ECMA 235 : 1ED 96
Current
The latest, up-to-date edition.
THE ECMA GSS-API MECHANISM
12-01-2013
1 Introduction
1.1 Scope
1.2 Field of application
1.3 Requirements to be satisfied
1.4 Conformance
1.5 Overview and document structure
2 References
2.1 Normative references
2.2 Informative references
3 Definitions
3.1 Imported definitions
3.2 New Definitions
3.2.1 Security Context
3.2.2 Generic Security Mechanism
3.2.3 Security Mechanism Options
3.2.4 Primary Principal Identifier (PPID)
3.3 Acronyms
4 Token formats
4.1 Token framings
4.2 InitialContextToken format
4.3 TargetResultToken
4.4 ErrorToken
4.5 Per Message Tokens
4.5.1 MICToken
4.5.2 WrapToken
4.6 ContextDeleteToken
5 Key distribution and PAC protection options
5.1 PAC protection options
5.2 Key Distribution schemes
5.2.1 Basic symmetric key distribution scheme
5.2.2 Symmetric key distribution scheme with symmetric
KD-Servers
5.2.3 Symmetric key distribution scheme with asymmetric
KD-Servers
5.2.4 Asymmetric initiator/symmetric target key
distribution scheme
5.2.5 Symmetric initiator/asymmetric target key
distribution scheme
5.2.6 Full public key distribution scheme
5.3 Key distribution data elements
5.3.1 KD-Scheme independent data elements
5.3.2 Key distribution scheme OBJECT IDENTIFIERs
5.3.3 Hybrid inter-domain key distribution scheme data
elements
5.3.4 Key establishment data elements
5.3.5 Kerberos Data elements
5.3.6 Profiling of KD-schemes
5.3.6.1 Profile of Ticket (symmIntradomain and
symmInterdomain)
5.3.6.2 Profile of PublicTicket
(hybridInterdomain)
5.3.6.3 Profile of SPKM_REQ (asymmInitToSymmTarget,
symmInitToAsymmTarget, asymmetric)
5.4 Returned Key Scheme Information
6 Algorithm use within ECMA mechanism
7 Identifiers for ECMA mechanism choices
7.1 Architectural mechanism identifiers
8 Errors
8.1 Minor Status Codes
8.1.1 Non ECMA-specific codes
8.1.2 ECMA-specific codes
8.2 Quality of protection
9 Support functions
9.1 Attribute handling support functions
9.1.1 GSS_Set_cred_attributes
9.1.2 GSS_Get_sec_attributes
9.1.3 GSS_Get_received_creds
9.2 Control and support functions for context acceptors
9.2.1 GSS_Set_cred_controls call
9.2.2 GSS_Get_sec_controls
9.2.3 GSS_Compound_creds call
9.3 Attribute specifications
9.3.1 Privilege attributes
9.3.1.1 Access Identity
9.3.1.2 Group
9.3.1.3 Primary group
9.3.1.4 Role attribute
9.3.2 Attribute set reference
9.3.2.1 Role name
9.3.3 Miscellaneous attributes
9.3.3.1 Audit Identity
9.3.3.2 Issuer domain name
9.3.3.3 Validity periods
9.3.3.4 Optional restrictions
9.3.3.5 Mandatory restrictions
9.3.4 Qualifier attributes
9.3.4.1 Acceptor name
9.3.4.2 Application trust group
9.4 C Bindings
9.4.1 Data types and calling conventions
9.4.1.1 Identifier
9.4.1.2 Identifier set
9.4.1.3 Time periods
9.4.1.4 time period list
9.4.1.5 Security attributes
9.4.1.6 Security Attribute Sets
9.4.1.7 Credentials List
9.4.1.8 Acceptor Control
9.4.1.9 Acceptor Control Set
9.4.2 gss_set_cred_attributes
9.4.3 gss_get_sec_attributes
9.4.4 gss_get_received_creds
9.4.5 gss_set_cred_controls
9.4.6 gss_get_sec_controls
9.4.7 gss_compound_cred
10 Relationship to other standards
Annex A - Formal ASN.1 definitions of data types defined in
this standard
Annex B - Definitions of [Kerberos] data types
Annex C - Definitions of [SPKM] data types
Annex D - Mappings of Minor Status Returns onto [ECMA-219]
error values
Annex E - Imported Types
Defines the syntax of the tokens that enable distributed applications implementing the APA-Application and related data elements specified in Standard ECMA-219 to inter work. Also defines some key distribution schemes based on symmetric and asymmetric cryptographic technologies in order to provide a basic set of implementation options. These schemes include specification of the encryption algorithms and methods to be used.
| DocumentType |
Standard
|
| PublisherName |
European Computer Manufacturers Association
|
| Status |
Current
|
| NEMA PS3.3 : 2017A | DIGITAL IMAGING AND COMMUNICATIONS IN MEDICINE (DICOM) - PART 3: INFORMATION OBJECT DEFINITIONS |
| NEMA PS 3.15 : 2017A | DIGITAL IMAGING AND COMMUNICATIONS IN MEDICINE (DICOM) - PART 15: SECURITY AND SYSTEM MANAGEMENT PROFILES |
| EG 201 057 : 1.1.2 | TELECOMMUNICATIONS SECURITY; TRUSTED THIRD PARTIES (TTP); REQUIREMENTS FOR TTP SERVICES |
| ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
| ISO/IEC 9594-2:2017 | Information technology Open Systems Interconnection The Directory Part 2: Models |
| ISO/IEC 10745:1995 | Information technology Open Systems Interconnection Upper layers security model |
| ECMA 219 : 2ED 96 | AUTHENTICATION AND PRIVILEGE ATTRIBUTE SECURITY APPLICATION WITH RELATED KEY DISTRIBUTION FUNCTIONS - PART 1, 2 AND 3 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.