|
GSSAPI
The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today. Operation The GSSAPI, by itself, does not provide any security. Instead, security-service vendors provide GSSAPI ''implementations'' - usually in the form of libraries installed with their security software. These libraries present a GSSAPI-compatible interface to application writers who can write their application to use only the vendor-independent GSSAPI. If the security implementation ever needs replacing, the application need not be rewritten. The definitive feature of GSSAPI applications is the exchange of opaque messages (''tokens'') which hide the implementation detail from the higher-level application. The client and server sides of the application are written to convey the tokens give ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Simple Authentication And Security Layer
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support ''proxy authorization'', a facility allowing one user to assume the identity of another. They can also provide a ''data security layer'' offering ''data integrity'' and ''data confidentiality'' services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL. John Gardiner Myers wrote the original SASL specification (RFC 2222) in 1997. In 2006, that document was replaced by RFC 4422 authored by Alexey Melnikov and Kurt D. Zeilenga. SASL, as defined by RFC 4422 is an IE ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Support Provider Interface
Security Support Provider Interface (SSPI) is a component of Windows API that performs security-related operations such as authentication. SSPI functions as a common interface to several Security Support Providers (SSPs): A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to apps. Providers The following SSPs are included in Windows: * NTLMSSP (msv1_0.dll) – Introduced in Windows NT 3.51. Provides NTLM challenge/response authentication for Windows domains prior to Windows 2000 and for systems that are not part of a domain. * Kerberos (kerberos.dll) – Introduced in Windows 2000 and updated in Windows Vista to support AES. Performs authentication for Windows domains in Windows 2000 and later. * NegotiateSSP (secur32.dll) – Introduced in Windows 2000. Provides single sign-on capability, sometimes referred to as Integrated Windows Authentication (especially in the context of IIS). Prior to Windows 7, it tries Kerbe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SPNEGO
Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), often pronounced "spenay-go", is a GSSAPI "pseudo mechanism" used by client-server software to negotiate the choice of security technology. SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. The pseudo-mechanism uses a protocol to determine what common GSSAPI mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner. SPNEGO's most visible use is in Microsoft's "HTTP Negotiate" authentication extension. It was first implemented in Internet Explorer 5.01 and IIS 5.0 and provided single sign-on capability later marketed as '' Integrated Windows Authentication''. The negotiable sub-mechanisms included NTLM and Kerberos, both used in Active Directory. The HTTP Negotiate extension was later implemented with s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secure Sockets Layer
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and all its participants are volunteers. Their work is usually funded by employers or other sponsors. The IETF was initially supported by the federal government of the United States but since 1993 has operated under the auspices of the Internet Society, an international non-profit organization. Organization The IETF is organized into a large number of working groups and birds of a feather informal discussion groups, each dealing with a specific topic. The IETF operates in a bottom-up task creation mode, largely driven by these working groups. Each working group has an appointed chairperson (or sometimes several co-chairs); a charter that describes its focus; and what it is expected to produce, and when. It is open to all who want to pa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PKCS 11
In cryptography, PKCS #11 is one of the Public-Key Cryptography Standards, and also refers to the programming interface to create and manipulate cryptographic tokens (a token where the secret is a cryptographic key). Detail The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key", although "PKCS #11" is often used to refer to the API as well as the standard that defines it). The API defines most commonly used cryptographic object types ( RSA keys, X.509 certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects. Usage Most commercial certificate authority (CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Moz ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Distributed Computing Environment
In computing, the Distributed Computing Environment (DCE) software system was developed in the early 1990s from the work of the Open Software Foundation (OSF), a consortium (founded in 1988) that included Apollo Computer (part of Hewlett-Packard from 1989), IBM, Digital Equipment Corporation, and others. The DCE supplies a framework and a toolkit for developing client/server applications. The framework includes: * a remote procedure call (RPC) mechanism known as DCE/RPC * a naming (directory) service * a time service * an authentication service * a distributed file system (DFS) known as DCE/DFS DCE represented a big step in the direction of standardization of architectures, which had previously been manufacturer-dependent. Like the OSI model, DCE has not seen much success in practical implementation; however, its underlying concepts have had more substantial influence over subsequent efforts. History Open Software Foundation (OSF) came about to a large degree as part of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NTLM
In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings. NTLM passwords are considered weak because they can be brute-forced very easily with modern hardware. Protocol NTLM is a challenge–response authentication protocol which uses three messages to authenticate a client in a connection-oriented environment (connectionless is similar), and a fourth additional message if integrity i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secure Channel
In cryptography, a secure channel is a means of data transmission that is resistant to overhearing and tampering. A confidential channel is a means of data transmission that is resistant to overhearing, or eavesdropping (e.g., reading the content), but not necessarily resistant to tampering (i.e., manipulating the content). An authentic channel is a means of data transmission that is resistant to tampering but not necessarily resistant to overhearing. In contrast to a secure channel, an insecure channel is unencrypted and may be subject to eavesdropping and tampering. Secure communications are possible over an insecure channel if the content to be communicated is encrypted prior to transmission. Secure channels in the real world There are no perfectly secure channels in the real world. There are, at best, only ways to make insecure channels (e.g., couriers, homing pigeons, diplomatic bags, etc.) less insecure: padlocks (between courier wrists and a briefcase), loyalty tests, se ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Protocol (computing)
A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchronization of communication and possible error recovery methods. Protocols may be implemented by hardware, software, or a combination of both. Communicating systems use well-defined formats for exchanging various messages. Each message has an exact meaning intended to elicit a response from a range of possible responses pre-determined for that particular situation. The specified behavior is typically independent of how it is to be implemented. Communication protocols have to be agreed upon by the parties involved. To reach an agreement, a protocol may be developed into a technical standard. A programming language describes the same for computations, so there is a close analogy between protocols and programming languages: ''protocols ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
