S 170 x(this)S 171 x(charact)S 2 x(eristi)S 2 x
(c,)S 172 x(it)S 171 x(appears)S 171 x(more)S 171 x(real)S 2 x(istic)S
171 x(to)S 170 x(provide)S 171 x(faci)S 2 x(lities)S 171 x(which)S 170 x
(provide)S 3899 X 647 y("value-added")S 207 x(security)S 207 x(servic)S
2 x(es)S 206 x(to)S 206 x(its)S 206 x(call)S 2 x(ers)S 206 x(than)S
206 x(to)S 207 x(of)S -10 x(fer)S 207 x(facil)S 2 x(ities)S 207 x(which)S
206 x(enforce)S 207 x(rest)S 2 x(rictions)S 207 x(on)S 206 x(those)S
3899 X 648 y(caller)S 2 x(s.)S 394 x(Authoriza)S 2 x(tion)S 233 x(decisions)S
234 x(must)S 234 x(often)S 234 x(be)S 233 x(mediat)S 2 x(ed)S 233 x
(below)S 233 x(the)S 234 x(GSS)S -2 x(-API)S 234 x(level)S 234 x(in)S
233 x(a)S 233 x(local)S 234 x(manner)S 3899 X 647 y(against)S 191 x
(\(or)S 190 x(in)S 190 x(spite)S 190 x(of\))S 191 x(applicati)S 2 x
(ons,)S 191 x(and)S 190 x(cannot)S 190 x(be)S 190 x(selecti)S 2 x(vely)S
190 x(invoked)S 190 x(or)S 190 x(omitted)S 191 x(at)S 190 x(those)S
190 x(applicat)S 2 x(ions')S 3899 X 648 y(discret)S 2 x(ion.)S 242 x
(Given)S 179 x(that)S 180 x(the)S 179 x(GSS-AP)S -2 x(I')S -29 x(s)S
179 x(placem)S 2 x(ent)S 179 x(prevents)S 180 x(it)S 179 x(from)S 180 x
(providing)S 180 x(a)S 179 x(comprehensi)S 2 x(ve)S 178 x(soluti)S 2 x
(on)S 178 x(to)S 3899 X 647 y(the)S 203 x(authori)S 2 x(zation)S 203 x
(issue,)S 209 x(the)S 203 x(value)S 204 x(of)S 203 x(a)S 203 x(parti)S
2 x(al)S 203 x(contribut)S 2 x(ion)S 203 x(speci\211c)S 203 x(to)S 203 x
(part)S 2 x(icular)S 204 x(authoriz)S 2 x(ation)S 203 x(models)S 204 x
(is)S 3899 X 648 y(debatable)S 2 x(.)S 18225 37373 XY F36(P)S -37 x
(ACs)S 165 x(and)S 167 x(Authorizatio)S 2 x(n)S 166 x(Services)S 499 x
(33)S
%%EndCustomColor: 0
32 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%PageCustomColors: 0
%
%%Page: 35 33
%%BeginPageSetup
%%EndPageSetup
%%PageFonts: (atend)
%%PageCustomColors: (atend)
1000 BP PaperHeight PaperWidth PM 0 0 XY
%%BeginCustomColor: 0
0 SC 13172 6495 XY F24(APPENDIX)S 697 x(B)S 7839 7989 XY(MECHA)S -2 x
(NISM-INDEPEND)S -2 x(ENT)S 272 x(T)S -13 x(OKEN)S 271 x(FORMA)S -53 x
(T)S 3899 9981 XY F74(This)S 238 x(appendix)S 239 x(speci\211es)S 239 x
(a)S 238 x(mechanism)S 2 x(-independent)S 239 x(level)S 239 x(of)S 238 x
(encapsul)S 2 x(ating)S 238 x(repr)S 2 x(esentati)S 2 x(on)S 237 x(for)S
239 x(the)S 239 x(initial)S 3899 X 648 y(token)S 196 x(of)S 195 x(a)S
195 x(GSS-API)S 195 x(context)S 196 x(establi)S 2 x(shment)S 196 x(sequence,)S
199 x(incorpor)S 2 x(ating)S 196 x(an)S 195 x(identi\211er)S 197 x(of)S
195 x(the)S 196 x(mechanism)S 197 x(type)S 3899 X 648 y(to)S 184 x(be)S
183 x(used)S 184 x(on)S 183 x(that)S 185 x(context.)S 246 x(Use)S 184 x
(of)S 184 x(this)S 184 x(format)S 185 x(\(with)S 184 x(ASN.1-encoded)S
184 x(data)S 184 x(element)S 2 x(s)S 183 x(repre)S 2 x(sented)S 184 x
(in)S 184 x(BER,)S 3899 X 647 y(constrai)S 2 x(ned)S 174 x(in)S 173 x
(the)S 175 x(interest)S 2 x(s)S 173 x(of)S 175 x(parsing)S 174 x(simpli)S
2 x(city)S 174 x(to)S 174 x(the)S 174 x(Distinguishe)S 2 x(d)S 173 x
(Encoding)S 174 x(Rule)S 175 x(\(DER\))S 174 x(BER)S 175 x(subset)S
3899 X 648 y(de\211ned)S 209 x(in)S 210 x(X.509,)S 215 x(clause)S 210 x
(8.7\))S 210 x(is)S 209 x(rec)S 2 x(ommended)S 210 x(to)S 209 x(the)S
210 x(designers)S 211 x(of)S 209 x(GSS-API)S 208 x(imple)S 2 x(mentations)S
