Dismiss
IP.com applications will be updated on Sunday, March 5, from 11 am to 2 pm ET, to add new functionality and content. You may experience brief service interruptions during this period. We apologize for any inconvenience.
Browse Prior Art Database

Simple Authentication and Security Layer (SASL) (RFC2222)

IP.com Disclosure Number: IPCOM000002780D
Original Publication Date: 1997-Oct-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 13 page(s) / 32K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Myers: AUTHOR

Abstract

This document describes a method for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. This document describes how a protocol specifies such a command, defines several mechanisms for use by the command, and defines the protocol used for carrying a negotiated security layer over the connection.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group J. Myers

Request for Comments: 2222 Netscape Communications

Category: Standards Track October 1997

Simple Authentication and Security Layer (SASL)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1997). All Rights Reserved.

Table of Contents

1. Abstract .............................................. 2

2. Organization of this Document ......................... 2

2.1. How to Read This Document ............................. 2

2.2. Conventions Used in this Document ..................... 2

2.3. Examples .............................................. 3

3. Introduction and Overview ............................. 3

4. Profiling requirements ................................ 4

5. Specific issues ....................................... 5

5.1. Client sends data first ............................... 5

5.2. Server returns success with additional data ........... 5

5.3. Multiple authentications .............................. 5

6. Registration procedures ............................... 6

6.1. Comments on SASL mechanism registrations .............. 6

6.2. Location of Registered SASL Mechanism List ............ 6

6.3. Change Control ........................................ 7

6.4. Registration Template ................................. 7

7. Mechanism definitions ................................. 8

7.1. Kerberos version 4 mechanism .......................... 8

7.2. GSSAPI mechanism ...................................... 9

7.2.1 Client side of authentication protocol exchange ....... 9

7.2.2 Server side of authentication protocol exchange ....... 10

7.2.3 Security layer ........................................ 11

7.3. S/Key mechanism ....................................... 11

7.4. External mechanism .................................... 12

8. References ............................................ 13

9. Security Considerations ............................... 13

10. Author's Address ...................................... 14

Appendix A. Relation of SASL to Transport Security .......... 15

Full Copyright Statement .................................... 16

1. Abstract

This document describes a method for adding authentication support to

connection-based protocols. To use this specification, a protocol

includes a command for identifying and authenticating a user to a

server and for optionally negot...