Simple Authentication and Security Layer (SASL) Mechanisms

Last Updated
2014-04-12
Note
The Simple Authentication and Security Layer (SASL) [RFC4422] is a
method for adding authentication support to connection-based
protocols.  To use this specification, a protocol includes a command
for identifying and authenticating a user to a server and for
optionally negotiating a security layer for subsequent protocol
interactions.  The command has a required argument identifying a SASL
mechanism.

SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case letters, digits, hyphens, and/or
underscores.  SASL mechanism names must be registered with the IANA.
Procedures for registering new SASL mechanisms are described in
[RFC4422].

SASL mechanism names starting with "GS2-" are reserved for SASL
mechanisms which conform to [RFC5801]. 

Registration procedures for SASL mechanism names starting with 
"SCRAM-" are defined in [RFC5802].
    
Available Formats

XML

HTML

Plain text

Registry included below

SASL Mechanisms

Registration Procedure(s)
First Come First Served for mechanisms.
Expert Review with mailing list for family name registrations.
For names beginning with "GS2-", see RFC 5801. 
For names beginning with "SCRAM-", see RFC 5802.

Expert(s)
Simon Josefsson
Reference
[RFC4422]
Available Formats

CSV
Mechanism Usage Reference Owner
KERBEROS_V4 OBSOLETE [RFC2222] [IESG]
GSSAPI COMMON [RFC4752] [IESG]
SKEY OBSOLETE [RFC2444] [IESG]
EXTERNAL COMMON [RFC4422] [IESG]
CRAM-MD5 LIMITED [RFC2195] [IESG]
ANONYMOUS COMMON [RFC4505] [IESG]
OTP COMMON [RFC2444] [IESG]
GSS-SPNEGO LIMITED [Paul_Leach] [Paul_Leach]
PLAIN COMMON [RFC4616] [IESG]
SECURID COMMON [RFC2808] [Magnus_Nystrom]
NTLM LIMITED [Paul_Leach] [Paul_Leach]
NMAS_LOGIN LIMITED [Mark_G_Gayman] [Mark_G_Gayman]
NMAS_AUTHEN LIMITED [Mark_G_Gayman] [Mark_G_Gayman]
DIGEST-MD5 OBSOLETE [RFC6331] [IESG]
9798-U-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato]
9798-M-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato]
9798-U-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-M-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-U-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-M-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
KERBEROS_V5 COMMON [Simon_Josefsson] [Simon_Josefsson]
NMAS-SAMBA-AUTH LIMITED [Vince_Brimhall] [Vince_Brimhall]
SCRAM-* COMMON [RFC5802] [IESG]
SCRAM-SHA-1 COMMON [RFC5802] [IESG]
SCRAM-SHA-1-PLUS COMMON [RFC5802] [IESG]
GS2-* COMMON [RFC5801] [IESG]
GS2-KRB5 COMMON [RFC5801] [IESG]
GS2-KRB5-PLUS COMMON [RFC5801] [IESG]
SPNEGO MUST NOT be used [RFC5801] [IESG]
SPNEGO-PLUS MUST NOT be used [RFC5801] [IESG]
SAML20 COMMON [RFC6595] [IESG]
OPENID20 COMMON [RFC6616] [IESG]
EAP-AES128 COMMON [RFC7055] [IESG]
EAP-AES128-PLUS COMMON [RFC7055] [IESG]

People

ID Name Contact URI Last Updated
[IESG] IESG mailto:iesg&ietf.org
[Magnus_Nystrom] Magnus Nystrom mailto:magnus&rsasecurity.com
[Mark_G_Gayman] Mark G. Gayman mailto:mgayman&novell.com 2000-09
[Paul_Leach] Paul Leach mailto:paulle&microsoft.com 2000-06
[Robert_Zuccherato] Robert Zuccherato mailto:robert.zuccherato&entrust.com
[Simon_Josefsson] Simon Josefsson mailto:simon&josefsson.org 2004-01
[Vince_Brimhall] Vince Brimhall mailto:vbrimhall&novell.com 2004-04