summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc1511.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc1511.txt')
-rw-r--r--doc/rfc/rfc1511.txt115
1 files changed, 115 insertions, 0 deletions
diff --git a/doc/rfc/rfc1511.txt b/doc/rfc/rfc1511.txt
new file mode 100644
index 0000000..ef9893a
--- /dev/null
+++ b/doc/rfc/rfc1511.txt
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+Network Working Group J. Linn
+Request for Comments: 1511 Geer Zolot Associates
+ September 1993
+
+
+
+ Common Authentication Technology Overview
+
+
+Status of this Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard. Distribution of this memo is
+ unlimited.
+
+Overview
+
+ The IETF's Common Authentication Technology (CAT) working group has
+ pursued, and continues to pursue, several interrelated activities,
+ involving definition of service interfaces as well as protocols. As
+ a goal, it has sought to separate security implementation tasks from
+ integration of security data elements into caller protocols, enabling
+ those tasks to be partitioned and performed separately by
+ implementors with different areas of expertise. This strategy is
+ intended to provide leverage for the IETF community's security-
+ oriented resources (by allowing a single security implementation to
+ be integrated with, and used by, multiple caller protocols), and to
+ allow protocol implementors to focus on the functions that their
+ protocols are designed to provide rather than on characteristics of
+ particular security mechanisms (by defining an abstract service which
+ multiple mechanisms can realize).
+
+ The CAT WG has worked towards agreement on a common service
+ interface, (the Generic Security Service Application Program
+ Interface, or GSS-API), allowing callers to invoke security
+ functions, and also towards agreement on a common security token
+ format incorporating means to identify the mechanism type in
+ conjunction with which security data elements should be interpreted.
+ The GSS-API, comprising a mechanism-independent model for security
+ integration, provides authentication services (peer entity
+ authentication) to a variety of protocol callers in a manner which
+ insulates those callers from the specifics of underlying security
+ mechanisms. With certain underlying mechanisms, per-message
+ protection facilities (data origin authentication, data integrity,
+ and data confidentiality) can also be provided. This work is
+ represented in a pair of RFCs: RFC-1508 (GSS-API) and RFC-1509
+ (concrete bindings realizing the GSS-API for the C language).
+
+
+
+
+J. Linn [Page 1]
+
+RFC 1511 CAT Overview September 1993
+
+
+ Concurrently, the CAT WG has worked on agreements on underlying
+ security technologies, and their associated protocols, implementing
+ the GSS-API model. Definitions of two candidate mechanisms are
+ currently available as Internet specifications; development of
+ additional mechanisms is anticipated. RFC-1510, a standards-track
+ specification, documents the Kerberos Version 5 technology, based on
+ secret-key cryptography and contributed by the Massachusetts
+ Institute of Technology. RFC-1507, an experimental specification,
+ documents the Distributed Authentication Services technology, based
+ on X.509 public-key technology and contributed by Digital Equipment
+ Corporation.
+
+References
+
+ [1] Kaufman, C., "Distributed Authentication Security Service", RFC
+ 1507, Digital Equipment Corporation, September 1993.
+
+ [2] Linn, J., "Generic Security Service Application Program
+ Interface", RFC 1508, Geer Zolot Associates, September 1993.
+
+ [3] Wray, J., "Generic Security Service API : C-bindings", RFC 1509,
+ Digital Equipment Corporation, September 1993.
+
+ [4] Kohl, J., and C. Neuman, "The Kerberos Network Authentication
+ Service (V5)", Digital Equipment Corporation, USC/Information
+ Sciences Institute, September 1993.
+
+Security Considerations
+
+ Security issues are discussed throughout the references.
+
+Author's Address
+
+ John Linn
+ Geer Zolot Associates
+ One Main St.
+ Cambridge, MA 02142 USA
+
+ Phone: +1 617.374.3700
+ Email: Linn@gza.com
+
+
+
+
+
+
+
+
+
+
+
+J. Linn [Page 2]
+ \ No newline at end of file