The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and authorization to comunications protocols. It is defined in RFC 2222 [L1 ]. The design attempts to separate the implementation of authentication mechanisms from the implementation of communications protocols. The result is a set of available mechanisms that a server and client can select among.

SASL is currently found in SMTP, IMAP, LDAP, BEEP, XMPP and in HTTP authentication. Some common mechanisms are ANONYMOUS [L2 ], PLAIN, LOGIN, CRAM-MD5 [L3 ], DIGEST-MD5 [L4 ], NTLM and Kerberos.

tcllib 1.8 contains an implementation of SASL that supports the most common mechanisms. TclSASL is a Tcl interface to the cyrus-sasl library which supports all those implemented by that library.

See Marshall T. Rose's excellent "Using SASL: Pluggable Security" [L5 ].

Also see SASL and TWAPI.