Talk:Simple Authentication and Security Layer

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on the project's importance scale.

The SASL mechanism "LOGIN" (referenced in PLAIN) is missing. Anyone care to write about it? 201.213.16.47 15:43, 27 March 2007 (UTC)[reply]

It would also be nice if SCRAM was mentioned. —Preceding unsigned comment added by 77.110.10.251 (talk) 20:29, 29 December 2010 (UTC)[reply]

My edits to this page are based on a quick read of the RFCs/I-Ds rather than any prior familiarity with SASL. Anyone who's actually familiar with it as designed and/or deployed should feel free to edit.

The framework RFC implies that the separation between authentication and authorization identifiers might be a key aspect of this protocol, but I don't understand this well enough to write about it. Perhaps someone else could comment?

JTN 21:46, 2004 Nov 12 (UTC)

How does the protocol work? Does it transmit passwords in the clear? A chart showing the position of the protocol in an abstraction layer scheme would also be helpful. -- Beland (talk) 20:39, 23 January 2008 (UTC)[reply]

SASL does define a method for cleartext passwords along with a number of other authentication mechanisms. I'd consider it an application layer mechanism; sort of a reusable component so that all applications don't need to reinvent the wheel when doing authentication.--82.130.34.32 (talk) 13:26, 12 August 2008 (UTC)[reply]

XAM is supporting / using SASL as well

141.90.2.4 (talk) 08:47, 24 March 2014 (UTC)[reply]