[3352] in Kerberos
Re: GSS-API - part of Kerberos???
daemon@ATHENA.MIT.EDU (John Linn)
Tue May 31 11:18:29 1994
To: kerberos@MIT.EDU
Cc: linn@cam.ov.com
Date: Tue, 31 May 1994 11:00:04 -0400
From: John Linn <linn@cam.ov.com>
jik writes:
>In article <CqF6wE.8Ln@cup.hp.com>, skup@cup.hp.com (Irene_Skupniewicz) writes:
>|> GSS-API is a specification for an API to a generic security service.
>|> It was originally developed by DEC and is now accepted as an Internet
>|> standard.
>
>Both assertions in the latter sentence above are incorrect.
>
>First of all, GSS-API was not "developed" by DEC. It was developed by the
>Common Authentication Technology Working Group (CAT WG) of the Internet
>Engineering Task Force (IETF). The CAT WG is chaired by John Linn, who
>currently works for OpenVision (in the division of OpenVision that used to be
>Geer Zolot Associates). Although some members of the CAT WG may work for DEC
>(in fact, I believe that John Linn worked there before he came to OV), it is
>certainly inaccurate to claim that GSS-API was "originally developed by DEC".
>The IETF cannot be said to be under the auspices of any one particular vendor.
I can confirm that I did indeed work at DEC before joining OV, and
indeed was there at the point (around the end of 1990) when I drafted the
initial versions of GSS-API, subsequently to evolve through a
succession of Internet-Drafts to become RFC-1508. The first meeting
of the IETF's CAT WG was held in July, 1991, and much has evolved
since. From the outset, the GSS-API has benefited from the interest
and comments of a wide variety of individuals and organizations.
>Second, GSS-API is not yet an Internet Standard. RFCs 1508 and 1509, which
>document the abstract API and the C bindings to it, have the status of
>Proposed Standard. There will be new revisions of both of them, because the
>CAT WG has discussed and approved changes since the RFCs were released, and
>then those changed versions will be released with new RFC numbers, again as
>Proposed Standards.
Not necessarily. The transition sequence is Proposed Standard to
Draft Standard to Full (Internet) Standard. Depending on the scope
of the changes which are made to the current Proposed Standards, the
next RFC release could be at the level of Draft.
>Once the CAT WG decides that no required changes to the
>Porposed Standards have become evident for a long enough period of time, they
>will be promoted to Internet Standards.
Not quite. Individual WGs don't get to dictate when standards get to
advance up the track; IETF-level procedures (themselves documented in
RFC 1602) control how this does or doesn't happen.
--jl
