Simple Authentication and Security Layer

From Wikipedia, the free encyclopedia

Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. Authentication mechanisms can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 is an example of mechanisms which can provide a data security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

SASL was originally specified in RFC 2222, authored by John Meyers while at Carnegie Mellon University. That document was made obsolete by RFC 4422, edited by Alexey Melnikov and Kurt Zeilenga.

SASL is an IETF Standard Track protocol, presently a Proposed Standard.

Contents

A SASL mechanism is modelled as a series of challenges and responses. Defined SASL mechanisms [1] include:

  • "EXTERNAL", where authentication is implicit in the context (e.g., for protocols already using IPsec or TLS)
  • "ANONYMOUS", for unauthenticated guest access
  • "PLAIN", a simple cleartext password mechanism. PLAIN obsoleted the LOGIN mechanism.
  • "OTP", a one-time password mechanism. OTP obsoleted the SKEY Mechanism.
  • "SKEY", an S/KEY mechanism.
  • "CRAM-MD5", a simple challenge-response scheme based on HMAC-MD5.
  • "DIGEST-MD5", HTTP Digest compatible challenge-response scheme based upon MD5. DIGEST-MD5 offers a data security layer.
  • "NTLM", an NT LAN Manager authentication mechanism.
  • "GSSAPI", for Kerberos V authentication via the GSSAPI. GSSAPI offers a data security layer.

A family of SASL mechanisms is planned to support arbitrary GSSAPI mechanisms.

Application protocols define their representation of SASL exchanges with a profile. A protocol has a service name such as "ldap" in a registry shared with GSSAPI and Kerberos [2]. Protocols currently supporting SASL include BEEP, IMAP, LDAP, POP, SMTP, IMSP, ACAP. and XMPP.

Retrieved from "http://en.wikipedia.org../../../s/i/m/Simple_Authentication_and_Security_Layer_80fb.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.