JSR 28

API for Simple Authentication and Security Layer (SASL)



SASL defines a method for adding authentication support to connection-based protocols.  To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions.  If its use is negotiated, a security layer is inserted between the protocol and the connection.

The unique value provided by SASL is in its protocol independence. A handler for a particular authentication mechanism (CRAM MD5, Kerberos, GSSAPI, ...) can potentially be used to authenticate connections over any protocol.

SASL is defined in RFC 2222. RFCs 2245, 2444, and 2831 describe particular SASL mechanisms, while RFC 2554 describes SASL used with SMTP, and RFC 2829 describes SASL used with LDAP. There are a number of Internet Drafts proposing additional SASL mechanisms.


Current Status

The current version is Maintenance Release 1 Final Release.


Licensing Terms

Community Source License

Reference Implementation and Technology Compatibility Kit

Subject to licensing terms above, you can download the v1.1 RI and TCK here.

Feedback and Comments

Please send feedback and comments to java-sasl-comments@sun.com.