Talk:Simple Authentication and Security Layer
This is the talk page for discussing improvements to the Simple Authentication and Security Layer article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||
|
SASL Mechanism missing
[edit]The SASL mechanism "LOGIN" (referenced in PLAIN) is missing. Anyone care to write about it? 201.213.16.47 15:43, 27 March 2007 (UTC)
It would also be nice if SCRAM was mentioned. —Preceding unsigned comment added by 77.110.10.251 (talk) 20:29, 29 December 2010 (UTC)
Details
[edit]My edits to this page are based on a quick read of the RFCs/I-Ds rather than any prior familiarity with SASL. Anyone who's actually familiar with it as designed and/or deployed should feel free to edit.
The framework RFC implies that the separation between authentication and authorization identifiers might be a key aspect of this protocol, but I don't understand this well enough to write about it. Perhaps someone else could comment?
JTN 21:46, 2004 Nov 12 (UTC)
- How does the protocol work? Does it transmit passwords in the clear? A chart showing the position of the protocol in an abstraction layer scheme would also be helpful. -- Beland (talk) 20:39, 23 January 2008 (UTC)
- SASL does define a method for cleartext passwords along with a number of other authentication mechanisms. I'd consider it an application layer mechanism; sort of a reusable component so that all applications don't need to reinvent the wheel when doing authentication.--82.130.34.32 (talk) 13:26, 12 August 2008 (UTC)
XAM
[edit]XAM is supporting / using SASL as well