GSS-API DEFINITIONS ::=

          BEGIN


          MechType ::= OBJECT IDENTIFIER
          -- data structure definitions

          -- callers must be able to distinguish among
          -- InitialContextToken, SubsequentContextToken,
          -- PerMsgToken, and SealedMessage data elements
          -- based on the usage in which they occur

          InitialContextToken ::=
          -- option indication (delegation, etc.) indicated within
          -- mechanism-specific token
          [APPLICATION 0] IMPLICIT SEQUENCE {
                  thisMech MechType,
                  innerContextToken ANY DEFINED BY thisMech





                     -- contents mechanism-specific
                  }

          SubsequentContextToken ::= innerContextToken ANY
          -- interpretation based on predecessor InitialContextToken

          PerMsgToken ::=
          -- as emitted by GSS_Sign and processed by GSS_Verify
                  innerMsgToken ANY

          SealedMessage ::=
          -- as emitted by GSS_Seal and processed by GSS_Unseal
          -- includes internal, mechanism-defined indicator
          -- of whether or not encrypted
                  sealedUserData ANY

          END


