@techreport{perez-abfab-gss-remote-attr-00,
    number =    {draft-perez-abfab-gss-remote-attr-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-perez-abfab-gss-remote-attr/00/},
    author =    {Alejandro Pérez-Méndez and Rafael Marin-Lopez and Gabriel Lopez-Millan},
    title =     {{Retrieving remote attributes using GSS-API naming extensions}},
    pagetotal = 9,
    year =      2015,
    month =     oct,
    day =       5,
    abstract =  {The GSS-API Naming Extensions define new APIs that extend the GSS-API naming model to support name attribute transfer between GSS-API peers. Historically, this set of functions has been used to obtain the authorization information contained in some sort of authorization token provided to the GSS acceptor during the context establishment process, such as a Kerberos ticket, a SAML assertion, or an X.509 attribute certificate. However, some scenarios require to allow the GSS acceptor to request additional attributes after context establishment. If these attributes are not locally stored by the GSS mechanism they have to be retrieved from an external source (e.g. SQL database, LDAP directory, external IdP, etc.). This document describes how current GSS-API extensions are able to encompass such functionality without requiring of any change, neither on the existing calls nor on the way applications use the API.},
}