allowing callers to trade off security processing overhead
   dynamically against the protection requirements of particular
   messages. A per-message quality-of-protection parameter (analogous to
   quality-of-service, or QOS) selects among different QOP options
   supported by that mechanism. On context establishment for a multi-QOP
   mech_type, context-level data provides the prerequisite data for a
   range of protection qualities.

   It is expected that the majority of callers will not wish to exert
   explicit mechanism-specific QOP control and will therefore request
   selection of a default QOP. Definitions of, and choices among, non-
   default QOP values are mechanism-specific, and no ordered sequences
   of QOP values can be assumed equivalent across different mechanisms.
   Meaningful use of non-default QOP values demands that callers be
   familiar with the QOP definitions of an underlying mechanism or
   mechanisms, and is therefore a non-portable construct.

2.  Interface Descriptions

   This section describes the GSS-API's service interface, dividing the
   set of calls offered into four groups. Credential management calls
   are related to the acquisition and release of credentials by
   principals. Context-level calls are related to the management of
   security contexts between principals. Per-message calls are related
   to the protection of individual messages on established security
   contexts. Support calls provide ancillary functions useful to GSS-API
   callers. Table 2 groups and summarizes the calls in tabular fashion.















 
RFC 1508               Generic Security Interface         September 1993


      Table 2:  GSS-API Calls

      CREDENTIAL MANAGEMENT

      GSS_Acquire_cred             acquire credentials for use
      GSS_Release_cred             release credentials after use
      GSS_Inquire_cred             display information about
                                   credentials

      CONTEXT-LEVEL CALLS

      GSS_Init_sec_context         initiate outbound security context
      GSS_Accept_sec_context       accept inbound security context
      GSS_Delete_sec_context       flush context when no longer needed
      GSS_Process_context_token    process received control token on
                                   context
      GSS_Context_time             indicate validity time remaining on
                                   context

      PER-MESSAGE CALLS

      GSS_Sign                     apply signature, receive as token
                                   separate from message
      GSS_Verify                   validate signature token along with
                                   message
      GSS_Seal                     sign, optionally encrypt,
                                   encapsulate
      GSS_Unseal                   decapsulate, decrypt if needed,
                                   validate signature

      SUPPORT CALLS

      GSS_Display_status           translate status codes to printable
                                   form
      GSS_Indicate_mechs           indicate mech_types supported on
                                   local system
      GSS_Compare_name             compare two names for equality
      GSS_Display_name             translate name to printable form
      GSS_Import_name              convert printable name to
                                   normalized form
      GSS_Release_name             free storage of normalized-form
                                   name
      GSS_Release_buffer           free storage of printable name
      GSS_Release_oid_set          free storage of OID set object








 
RFC 1508               Generic Security Interface         September 1993