Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy | Zendy

L. Hornquist | Zendy; S. Hartman | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy

Author(s) -

L. Hornquist,

S. Hartman

Publication year - 2010

Publication title -

rfc

Language(s) - English

Resource type - Reports

DOI - 10.17487/rfc5896

Subject(s) - kerberos , delegate , computer science , server , delegation , authentication (law) , computer security , service (business) , world wide web , operating system , business , political science , law , marketing , programming language

Several GSS-API applications work in a multi-tiered architecture,where the server takes advantage of delegated user credentials to acton behalf of the user and contact additional servers. In effect, theserver acts as an agent on behalf of the user. Examples include webapplications that need to access e-mail or file servers as well asCIFs file servers. However, delegating the ability to act as a user toa party who is not sufficiently trusted is problematic from a securitystandpoint. Kerberos provides a flag called OK-AS-DELEGATE that allowsthe administrator of a Kerberos realm to communicate that a particularservice is trusted for delegation. This specification adds support forthis flag and similar facilities in other authentication mechanisms toGSS-API (RFC 2743).

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research