211 x(based)S 210 x(on)S 3899 X 647 y(various)S 215 x(mecha)S 2 x(nisms,)S
223 x(so)S 214 x(that)S 215 x(tokens)S 215 x(can)S 215 x(be)S 215 x
(interpr)S 2 x(eted)S 215 x(unambiguously)S 215 x(at)S 215 x(GSS-API)S
214 x(peers.)S 340 x(There)S 215 x(is)S 215 x(no)S 3899 X 648 y(require)S
2 x(ment)S 214 x(that)S 214 x(the)S 213 x(mechani)S 2 x(sm-speci)S 2 x
(\211c)S 213 x(innerConte)S 2 x(xtT)S -39 x(oken,)S 221 x(innerMs)S
2 x(gT)S -39 x(oken,)S 221 x(and)S 213 x(seale)S 2 x(dUserData)S 214 x
(data)S 3899 X 647 y(element)S 2 x(s)S 182 x(be)S 183 x(encoded)S 184 x
(in)S 183 x(ASN.1)S 181 x(BER.)S 4945 X 748 y F98(--)S 269 x(optional)S
269 x(top-level)S 269 x(token)S 269 x(definitions)S 269 x(to)S 269 x
(frame)S 269 x(different)S 268 x(mechanisms)S 4945 X 797 y(GSS-API)S
269 x(DEFINITIONS)S 269 x(::=)S 4945 X 797 y(BEGIN)S 4945 X 797 y(MechType)S
269 x(::=)S 269 x(OBJECT)S 269 x(IDENTIFIER)S 4945 X 498 y(--)S 269 x
(data)S 269 x(structure)S 269 x(definitions)S 4945 X 797 y(--)S 269 x
(callers)S 269 x(must)S 269 x(be)S 269 x(able)S 269 x(to)S 269 x(distinguish)S
269 x(among)S 4945 X 498 y(--)S 269 x(InitialContextToken,)S 269 x(SubsequentContextToken,)S
4945 X 498 y(--)S 269 x(PerMsgToken,)S 269 x(and)S 269 x(SealedMessage)S
269 x(data)S 269 x(elements)S 4945 X 498 y(--)S 269 x(based)S 269 x
(on)S 269 x(the)S 269 x(usage)S 269 x(in)S 269 x(which)S 269 x(they)S
269 x(occur)S 4945 X 797 y(InitialContextToken)S 269 x(::=)S 4945 X
498 y(--)S 269 x(option)S 269 x(indication)S 269 x(\(delegation,)S 269 x
(etc.\))S 269 x(indicated)S 269 x(within)S 4945 X 499 y(--)S 269 x(mechanism-specific)S
269 x(token)S 4945 X 498 y([APPLICATION)S 269 x(0])S 269 x(IMPLICIT)S
269 x(SEQUENCE)S 269 x({)S 7097 X 498 y(thisMech)S 269 x(MechType,)S
7097 X 498 y(innerContextToken)S 269 x(ANY)S 269 x(DEFINED)S 269 x(BY)S
269 x(thisMech)S 7904 X 498 y(--)S 269 x(contents)S 269 x(mechanism-specific)S
7097 X 498 y(})S 4945 X 797 y(SubsequentContextToken)S 269 x(::=)S 269 x
(innerContextToken)S 269 x(ANY)S 4945 X 498 y(--)S 269 x(interpretation)S
269 x(based)S 269 x(on)S 269 x(predecessor)S 269 x(InitialContextToken)S
4945 X 797 y(PerMsgToken)S 269 x(::=)S 4945 X 498 y(--)S 269 x(as)S
269 x(emitted)S 269 x(by)S 269 x(GSS_Sign)S 269 x(and)S 269 x(processed)S
269 x(by)S 269 x(GSS_Verify)S 7097 X 499 y(innerMsgToken)S 269 x(ANY)S
4945 X 797 y(SealedMessage)S 269 x(::=)S 4945 X 498 y(--)S 269 x(as)S
269 x(emitted)S 269 x(by)S 269 x(GSS_Seal)S 269 x(and)S 269 x(processed)S
269 x(by)S 269 x(GSS_Unseal)S 4945 X 498 y(--)S 269 x(includes)S 269 x
(internal,)S 269 x(mechanism-defined)S 269 x(indicator)S 4945 X 498 y
(--)S 269 x(of)S 269 x(whether)S 269 x(or)S 269 x(not)S 269 x(encrypted)S
7097 X 498 y(sealedUserData)S 269 x(ANY)S 4945 X 797 y(END)S 16869 37373 XY
F36(Mechanism-Ind)S 2 x(ependent)S 167 x(T)S -36 x(oken)S 166 x(Format)S
499 x(35)S
%%EndCustomColor: 0
33 PP EP
%%PageTrailer
%%PageFonts: Helvetica-Bold Times-Roman
%%+ Courier
%%PageCustomColors: 0
%
%%Trailer
EndDVC$PSDoc
/DEC$EDMS_MAKE_FILM where % if we are making film...
{ pop % ..clean up the stack
-54 dup translate % ..undo the film translation
} if
%%Pages: 33
%%DocumentFonts: Courier Times-Roman
%%+ Helvetica-Bold Helvetica
%%DocumentCustomColors: 0