[jboss-jira] [JBoss JIRA] (ELY-787) SASL mechanisms are not IANA registered and specifications are not provided
David Lloyd (JIRA)
issues at jboss.org
Wed Nov 23 09:59:01 EST 2016
[ https://issues.jboss.org/browse/ELY-787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13327191#comment-13327191 ]
David Lloyd commented on ELY-787:
---------------------------------
It is not a requirement to only supply IANA registered names, IMO. We can and will provide our own mechanisms and variations now and in the future. In particular we may provide experimental mechanisms that won't be registered until/unless they are successful.
> SASL mechanisms are not IANA registered and specifications are not provided
> ---------------------------------------------------------------------------
>
> Key: ELY-787
> URL: https://issues.jboss.org/browse/ELY-787
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: sasl
>
> Elytron comes with set of SASL mechanisms (as requested by EAP7-530), but they don't fit SASL requirements.
> New mechanisms has to be registered by IANA as requested by [SASL RFC 4422 section 5|https://tools.ietf.org/html/rfc4422#section-5] and Java [SaslClientFactory|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClientFactory.html] and [SaslServerFactory|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslServerFactory.html] contracts.
> Current list of mechanisms provided by Elytron, which are not IANA registered:
> * DIGEST-SHA
> * DIGEST-SHA-256
> * DIGEST-SHA-512
> * JBOSS-LOCAL-USER
> *Suggestion for improvement:*
> Provide specifications for the new mechanisms and register the names by IANA (see [section 7 in RFC-4422|https://tools.ietf.org/html/rfc4422#section-7]).
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list