[3354] in Kerberos
Re: GSS-API - part of Kerberos ???
daemon@ATHENA.MIT.EDU (Gerald Krummeck)
Wed Jun 1 05:02:45 1994
To: kerberos@MIT.EDU
Date: 1 Jun 1994 07:04:45 GMT
From: krummeck@iabg.de (Gerald Krummeck)
jik@cam.ov.com(Jonathan I. Kamens) writes:
>GSS-API is an "up and coming" standard -- more and more vendors are embracing
>it, and I suspect that it is going to be playing a much larger role in the
>near future.
X/Open's Security Working Group (SWG) endorses the GSS-API and
has published two "Preliminary Specifications", which probably
will evolve and become a part of the X/Open Portability Guide
(XPG) which most open systems vendors use as their "bible" for
their own interface specs.
As GSS-API originally adressed only ssues of distributed authen-
tication, it seemed not to be appropriate as a real *generic*
security services API, and especially European vendors in-
volved in research programmes such as SESAME asked for GSS-API
extensions to include distributed authorisation services. This is
why X/Open published two documents: The GSS-API base specifica-
tion, which includes distributed authentication, and the GSS-API
extensions, where distributed authorisation is found.
X/Open believes that there are still some services missing, such
as distributed auditing and cryptographic services. An outline of
what they think is necessary to be done is found in the part 9 of
the X/Open Technical Programme, which adresses security.
The specs and the technical programme can be ordered (not for free!)
at
X/Open Company Limited
Apex Plaza
Forbury Road
Reading
Berkshire, RG1 1AX
United Kingdom
Comments to their specs may be sent via e-mail to XoSpecs@xopen.co.uk
Gerald Krummeck
+------------------------+-------------------------------------+
| Gerald Krummeck | Tel: [+49] 89 6088 2092 |
| Abt. ITE | Fax: [+49] 89 6088 3418 |
| IABG | |
| Einsteinstr. 20 | email: Gerald.Krummeck@ite.iabg.de |
| 85521 Ottobrunn | |
| Germany | |
+------------------------+-------------------------------------+
