Name: ECMA 235 : 1ED 96
Brand: ECMA

THE ECMA GSS-API MECHANISM

Published date

12-01-2013

Publisher

European Computer Manufacturers Association

1 Introduction
   1.1 Scope
   1.2 Field of application
   1.3 Requirements to be satisfied
   1.4 Conformance
   1.5 Overview and document structure
2 References
   2.1 Normative references
   2.2 Informative references
3 Definitions
   3.1 Imported definitions
   3.2 New Definitions
       3.2.1 Security Context
       3.2.2 Generic Security Mechanism
       3.2.3 Security Mechanism Options
       3.2.4 Primary Principal Identifier (PPID)
   3.3 Acronyms
4 Token formats
   4.1 Token framings
   4.2 InitialContextToken format
   4.3 TargetResultToken
   4.4 ErrorToken
   4.5 Per Message Tokens
       4.5.1 MICToken
       4.5.2 WrapToken
   4.6 ContextDeleteToken
5 Key distribution and PAC protection options
   5.1 PAC protection options
   5.2 Key Distribution schemes
       5.2.1 Basic symmetric key distribution scheme
       5.2.2 Symmetric key distribution scheme with symmetric
             KD-Servers
       5.2.3 Symmetric key distribution scheme with asymmetric
             KD-Servers
       5.2.4 Asymmetric initiator/symmetric target key
             distribution scheme
       5.2.5 Symmetric initiator/asymmetric target key
             distribution scheme
       5.2.6 Full public key distribution scheme
   5.3 Key distribution data elements
       5.3.1 KD-Scheme independent data elements
       5.3.2 Key distribution scheme OBJECT IDENTIFIERs
       5.3.3 Hybrid inter-domain key distribution scheme data
             elements
       5.3.4 Key establishment data elements
       5.3.5 Kerberos Data elements
       5.3.6 Profiling of KD-schemes
             5.3.6.1 Profile of Ticket (symmIntradomain and
                     symmInterdomain)
             5.3.6.2 Profile of PublicTicket
                     (hybridInterdomain)
             5.3.6.3 Profile of SPKM_REQ (asymmInitToSymmTarget,
                     symmInitToAsymmTarget, asymmetric)
   5.4 Returned Key Scheme Information
6 Algorithm use within ECMA mechanism
7 Identifiers for ECMA mechanism choices
   7.1 Architectural mechanism identifiers
8 Errors
   8.1 Minor Status Codes
       8.1.1 Non ECMA-specific codes
       8.1.2 ECMA-specific codes
   8.2 Quality of protection
9 Support functions
   9.1 Attribute handling support functions
       9.1.1 GSS_Set_cred_attributes
       9.1.2 GSS_Get_sec_attributes
       9.1.3 GSS_Get_received_creds
   9.2 Control and support functions for context acceptors
       9.2.1 GSS_Set_cred_controls call
       9.2.2 GSS_Get_sec_controls
       9.2.3 GSS_Compound_creds call
   9.3 Attribute specifications
       9.3.1 Privilege attributes
             9.3.1.1 Access Identity
             9.3.1.2 Group
             9.3.1.3 Primary group
             9.3.1.4 Role attribute
       9.3.2 Attribute set reference
             9.3.2.1 Role name
       9.3.3 Miscellaneous attributes
             9.3.3.1 Audit Identity
             9.3.3.2 Issuer domain name
             9.3.3.3 Validity periods
             9.3.3.4 Optional restrictions
             9.3.3.5 Mandatory restrictions
       9.3.4 Qualifier attributes
             9.3.4.1 Acceptor name
             9.3.4.2 Application trust group
   9.4 C Bindings
       9.4.1 Data types and calling conventions
             9.4.1.1 Identifier
             9.4.1.2 Identifier set
             9.4.1.3 Time periods
             9.4.1.4 time period list
             9.4.1.5 Security attributes
             9.4.1.6 Security Attribute Sets
             9.4.1.7 Credentials List
             9.4.1.8 Acceptor Control
             9.4.1.9 Acceptor Control Set
       9.4.2 gss_set_cred_attributes
       9.4.3 gss_get_sec_attributes
       9.4.4 gss_get_received_creds
       9.4.5 gss_set_cred_controls
       9.4.6 gss_get_sec_controls
       9.4.7 gss_compound_cred
10 Relationship to other standards
Annex A - Formal ASN.1 definitions of data types defined in
          this standard
Annex B - Definitions of [Kerberos] data types
Annex C - Definitions of [SPKM] data types
Annex D - Mappings of Minor Status Returns onto [ECMA-219]
          error values
Annex E - Imported Types

Defines the syntax of the tokens that enable distributed applications implementing the APA-Application and related data elements specified in Standard ECMA-219 to inter work. Also defines some key distribution schemes based on symmetric and asymmetric cryptographic technologies in order to provide a basic set of implementation options. These schemes include specification of the encryption algorithms and methods to be used.

DocumentType	Standard
PublisherName	European Computer Manufacturers Association
Status	Current

NEMA PS3.3 : 2017A	DIGITAL IMAGING AND COMMUNICATIONS IN MEDICINE (DICOM) - PART 3: INFORMATION OBJECT DEFINITIONS
NEMA PS 3.15 : 2017A	DIGITAL IMAGING AND COMMUNICATIONS IN MEDICINE (DICOM) - PART 15: SECURITY AND SYSTEM MANAGEMENT PROFILES
EG 201 057 : 1.1.2	TELECOMMUNICATIONS SECURITY; TRUSTED THIRD PARTIES (TTP); REQUIREMENTS FOR TTP SERVICES

ISO/IEC 9594-8:2017	Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO/IEC 9594-2:2017	Information technology Open Systems Interconnection The Directory Part 2: Models
ISO/IEC 10745:1995	Information technology Open Systems Interconnection Upper layers security model
ECMA 219 : 2ED 96	AUTHENTICATION AND PRIVILEGE ATTRIBUTE SECURITY APPLICATION WITH RELATED KEY DISTRIBUTION FUNCTIONS - PART 1, 2 AND 3