Find JSRs
Submit this Search


Ad Banner
 
 
 
 

Summary  |  Proposal  |  Detail (Summary & Proposal)
JSRs: Java Specification Requests
JSR 72: JavaTM GSS API

Stage Access Start Finish
Final Release Download page 09 May, 2002  
Final Approval Ballot View results 04 Dec, 2001 17 Dec, 2001
Proposed Final Draft Download page 26 Sep, 2001  
Public Review Download page 06 Apr, 2001 15 Jun, 2001
Community Draft Ballot View results 16 Jan, 2001 23 Jan, 2001
Community Review Login page 22 Nov, 2000 22 Jan, 2001
Expert Group Formation   01 Aug, 2000 13 Sep, 2000
JSR Review Ballot View results 18 Jul, 2000 31 Jul, 2000
Status: Final
JCP version in use: 2.1
Java Specification Participation Agreement version in use: 1.0


Description:
This defines a Generic Security Services API (GSS-API) in Java, to provide a layer of abstraction over security mechanisms that perform authentication, message integrity protection, and message privacy protection.

Please direct comments on this JSR to the Spec Lead(s)
Team

Specification Leads
  Seema Malkani Sun Microsystems, Inc.
Expert Group
  Cisco Systems Oracle SAS Institute Inc.
  Sun Microsystems, Inc.
Contributors
       

Update to the Java Specification Request (JSR)


The following information has been updated from the original request.

Updates 18 July 2005

Section 1. Identification

Specification Lead: Seema Malkani

E-Mail Address: seema.malkani@sun.com

Telephone Number: +1 408 276 7181

*************************

Updated 10 May 2001

Section 1. Identification

Specification Lead: Ram Marti

E-Mail Address: ram.marti@sun.com

Telephone Number: +1 408 276 7186

Fax Number: +1 650 863 3195

The Expert Group has updated the schedule for the specification, resulting in the following change to the original JSR.

2.11 Please describe the anticipated schedule for the development of this specification.

Member ReviewDecember 2000 - January 2001
Public ReviewFebruary 2001 - March 2001
RI and TCK AvailableQ4 2001

We will include a preliminary implementation of this API in Merlin Beta for prototyping purposes.


Original Java Specification Request (JSR)

Identification | Request | Contributions

Original Summary: This proposal is to define a Generic Security Services API (GSS-API) in Java, to provide a layer of abstraction over security mechanisms that perform authentication, message integrity protection, and message privacy protection.

Section 1. Identification

Submitting Member: Sun Microsystems, Inc.

Name of Contact Person: Mayank Upadhyay

E-Mail Address: mayank.upadhyay@sun.com

Telephone Number: +1 408 517 5956

Fax Number: +1 408 863 3155


Specification Lead: Mayank Upadhyay

E-Mail Address: mayank.upadhyay@sun.com

Telephone Number: +1 408 517 5956

Fax Number: +1 408 863 3155


NOTE: this information has been updated from this original request.

Initial Expert Group Membership:

IBM
Sun Microsystems, Inc.


Section 2: Request

2.1 Please describe the proposed Specification:

This proposal is to define a Generic Security Services API (GSS-API) in Java. The GSS-API provides a layer of abstraction over security mechanisms that perform authentication, message integrity protection, and message privacy protection.

The GSS-API is defined by the Internet Engineering Task Force (IETF) in a language independent format in RFC 2743. The IETF has also defined a Java language binding for it in RFC 2853.

This proposal is to incorporate the high level mechanism independent Java API defined in RFC 2853, as is.

The reference implementation and the compatibility tests will be made available as part of the J2SE Merlin release.

2.2 What is the target Java platform? (i.e., desktop, server, personal, embedded, card, etc.)

Desktop, server.

2.3 What need of the Java community will be addressed by the proposed specification?

  • Provides a Java API to OS security services such as Kerberos


  • Provides for delegation of credentials that can be utilized for single sign-on into a network via a gateway


  • Provides independence between those building and supplying security mechanisms and applications that use them

In addition to being a generic API for accessing security services, the GSS-API includes a some amount of protocol in that it uses well defined token formats for the transfer of data. Many protocol libraries such as LDAP v3 and IMAP that use SASL need the GSS-API format for interoperability with servers that use this technology.

2.4 Why isn't this need met by existing specifications?

There is no existing specification for accessing security mechanisms via GSS-API and creating GSS tokens.

2.5 Please give a short description of the underlying technology or technologies:

The GSS-API is a generic API that allows applications to call upon a range of security mechanisms for services like authentication, integrity, and privacy. Furthermore, the GSS-API separates the communication protocol from the security services. It returns tokens to the application that must be passed to the peer in some application level protocol. At the other end, the peer passes the incoming tokens to its GSS-API layer for processing.

There are various mechanisms that are designed to be used underneath GSS-API. Among them are the Kerberos v5 GSS-API Mechanism (RFC 1964), the Simple Public-Key GSS-API Mechanism (RFC 2025), LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM (RFC 2847), and the Simple and Protected GSS-API Negotiation Mechanism (RFC 2478).

A GSS-API implementation may support any set of mechanisms that it chooses. There are API's to query what mechanisms are available.

2.6 Is there a proposed package name for the API Specification? (i.e., javapi.something, org.something, etc.)

org.ietf.jgss

2.7 Does the proposed specification have any dependencies on specific operating systems, CPUs, or I/O devices that you know of?

No.

2.8 Are there any security issues that cannot be addressed by the current security model?

No.

2.9 Are there any internationalization or localization issues?

No.

2.10 Are there any existing specifications that might be rendered obsolete, deprecated, or in need of revision as a result of this work?

No.

2.11 Please describe the anticipated schedule for the development of this specification.

Member ReviewJuly-August 2000
Public ReviewSeptember-October 2000
RI and TCK AvailableQ4 2001

We will include a preliminary implementation of this API in Merlin Beta for prototyping purposes.

(NOTE that this information has been updated since the original.)


Section 3: Contributions

3.1 Please list any existing documents, specifications, or implementations that describe the technology. Please include links to the documents if they are publicly available.



3.2 Explanation of how these items might be used as a starting point for the work.

RFC 2743 explains the basic principles of the GSS-API. RFC 2853 specifies a detailed Java API and incorporates the Java security provider architecture. We will incorporate into the J2SE platform the classes and interfaces described in that document.