HOME

TheInfoList



Click Here for Items Related To - SPNEGO
OR:
SPNEGO on:   [Wikipedia]   [Google]   [Amazon]

Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), often pronounced "spenay-go", is a GSSAPI "pseudo mechanism" used by client-server software to negotiate the choice of security technology. SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. The pseudo-mechanism uses a protocol to determine what common GSSAPI mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner. SPNEGO's most visible use is in
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
's "HTTP Negotiate"
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...
extension. It was first implemented in
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
5.01 and IIS 5.0 and provided single sign-on capability later marketed as '' Integrated Windows Authentication''. The negotiable sub-mechanisms included NTLM and Kerberos, both used in
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centr ...
. The HTTP Negotiate extension was later implemented with similar support in: *
Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...
1.7 beta *
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current a ...
0.9 *
Konqueror Konqueror is a free and open-source web browser and file manager that provides web access and file-viewer functionality for file systems (such as local files, files on a remote FTP server and files in a disk image). It forms a core part of ...
3.3.1 *
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macO ...
6.0.472


History

* 19 February 1996 – Eric Baize and Denis Pinkas publish the Internet Draft ''Simple GSS-API Negotiation Mechanism'' (draft-ietf-cat-snego-01.txt). * 17 October 1996 – The mechanism is assigned the object identifier ''1.3.6.1.5.5.2'' and is abbreviated snego. * 25 March 1997 – Optimistic piggybacking of one mechanism's initial token is added. This saves a round trip. * 22 April 1997 – The "preferred" mechanism concept is introduced. The draft standard's name is changed from just "Simple" to "Simple and Protected" (spnego). * 16 May 1997 – Context flags are added (
delegation Delegation is the assignment of authority to another person (normally from a manager to a subordinate) to carry out specific activities. It is the process of distributing and entrusting work to another person,Schermerhorn, J., Davidson, P., Poole ...
, mutual auth, etc.). Defenses are provided against attacks on the new "preferred" mechanism. * 22 July 1997 – More context flags are added (
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...
and
confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
). * 18 November 1998 – The rules of selecting the common mechanism are relaxed. Mechanism preference is integrated into the mechanism list. * 4 March 1998 – An optimisation is made for an odd number of exchanges. The mechanism list itself is made optional. * December 1998 (Final) – DER encoding is chosen to disambiguate how the MIC is calculated. The draft is submitted for standardisation as RFC 2478. * October 2005 – Interoperability with Microsoft implementations is addressed. Some constraints are improved and clarified and defects corrected. Published as RFC 4178, although it is now non-interoperable with strict implementations of now-obsoleted RFC 2478.


Notes


References

* * *


External links

* ''The Simple and Protected GSS-API Negotiation Mechanism'' (obsoletes ). * ''SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows'' {{DEFAULTSORT:Spnego Cryptographic protocols Computer access control protocols