Object identifiers (OIDs) are used to store the following kinds of data:
OIDs are stored in GSS-API gss_OID_desc structure. GSS-API provides a pointer to the structure, gss_OID, as shown in the following example.
typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID;
Further, one or more OIDs might be contained in a gss_OID_set_desc structure.
typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set;
Applications should not attempt to deallocate OIDs with free().
Although GSS-API allows applications to choose underlying security
mechanisms, applications should use the default mechanism that has been selected
by GSS-API if possible. Similarly, although GSS-API lets an application specify
a Quality of Protection level for protecting data, the default QOP should
be used if possible. Acceptance of the default mechanism is indicated by passing
the value GSS_C_NULL_OID
to functions that expect a mechanism
or QOP as an argument.
Specifying a security mechanism or QOP explicitly defeats the purpose of using GSS-API. Such a specific selection limits the portability of an application. Other implementations of GSS-API might not support that QOP or mechanism in the intended manner. Nonetheless, Appendix C, Specifying an OID briefly discusses how to find out which mechanisms and QOPs are available, and how to choose one.
Besides QOPs and security mechanisms, OIDs are also used to indicate
name types, which indicate the format for an associated name. For example,
the function gss_import_name(), which converts the name
of a principal from a string to a gss_name_t type,
takes as one argument the format of the string to be converted. If the name
type is, for example, GSS_C_NT_HOSTBASED_SERVICE
, then the function
knows that the name being input is of the form service@host.
If the name type is GSS_C_NT_EXPORT_NAME
, then the function expects
a GSS-API exported name. Applications can find out which name types are available
for a given mechanism with the gss_inquire_names_for_mech() function.
A list of name types used by GSS-API is provided in Name Types.