Editing Generic Security Services Application Programming Interface (section)

== Key concepts ==
;Name :A binary string that labels a [[security principal]] (i.e., user or service program) - see [[access control]] and [[identity (object-oriented programming)|identity]]. For example, [[Kerberos (protocol)|Kerberos]] uses names like ''user@REALM'' for users and ''service/hostname@REALM'' for programs.
;[[Credential]]s :Information that proves an identity; used by an entity to act as the named principal. Credentials typically involve a secret cryptographic key.
;Context :The state of one end of the authenticating/authenticated [[protocol (computing)|protocol]]. May provide message protection services, which can be used to compose a [[secure channel]].
;Tokens :Opaque messages exchanged either as part of the initial authentication protocol (context-level tokens), or as part of a protected communication (per-message tokens)
;Mechanism :An underlying GSSAPI implementation that provides actual names, tokens and credentials. Known mechanisms include [[Kerberos (protocol)|Kerberos]], [[NTLM]], [[Distributed Computing Environment]] (DCE), SESAME, [[SPKM]], LIPKEY.
;Initiator/acceptor :The peer that sends the first token is the initiator; the other is the acceptor. Generally, the client program is the initiator while the server is the acceptor.