Integrity and Privacy: The GSS-API
To improve security, a new networking layer, the Generic Security Standard API, or GSS-API, has been added. The GSS-API framework offers two extra security services beyond authentication:
-
Integrity. With the integrity service, the GSS-API uses the underlying mechanism to authenticate messages exchanged between programs. Cryptographic checksums establish:
-
The identity of the data originator to the recipient
-
The identity of the recipient to the originator (if mutual authentication is requested)
-
The authenticity of the transmitted data itself
-
-
Privacy. The privacy service includes the integrity service. In addition, the transmitted data is also encrypted so as to protect it from any eavesdroppers.
Due to U.S. export restrictions, the privacy service might not be available to all SEAM users.
Note -
Currently, the GSS-API is not exposed. Certain GSS-API features, however, are "visible" through RPCSEC_GSS functions -- they can be manipulated in an "opaque" fashion. The programmer need not be directly concerned with their values.
- © 2010, Oracle Corporation and/or its affiliates