|
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support ''proxy authorization'', a facility allowing one user to assume the identity of another. They can also provide a ''data security layer'' offering ''data integrity'' and ''data confidentiality'' services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL. In 1997, John Gardiner Myers wrote the original SASL specification (RFC 2222) while at Carnegie Mellon University. In 2006 that document was made obsolete by RFC 4422. SASL is an IETF ''Standard Track'' protocol and is, , a ''Proposed Standard''. ==SASL mechanisms== A SASL mechanism implements a series of challenges and responses. Defined SASL mechanisms〔(【引用サイトリンク】title=Simple Authentication and Security Layer (SASL) Mechanisms )〕 include: * "EXTERNAL", where authentication is implicit in the context (e.g., for protocols already using IPsec or TLS) * "ANONYMOUS", for unauthenticated guest access * "PLAIN", a simple cleartext password mechanism. * "OTP", a one-time password mechanism. OTP obsoleted the SKEY Mechanism. * "SKEY", an S/KEY mechanism. * "CRAM-MD5", a simple challenge-response scheme based on HMAC-MD5. * "DIGEST-MD5" ''(historic〔RFC 6331〕)'', partially HTTP Digest compatible challenge-response scheme based upon MD5. DIGEST-MD5 offered a data security layer. * "SCRAM" (RFC 5802), modern challenge-response scheme based mechanism with channel binding support * "NTLM", an NT LAN Manager authentication mechanism * "GSSAPI", for Kerberos V5 authentication via the GSSAPI. GSSAPI offers a data-security layer. * "BROWSERID-AES128", for Mozilla Persona authentication〔(【引用サイトリンク】title=A SASL and GSS-API Mechanism for the BrowserID Authentication Protocol )〕 * "EAP-AES128", for GSS EAP authentication〔(【引用サイトリンク】title=A GSS-API Mechanism for the Extensible Authentication Protocol )〕 * GateKeeper (& GateKeeperPassport), a challenge-response mechanism developed by Microsoft for MSN Chat The GS2 family of mechanisms supports arbitrary GSS-API mechanisms in SASL.〔(【引用サイトリンク】title=Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family )〕 It is now standardized as RFC 5801. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Simple Authentication and Security Layer」の詳細全文を読む スポンサード リンク
|