The IESG has approved the following document: - 'GSS-API Extension for Storing Delegated Credentials ' <draft-ietf-kitten-gssapi-store-cred-04.txt> as a Proposed Standard This document is the product of the Kitten (GSS-API Next Generation) Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gssapi-store-cred-04.txt Technical Summary This document defines a new function for the GSS-API which allows applications to store delegated (and other) credentials in the implicit GSS-API credential store. This is needed for GSS-API applications to use delegated credentials as they would use other credentials. Working Group Summary This docment is a product of the kitten working group. The working group process was uneventful. Document Quality There is at least 1 existing implementation of the feature and other implementors are interested. Personnel Alexey Melnikov <alexey.melnikov@isode.com> is the document shepherd for this document. Tim Polk is the responsible AD. RFC Editor Note Please make the following changes: (1) In Section 3: OLD: o default_cred BOOLEAN -- if TRUE make the stored credential available as the default credential (for acquisition with GSS_C_NO_NAME as the desired name or for use as GSS_C_NO_CREDENTIAL) NEW: o default_cred BOOLEAN -- advisory input; if TRUE make the stored credential available as the default credential (for acquisition with GSS_C_NO_NAME as the desired name or for use as GSS_C_NO_CREDENTIAL) (2) In Section 3: OLD: Finally, if the current credential store has no default credential (that is, no credential that could be acquired for GSS_C_NO_NAME) or if the default_cred input argument is TRUE, and the input credential can be successfully stored, then the input credential will be available for acquisition with GSS_C_NO_NAME as the desired name input to GSS_Acquire_cred() or GSS_Add_cred() as well as for use as GSS_C_NO_CREDENTIAL for the cred_handle inputs to GSS_Inquire_cred(), GSS_Inquire_cred_by_mech(), GSS_Init_sec_context() and GSS_Accept_sec_context(). NEW: In the GSS-API the default credential can be used by using GSS_C_NO_CREDENTIAL or a CREDENTIAL handle acquired by calling GSS_Acquire_cred() or GSS_Add_cred() with the desired_name input set to GSS_C_NO_NAME. If the default_cred input argument is TRUE, and the input credential can be successfully stored, then the input credential SHOULD be stored as the default credential (see above). If the current credential store has no default credential (see above) then the implementation MAY make the stored credentials available as the default credential regardless of the value of the default_cred input argument. _______________________________________________ IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
