In this paper we discuss progress in the development of Application
Program Interfaces (APIs) and mechanisms which provide a comprehensive
set of security services to application developers.  The APIs, though
similar, are designed for distinct environments:  the session API
("GSS") is aimed at the on-line real-time messaging environment; the
store-and-forward API ("IDUP") is particularly suited to electronic-mail
types of environments (where messages are secured independently of any
on-line communication with intended recipients of those messages).  Both
APIs are designed to be easy to use, yet with appropriate
public-key-based mechanisms (such as SPKM and PIM) include many
necessary services for communication security, such as data origin
authentication, data confidentiality, data integrity, and support for
non-repudiation.  A full key management and certification infrastructure
can be provided by implementations of these APIs/mechanisms in a way
which is completely transparent to the calling application, thus
ensuring maximum flexibility and scalability to future environments.