Glossary

Generic Security Service Application Programming Interface (GSSAPI)

The Generic Security Service Application Programming Interface (GSSAPI) provides a standard API for applications to use for authentication and secure messaging (confidentiality or integrity protection). The GSSAPI is presently the only such standard API, and is supported by a variety of vendors.

The GSSAPI is "mechanism independent," meaning that different security mechanisms may be implemented underneath the common API. This allows the security mechanism to be changed without changing applications. However, in practice the only commonly accepted mechanism supported by most GSSAPI implementations is Kerberos 5. (The SPKM—Simple Public Key Mechanism—is defined for use with PK credentials, but SPKM has seen very little use.)

Microsoft and Sun also support the GSSAPI. Microsoft supports the GSSAPI at the protocol level in Windows 2000. However, the API used in Windows 2000 is slightly different than that GSSAPI, and uses the Microsoft-specific API known as the SSPI.