This paper describes the features of a Generic Security Service Applic
ation Program Interface (GSS-API), examines its underlying assumptions
, and evaluates lessons learned during its evolution. The GSS-API is d
esigned to support architects of distributed protocols by providing th
em with a 'toolkit' for integration of security features (peer entity
authentication, data origin authentication, data integrity and data co
nfidentiality) into those protocols. It has been implemented atop a va
riety of technologies, including both secret-key and public-key approa
ches.