Talk:Simple Authentication and Security Layer

The SASL mechanism "LOGIN" (referenced in PLAIN) is missing.

Anyone care to write about it?

201.213.16.47 15:43, 27 March 2007 (UTC)

It would also be nice if [http://tools.ietf.org/html/rfc5802 SCRAM] was mentioned. —Preceding unsigned comment added by 77.110.10.251 (talk) 20:29, 29 December 2010 (UTC)

My edits to this page are based on a quick read of the RFCs/I-Ds rather than any prior familiarity with SASL. Anyone who's actually familiar with it as designed and/or deployed should feel free to edit.

The framework RFC implies that the separation between authentication and authorization identifiers might be a key aspect of this protocol, but I don't understand this well enough to write about it. Perhaps someone else could comment?

JTN 21:46, 2004 Nov 12 (UTC)

:How does the protocol work? Does it transmit passwords in the clear? A chart showing the position of the protocol in an abstraction layer scheme would also be helpful. -- Beland (talk) 20:39, 23 January 2008 (UTC)

::SASL does define a method for cleartext passwords along with a number of other authentication mechanisms. I'd consider it an application layer mechanism; sort of a reusable component so that all applications don't need to reinvent the wheel when doing authentication.--82.130.34.32 (talk) 13:26, 12 August 2008 (UTC)

XAM is supporting / using SASL as well

141.90.2.4 (talk) 08:47, 24 March 2014 (UTC)