A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Common Authentication Technology Next Generation of the IETF.
Title : Generic Security Service API Version 2: Java Bindings Update
Authors : Mayank D. Upadhyay
Filename : draft-ietf-kitten-rfc5653bis-03.txt
Pages : 96
Date : 2016-04-06
The Generic Security Services Application Program Interface (GSS-API)
offers application programmers uniform access to security services
atop a variety of underlying cryptographic mechanisms. This document
updates the Java bindings for the GSS-API that are specified in
"Generic Security Service API Version 2 : Java Bindings Update" (RFC
5653). This document obsoletes RFC 5653 by adding a new output token
field to the GSSException class so that when the initSecContext or
acceptSecContext methods of the GSSContext class fails it has a
chance to emit an error token which can be sent to the peer for
debugging or informational purpose. The stream-based GSSContext
methods are also removed in this version.
The GSS-API is described at a language-independent conceptual level
in "Generic Security Service Application Program Interface Version 2,
Update 1" (RFC 2743). The GSS-API allows a caller application to
authenticate a principal identity, to delegate rights to a peer, and
to apply security services such as confidentiality and integrity on a
per-message basis. Examples of security mechanisms defined for GSS-
API are "The Simple Public-Key GSS-API Mechanism" (RFC 2025) and "The
Kerberos Version 5 Generic Security Service Application Program
Interface (GSS-API) Mechanism: Version 2" (RFC 4121).
I have looked at the diff, and I think removing the stream methods is a
reasonable path forward given the problems they present.
I have two editorial nits:
* In section 1, "This document and its predecessor" should be "This
document and its predecessors" given the subsequent change.
* In section 11, "This document has following changes" should be "This
document has the following changes".
Aside from those minor issues, everything looks okay. I only looked at
the diffs, so if there is material about the stream methods in RFC 5653
which should be removed or edited but wasn't, I wouldn't have noticed.