Simple Authentication and Security Layer (SASL) is a

framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...

for

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...

and

data security Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach. Technologies Disk encryption Disk encryption refe ...

in Internet

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...

s. It decouples authentication mechanisms from

application protocol An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network. An ''application layer'' abstraction is specified in both the Internet Protocol Sui ...

s, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support ''proxy authorization'', a facility allowing one user to assume the identity of another. They can also provide a ''data security layer'' offering ''data integrity'' and ''data confidentiality'' services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(TLS) to complement the services offered by SASL. John Gardiner Myers wrote the original SASL specification (RFC 2222) in 1997. In 2006, that document was replaced by RFC 4422 authored by Alexey Melnikov and Kurt D. Zeilenga. SASL, as defined by RFC 4422 is an

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements an ...

''Standard Track'' protocol and is, , a '' Proposed Standard''.

SASL mechanisms

A SASL mechanism implements a series of challenges and responses. Defined SASL mechanisms include:

SASL-aware application protocols

Application protocols define their representation of SASL exchanges with a ''profile''. A protocol has a ''service name'' such as "ldap" in a registry shared with

GSSAPI The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but inc ...

and Kerberos. protocols currently supporting SASL include: *

Application Configuration Access Protocol Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...

Advanced Message Queuing Protocol The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing (including point-to-point and publish-and-su ...

(AMQP) * Blocks Extensible Exchange Protocol *

Internet Message Access Protocol In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by . IMAP was designed with the goal of per ...

(IMAP) * Internet Message Support Protocol *

Internet Relay Chat Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...

(IRC) (with IRCX or th
IRCv3 SASL extension
*

Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...

(LDAP) * libvirt * ManageSieve (RFC 5804) *

memcached Memcached (pronounced variously ''mem-cash-dee'' or ''mem-cashed'') is a general-purpose distributed memory-caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of ...

Post Office Protocol In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common ...

(POP) * Remote framebuffer protocol used by VNC *

Simple Mail Transfer Protocol The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typica ...

(SMTP) *

Subversion Subversion () refers to a process by which the values and principles of a system in place are contradicted or reversed in an attempt to transform the established social order and its structures of power, authority, hierarchy, and social norms ...

protocol *

Extensible Messaging and Presence Protocol Extensible Messaging and Presence Protocol (XMPP, originally named Jabber) is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML (Extensible Markup Language), i ...

(XMPP)

References

External links

* - Simple Authentication and Security Layer (SASL) - obsoletes * - Anonymous Simple Authentication and Security Layer (SASL) Mechanism - obsoletes * - The PLAIN Simple Authentication and Security Layer (SASL) Mechanism - updates * The IET
SASL Working Group
chartered to revise existing SASL specifications, as well as to develop a family of GSSAPI mechanisms
Cyrus SASL
a free and portable SASL library providing generic security for various applications
GNU SASL
a free and portable SASL command-line utility and library, distributed under the

GNU GNU () is an extensive collection of free software (383 packages as of January 2022), which can be used as an operating system or can be used in parts with other operating systems. The use of the completed GNU tools led to the family of operat ...

GPLv3 The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...

and LGPLv2.1, respectively
Dovecot SASL
an SASL implementation * ''(historic)'' - Using Digest Authentication as a SASL Mechanism, obsoleted in

Programming and Deployment Guide {{Authentication APIs Cryptographic protocols Internet Standards Computer access control protocols

SASL mechanisms

SASL-aware application protocols

See also

References

External links