The Generic Security Services API (GSS-API) is a standardized API developed by the Internet Engineering Task Force (IETF) to provide a generic authentication and secure messaging interface that supports a variety of pluggable security mechanisms. The GSS-API is also designed to insulate its users from the underlying security mechanisms by allowing the development of application authentication using a generic interface. GSS-API Version 2 is also defined in a language-independent format.
Sun introduced the Java GSS-API (JGSS) as an optional security package for J2SE 1.4 that provides the Java bindings for the GSS-API. This allows development of applications that enable uniform access to security services over a variety of underlying authentication mechanisms, including Kerberos.
Comparing JGSS with JSSE and JAAS
JGSS-API shares many features with JAAS and JSSE, particularly with regard to client-server authentication, data encryption, and integrity. However, there are some distinguishable differences you should be aware of before choosing JGSS as an appropriate mechanism to use:
The Java GSS-API classes and interfaces are available in the org.ietf.jgss.* package, available as part of J2SE 1.4. Kerberos V5 GSS-API is available as the default instance of org.ietf.jgss.GSSManager. To use JGSS, it is necessary to have an installation of Kerberos realm and also a Kerberos Key Distribution Center (KDC). The KDC is part of a Kerberos installation and is not provided with J2SE bundle.
For more information about using JGSS with Kerberos, refer to http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html.