Simple Authentication and Security Layer (sasl)

Last Modified: 2008-03-13

Additional information is available at tools.ietf.org/wg/sasl

Chair(s):

  • Kurt Zeilenga <kurt.zeilenga@isode.com>

  • Tom Yu <tlyu@mit.edu>

    Security Area Director(s):

  • Tim Polk <tim.polk@nist.gov>
  • Pasi Eronen <pasi.eronen@nokia.com>

    Security Area Advisor:

  • Pasi Eronen <pasi.eronen@nokia.com>

    Mailing Lists:

    General Discussion: ietf-sasl@imc.org
    To Subscribe: ietf-sasl-request@imc.org
    In Body: subscribe
    Archive: http://www.imc.org/ietf-sasl/mail-archive/

    Description of Working Group:

    The Simple Authentication and Security Layer [RFC2222] provides key
    security services to a number of application protocols including BEEP,
    IMAP, LDAP, POP, and SMTP. The purpose of this working group is to
    shepherd SASL, including select SASL mechanisms, through the Internet
    Standards process.

    This group will deliver a revised SASL Technical Specification
    suitable for consideration as a Draft Standard. This work will be
    based upon RFC 2222 and draft-myers-saslrev.

    This group will deliver revised Technical Specifications suitable for
    consideration as Draft Standards for the following SASL mechanisms:
    ANONYMOUS, PLAIN, CRAM-MD5, DIGEST-MD5, and EXTERNAL. This work will
    be based upon RFC 2195, RFC 2222, RFC 2831, draft-zeilenga-sasl-anon,
    draft-zeilenga-sasl-plain, draft-nerenberg-sasl-crammd5 and
    draft-melnikov-rfc2831bis, and draft-myers-saslrev-xx.txt.

    This group will deliver a revised Technical Specification suitable for
    publication as Proposed Standard for the GSSAPI family of SASL
    mechanisms. This work will be based upon RFC 2222 and
    draft-ietf-cat-sasl-gssapi.

    The following areas are not within the scope of work of this WG:

    - new features,

    - SASL Mechanisms not specifically mentioned above, and

    - SASL "profiles".

    However, the SASL WG is an acceptable forum for review of SASL-related
    submissions produced by others as long as such review does not impede
    progress on the WG objectives listed above.

    Goals and Milestones:

    Done  Submit revised SASL (+ EXTERNAL) I-D
    Done  Submit revised SASL ANONYMOUS I-D
    Done  Submit revised SASL PLAIN I-D
    Done  Submit revised SASL CRAM-MD5 I-D
    Done  Submit revised SASL DIGEST-MD5 I-D
    Done  Submit revised SASL GSSAPI I-D
    Done  Submit SASL (+ EXTERNAL) to the IESG for consideration as a Proposed Standard
    Done  Submit GSSAPI to IESG for consideration as a Proposed Standard
    Sep 2006  Submit GS2 to IESG for consideration as a Proposed Standard
    Sep 2006  Submit CRAM-MD5 to IESG for consideration as a Proposed Standard
    Oct 2006  Submit DIGEST-MD5 to IESG for consideration as a Proposed Standard
    Oct 2006  Provide implementation report plan (with milestones)
    Nov 2006  Revise charter or conclude

    No Current Internet-Drafts

    Request For Comments:

    SASLprep: Stringprep profile for user names and passwords (RFC 4013) (13051 bytes)
    Simple Authentication and Security Layer (SASL) (RFC 4422) (73206 bytes) obsoletes RFC 2222
    Anonymous Simple Authentication and Security Layer (SASL) Mechanism (RFC 4505) (16599 bytes) obsoletes RFC 2245
    The PLAIN Simple Authentication and Security Layer (SASL) Mechanism (RFC 4616) (20270 bytes) updates RFC 2595
    The Kerberos V5 ( (RFC 4752) (22133 bytes) obsoletes RFC 2222
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.