{"draft":"draft-ietf-kitten-gss-naming-05","doc_id":"RFC4768","title":"Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming","authors":["S. Hartman"],"format":["ASCII","HTML"],"page_count":"12","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Kitten (GSS-API Next Generation)","abstract":"The Generic Security Services API (GSS-API) provides a naming\r\narchitecture that supports name-based authorization.  GSS-API\r\nauthenticates two named parties to each other.  Names can be stored\r\non access control lists (ACLs) to make authorization decisions.  Advances in\r\nsecurity mechanisms and the way implementers wish to use GSS-API\r\nrequire this model to be extended for the next version of GSS-API.\r\nAs people move within an organization or change their names, the name\r\nauthenticated by GSS-API may change.  Using some sort of constant\r\nidentifier would make ACLs more stable.  Some\r\nmechanisms, such as public-key mechanisms, do not have a single name\r\nto be used across all environments.  Other mechanisms, such as\r\nKerberos, may include group membership or role information as part of\r\nauthentication.  This document motivates extensions to GSS-API naming\r\nand describes the extensions under discussion.   This memo provides information for the Internet community.","pub_date":"December 2006","keywords":["acl","access control list"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC4768","errata_url":null}