Developer's Guide to Oracle® Solaris 11 Security

Exit Print View

Updated: July 2014

Introduction to GSS-API

GSS-API enables programmers to write applications generically with respect to security. Developers do not have to tailor the security implementations to any particular platform, security mechanism, type of protection, or transport protocol. With GSS-API, a programmer can avoid the details of protecting network data. A program that uses GSS-API is more portable with regards to network security. This portability is the hallmark of the Generic Security Service API.

GSS-API is a framework that provides security services to callers in a generic fashion. The GSS-API framework is supported by a range of underlying mechanisms and technologies, such as Kerberos v5 or public key technologies, as shown in the following figure.

Figure 4-1  GSS-API Layer

image:Diagram shows the GSS-API and protocol layers between the application and the security mechanisms.

    Broadly speaking, GSS-API does two main things:

  1. GSS–API creates a security context in which data can be passed between applications. A context is a state of trust between two applications. Applications that share a context recognize each other and thus can permit data transfers while the context lasts.

  2. GSS–API applies one or more types of protection, known as security services, to the data to be transmitted. Security services are explained in Security Services in GSS-API.

    In addition, GSS-API performs the following functions:

  • Data conversion

  • Error checking

  • Delegation of user privileges

  • Information display

  • Identity comparison

GSS-API includes numerous support and convenience functions.