SASL mechanisms are not IANA registered and specifications are not provided --------------------------------------------------------------------------- Key: ELY-787 URL: https://issues.jboss.org/browse/ELY-787 Project: WildFly Elytron Issue Type: Task Reporter: Josef Cacek Priority: Critical Labels: sasl Fix For: 1.5.2.CR1 Elytron comes with set of SASL mechanisms (as requested by EAP7-530), but they don't fit SASL requirements. New mechanisms has to be registered by IANA as requested by [SASL RFC 4422 section 5|https://tools.ietf.org/html/rfc4422#section-5] and Java [SaslClientFactory|http://docs.oracle.com/javase/8/docs/api/javax/security...] and [SaslServerFactory|http://docs.oracle.com/javase/8/docs/api/javax/security...] contracts. Current list of mechanisms provided by Elytron, which are not IANA registered: * DIGEST-SHA * DIGEST-SHA-256 * DIGEST-SHA-512 * JBOSS-LOCAL-USER *Suggestion for improvement:* Provide specifications for the new mechanisms and register the names by IANA (see [section 7 in RFC-4422|https://tools.ietf.org/html/rfc4422#section-7]).