Due to the space limitation we omit the detailed description of how principal authorization credentials are obtained and verified.
PRM uses calls to the Asynchronous Reliable Delivery Protocol (ARDP) [11], a communication protocol which handles a set of security services, such as authentication, integrity and payment. ARDP calls the Kerberos library through a security API, requesting principal's authentication information, which is placed into the security context and is passed to the GAA API. Figure 3 shows the flow of control: the system manager calls ARDP requesting the principal's identity (1); the request and verification of the principal's identity credentials take place (2, 3, 4, 5); ARDP places the principal's authentication credentials in the security context (6a); the system manager calls the GAA API (7); the security context, containing the verified principal's identity is passed to the GAA API (7a). When additional security attributes are required for the requested operation, the list of required attributes is returned and obtained by the application. The application or transport may add an upcall function to the security context which is passed to the GAA API and used to request additional credentials. Such additional credentials are requested, verified, and added to the security context by this upcall function.