The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use as of 2005[update].
Instead, security-service vendors provide GSSAPI implementations - usually in the form of libraries installed with their security software.
The client and server sides of the application are written to convey the tokens given to them by their respective GSSAPI implementations.
GSSAPI tokens can usually travel over an insecure network as the mechanisms provide inherent message security.
After the exchange of some number of tokens, the GSSAPI implementations at both ends inform their local application that a security context is established.