F <- 4. Definitions -> H
G
$ gateway
(I) An intermediate system (interface, relay) that attaches to two
(or more) computer networks that have similar functions but
dissimilar implementations and that enables either one-way or two-
way communication between the networks. (See: bridge, firewall,
guard, internetwork, proxy server, router, and subnetwork.)
Tutorial: The networks may differ in any of several aspects,
including protocols and security mechanisms. When two computer
networks differ in the protocol by which they offer service to
hosts, a gateway may translate one protocol into the other or
otherwise facilitate interoperation of hosts (see: Internet
Protocol). In theory, gateways between computer networks are
conceivable at any OSIRM layer. In practice, they usually operate
Shirey Informational [Page 134]
RFC 4949 Internet Security Glossary, Version 2 August 2007
at OSIRM Layer 2 (see: bridge), 3 (see: router), or 7 (see: proxy
server).
$ GCA
(O) See: geopolitical certificate authority.
$ GDOI
(O) See: Group Domain of Interpretation.
$ GeldKarte
(O) A smartcard-based, electronic money system that is maintained
by the German banking industry, incorporates cryptography, and can
be used to make payments via the Internet. (See: IOTP.)
$ GeneralizedTime
(N) The ASN.1 data type "GeneralizedTime" (ISO 8601) contains a
calendar date (YYYYMMDD) and a time of day, which is either (a)
the local time, (b) the Coordinated Universal Time, or (c) both
the local time and an offset that enables Coordinated Universal
Time to be calculated. (See: Coordinated Universal Time. Compare:
UTCTime.)
$ Generic Security Service Application Program Interface (GSS-API)
(I) An Internet Standard protocol [R2743] that specifies calling
conventions by which an application (typically another
communication protocol) can obtain authentication, integrity, and
confidentiality security services independently of the underlying
security mechanisms and technologies, thus enabling the
application source code to be ported to different environments.
(Compare: EAP, SASL.)
Tutorial: "A GSS-API caller accepts tokens provided to it by its
local GSS-API implementation and transfers the tokens to a peer on
a remote system; that peer passes the received tokens to its local
GSS-API implementation for processing. The security services
available through GSS-API in this fashion are implementable (and
have been implemented) over a range of underlying mechanisms based
on [symmetric] and [asymmetric cryptography]." [R2743]
$ geopolitical certificate authority (GCA)
(O) /SET/ In a SET certification hierarchy, an optional level that
is certified by a BCA and that may certify cardholder CAs,
merchant CAs, and payment gateway CAs. Using GCAs enables a brand
to distribute responsibility for managing certificates to
geographic or political regions, so that brand policies can vary
between regions as needed.
Shirey Informational [Page 135]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ GIG
(O) See: Global Information Grid.
$ Global Information Grid (GIG)
(O) /U.S. DoD/ The GIG is "a globally interconnected, end-to-end
set of information capabilities, associated processes and
personnel for collecting, processing, storing, disseminating, and
managing information on demand to war fighters, policy makers, and
support personnel." [IATF] Usage: Formerly referred to as the DII.
$ good engineering practice(s)
(N) A term used to specify or characterize design, implementation,
installation, or operating practices for an information system,
when a more explicit specification is not possible. Generally
understood to refer to the state of the engineering art for
commercial systems that have problems and solutions equivalent to
the system in question.
$ granularity
1. (N) /access control/ Relative fineness to which an access
control mechanism can be adjusted.
2. (N) /data security/ "The size of the smallest protectable unit
of information" in a trusted system. [Huff]
$ Green Book
(D) /slang/ Synonym for "Defense Password Management Guideline"
[CSC2].
Deprecated Term: Except as an explanatory appositive, IDOCs SHOULD
NOT use this term, regardless of the associated definition.
Instead, use the full proper name of the document or, in
subsequent references, a conventional abbreviation. (See: Rainbow
Series.)
Deprecated Usage: To improve international comprehensibility of
Internet Standards and the Internet Standards Process, IDOCs
SHOULD NOT use "cute" synonyms. No matter how clearly understood
or popular a nickname may be in one community, it is likely to
cause confusion or offense in others. For example, several other
information system standards also are called "the Green Book"; the
following are some examples:
- Each volume of 1992 ITU-T (known at that time as CCITT)
standards.
- "PostScript Language Program Design", Adobe Systems, Addison-
Wesley, 1988.
- IEEE 1003.1 POSIX Operating Systems Interface.
Shirey Informational [Page 136]
RFC 4949 Internet Security Glossary, Version 2 August 2007
- "Smalltalk-80: Bits of History, Words of Advice", Glenn
Krasner, Addison-Wesley, 1983.
- "X/Open Compatibility Guide".
- A particular CD-ROM format developed by Phillips.
$ Group Domain of Interpretation (GDOI)
(I) An ISAKMP/IKE domain of interpretation for group key
management; i.e., a phase 2 protocol in ISAKMP. [R3547] (See:
secure multicast.)
Tutorial: In this group key management model that extends the
ISAKMP standard, the protocol is run between a group member and a
"group controller/key server", which establishes security
associations [R4301] among authorized group members. The GDOI
protocol is itself protected by an ISAKMP phase 1 association.
For example, multicast applications may use ESP to protect their
data traffic. GDOI carries the needed security association
parameters for ESP. In this way, GDOI supports multicast ESP with
group authentication of ESP packets using a shared, group key.
$ group identity
(I) See: secondary definition under "identity".
$ group security association
(I) "A bundling of [security associations] (SAs) that together
define how a group communicates securely. The [group SA] may
include a registration protocol SA, a rekey protocol SA, and one
or more data security protocol SAs." [R3740]
$ GSS-API
(I) See: Generic Security Service Application Program Interface.
$ guard
(I) A computer system that (a) acts as gateway between two
information systems operating under different security policies
and (b) is trusted to mediate information data transfers between
the two. (See: controlled interface, cross-domain solution,
domain, filter. Compare: firewall.)
Usage: Frequently understood to mean that one system is operating
at a higher security level than the other, and that the gateway's
purpose is to prevent unauthorized disclosure of data from the
higher system to the lower. However, the purpose might also be to
protect the data integrity, availability, or general system
integrity of one system from threats posed by connecting to the
other system. The mediation may be entirely automated or may
involve "reliable human review".
Shirey Informational [Page 137]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ guest login
(I) See: anonymous login.
$ GULS
(I) Generic Upper Layer Security service element (ISO 11586), a
five-part standard for the exchange of security information and
security-transformation functions that protect confidentiality and
integrity of application data.
$ Gypsy verification environment
(O) A methodology, language, and integrated set of software tools
developed at the University of Texas for specifying, coding, and
verifying software to produce correct and reliable programs.
[Cheh]
F <- 4. Definitions -> H