Product Code Database
Example Keywords: kindle -belt $31
   » » Wiki: Simple Authentication And Security Layer
Tag Wiki 'Simple Authentication And Security Layer'.

Simple Authentication and Security Layer

Simple Authentication and Security Layer ( SASL) is a framework for and in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

John Gardiner Myers wrote the original SASL specification (RFC 2222) in 1997 while at Carnegie Mellon University. In 2006, that document was made obsolete by RFC 4422 authored by Alexey Melnikov and Kurt D. Zeilenga. SASL, as defined by RFC 4422 is an Standard Track protocol and is, , a Proposed Standard.

SASL mechanisms
A SASL mechanism implements a series of challenges and responses. Defined SASL mechanisms include:
  • EXTERNAL, where authentication is implicit in the context (e.g., for protocols already using or TLS)
  • ANONYMOUS, for unauthenticated guest access
  • PLAIN, a simple mechanism, defined in RFC 4616
  • OTP, a one-time password mechanism. Obsoletes the SKEY mechanism.
  • SKEY, an S/KEY mechanism.
  • CRAM-MD5, a simple challenge-response scheme based on .
  • DIGEST-MD5 (historicRFC 6331), partially Digest compatible challenge-response scheme based upon MD5. DIGEST-MD5 offered a data security layer.
  • SCRAM (RFC 5802), modern challenge-response scheme based mechanism with channel binding support
  • , an NT LAN Manager authentication mechanism
  • GS2- family of mechanisms supports arbitrary mechanisms in SASL. It is now standardized as RFC 5801.
  • , for Kerberos V5 authentication via the GSSAPI. GSSAPI offers a data-security layer.
  • BROWSERID-AES128, for authentication

  • EAP-AES128, for GSS EAP authentication

  • GateKeeper (& GateKeeperPassport), a challenge-response mechanism developed by for
  • OAUTHBEARER, , OAuth, an authentication protocol for delegated resource access

SASL-aware application protocols
Application protocols define their representation of SASL exchanges with a profile. A protocol has a service name such as "ldap" in a registry shared with GSSAPI and Kerberos.

protocols currently supporting SASL include:
  • Application Configuration Access Protocol
  • Advanced Message Queuing Protocol
  • Blocks Extensible Exchange Protocol
  • Internet Message Access Protocol
  • Internet Relay Chat (with or the IRCv3 SASL extension)
  • Lightweight Directory Access Protocol
  • ManageSieve (RFC 5804)
  • Post Office Protocol
  • used by
  • Simple Mail Transfer Protocol
  • Subversion svn protocol
  • Extensible Messaging and Presence Protocol

See also
  • Transport Layer Security (TLS)

External links
  • RFC 4422 - Simple Authentication and Security Layer (SASL) - obsoletes RFC 2222
  • RFC 4505 - Anonymous Simple Authentication and Security Layer (SASL) Mechanism - obsoletes RFC 2245
  • RFC 4616 - The PLAIN Simple Authentication and Security Layer (SASL) Mechanism - updates RFC 2595
  • The IETF SASL Working Group, chartered to revise existing SASL specifications, as well as to develop a family of GSSAPI mechanisms
  • Cyrus SASL, a free and portable SASL library providing generic security for various applications
  • GNU SASL, a free and portable SASL command-line utility and library, distributed under the and , respectively
  • Dovecot SASL, an SASL implementation
  • RFC 2831 (historic) - Using Digest Authentication as a SASL Mechanism, obsoleted in RFC 6331
  • Java SASL API Programming and Deployment Guide

Page 1 of 1
Page 1 of 1


Pages:  ..   .. 
Items:  .. 


General: Atom Feed Atom Feed  .. 
Help:  ..   .. 
Category:  ..   .. 
Media:  ..   .. 
Posts:  ..   ..   .. 


Page:  .. 
Summary:  .. 
1 Tags
10/10 Page Rank
5 Page Refs