[jboss-jira] [JBoss JIRA] (ELY-129) Choose SASL mechanisms based on better criteria

David Lloyd created ELY-129: ------------------------------- Summary: Choose SASL mechanisms based on better criteria Key: ELY-129 URL: https://issues.jboss.org/browse/ELY-129 Project: WildFly Elytron Issue Type: Enhancement Reporter: David Lloyd SASL mechanism selection is based on properties right now, that specify only a few very limited criteria. We should provide a better selection mechanism that allows selection based on the following criteria: * Specify requirements of the mechanism itself ** Algorithm usage ** Key length (where applicable) ** Parameters similar to existing Sasl ones, like: *** QOP *** Forward secrecy *** Plaintext *** Active attack susceptibility *** etc. * Specify requirements around the mechanism's circumstance ** Restrict by enclosing channel security *** Require TLS cipher suite parameters (using existing database parameters) *** Require channel binding In the end the client or server user should be able specify SASL mechanism usage using expressions that can express things like: * Use PLAIN only if TLS is in use with AES encryption * Use EXTERNAL only if TLS is in use * Use no SASL mechanisms employing weak hash algorithms (MD5 and worse) * Use only SASL mechanisms employing SHA-256 * Use only SASL mechanisms that provide channel binding and require TLS * Use only ANONYMOUS -- This message was sent by Atlassian JIRA (v6.3.11#6341)