Simple Authentication and Security Layer: Difference between revisions
imported>Citation bot Added date. | Use this bot. Report bugs. | Suggested by Abductive | Category:Computer access control protocols | #UCB_Category 21/38 |
imported>SirOlgen m →SASL mechanisms: LINT stripped tag fix - removed links to deleted sections of MSN Chat article per the User:Cewbot update that left a stripped <dt> tag |
||
| Line 33: | Line 33: | ||
|title=A GSS-API Mechanism for the Extensible Authentication Protocol | |title=A GSS-API Mechanism for the Extensible Authentication Protocol | ||
|author=Sam Hartman | |author=Sam Hartman | ||
|date=December 2013 | |date=December 2013 | ||
}}</ref>}} | |||
{{term| | {{term|MSN Chat GateKeeper (& GateKeeperPassport)}} {{defn|a challenge-response mechanism developed by [[Microsoft]] for [[MSN Chat]]}} | ||
{{term|[[OAuth#OAuth 2.0|OAUTHBEARER]]}} {{defn|[[OAuth#OAuth 2.0|OAuth 2.0]] bearer tokens (RFC 6750), communicated through TLS<ref name=rfc7628>{{cite IETF |title= A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth |rfc= 7628 |date=August 2015 |publisher= [[Internet Engineering Task Force|IETF]] |accessdate= October 7, 2016}}</ref>}} | {{term|[[OAuth#OAuth 2.0|OAUTHBEARER]]}} {{defn|[[OAuth#OAuth 2.0|OAuth 2.0]] bearer tokens (RFC 6750), communicated through TLS<ref name=rfc7628>{{cite IETF |title= A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth |rfc= 7628 |date=August 2015 |publisher= [[Internet Engineering Task Force|IETF]] |accessdate= October 7, 2016}}</ref>}} | ||
{{term|[[OAuth|OAUTH10A]]}} {{defn|[[OAuth]] 1.0a message-authentication-code tokens (RFC 5849, Section 3.4.2)<ref name=rfc7628 />}} | {{term|[[OAuth|OAUTH10A]]}} {{defn|[[OAuth]] 1.0a message-authentication-code tokens (RFC 5849, Section 3.4.2)<ref name=rfc7628 />}} | ||
Latest revision as of 23:11, 18 June 2025
Template:Short description Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
John Gardiner Myers wrote the original SASL specification (RFC 2222) in 1997. In 2006, that document was replaced by RFC 4422 authored by Alexey Melnikov and Kurt D. Zeilenga. SASL, as defined by RFC 4422 is an IETF Standard Track protocol and is, Template:As of, a Proposed Standard.
SASL mechanisms
A SASL mechanism implements a series of challenges and responses. Defined SASL mechanisms[1] include: Template:Glossary Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Term Template:Defn Template:Glossary end
SASL-aware application protocols
Application protocols define their representation of SASL exchanges with a profile. A protocol has a service name such as "ldap" in a registry shared with GSSAPI and Kerberos.[2]
Template:As of protocols currently supporting SASL include:
- Application Configuration Access Protocol
- Advanced Message Queuing Protocol (AMQP)
- Blocks Extensible Exchange Protocol
- Internet Message Access Protocol (IMAP)
- Internet Message Support Protocol
- Internet Relay Chat (IRC) (with IRCX or the IRCv3 SASL extension)
- Lightweight Directory Access Protocol (LDAP)
- libvirt
- ManageSieve (RFC 5804)
- memcached
- Post Office Protocol (POP)
- Remote framebuffer protocol[3] used by VNC
- Simple Mail Transfer Protocol (SMTP)
- Subversion Template:Mono protocol
- Extensible Messaging and Presence Protocol (XMPP)
See also
- Transport Layer Security (TLS)
References
External links
- Template:IETF RFC - Simple Authentication and Security Layer (SASL) - obsoletes Template:IETF RFC
- Template:IETF RFC - Anonymous Simple Authentication and Security Layer (SASL) Mechanism - obsoletes Template:IETF RFC
- Template:IETF RFC - The PLAIN Simple Authentication and Security Layer (SASL) Mechanism - updates Template:IETF RFC
- The IETF SASL Working Group, chartered to revise existing SASL specifications, as well as to develop a family of GSSAPI mechanisms
- Cyrus SASL, a free and portable SASL library providing generic security for various applications
- GNU SASL, a free and portable SASL command-line utility and library, distributed under the GNU GPLv3 and LGPLv2.1, respectively
- Dovecot SASL, an SASL implementation
- Template:IETF RFC (historic) - Using Digest Authentication as a SASL Mechanism, obsoleted in Template:IETF RFC
- Java SASL API Programming and Deployment Guide