The Java Community Process(SM) Program - JSRs: Java Specification Requests

Use of JCP site is subject to the JCP Terms of Use and the Oracle Privacy Policy

JSR

Community

Expert Group

Summary | Proposal | Detail (Summary & Proposal)

JSRs: Java Specification Requests

JSR 28: Java SASL Specification

Original Java Specification Request (JSR)

Identification | Request | Contributions

Section 1: Identification

Submitting Participant:	Netscape Communications Corp.
Name of Contact Person:	Rob Weltman
E-Mail Address:	rweltman@netscape.com
Telephone Number:	1-650-937-3301
Fax Number:	1-650-5476

Submitting Participant:	Sun Microsystems, Inc.
Name of Contact Person:	Rosanna Lee
E-Mail Address:	rosanna@eng.sun.com
Telephone Number:	1-408-863-3221
Fax Number:	1-408-343-1530

Section 2: Request

2.1 Proposed Specification:

Simple Authentication and Security Layer (SASL) specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and (optional) establishment of a security layer on which to carry on subsequent communications. It is used with connection-based protocols such as the Lightweight Directory Access Protocol (LDAP) v3, and Internet Message Access Protocol (IMAP) v4. SASL is described in RFC 2222.

There are various mechanisms defined for SASL. Each mechanism defines the data that must be exchanged between the client and server in order for the authentication to succeed. Mechanisms are registered with IANA.

This proposal is to define a SASL client and server API in the Java programming language.

2.2 What is the target Java platform?

Desktop, Server

2.3Need of the Java community that this will addressed

Makes easier the development of libraries written in the Java programming language for popular protocol standards that use SASL, such as LDAP v3 and IMAP v4.
Independence between those building and supplying SASL mechanisms and those using them.

2.4 Why isn't this need met by existing specifications?

There is currently no standard Java API for SASL. Protocol libraries written in the Java programming language that support SASL, such as LDAP v3 and IMAP v4, currently support SASL in an adhoc manner. A mechanism implementation for one protocol cannot easily be used in another protocol.

2.5 Description:

The proposal defines classes and interfaces for SASL mechanisms. It also provides a pluggable authentication framework that allows SASL mechanisms to be added dynamically to the runtime environment. The API will allow developers to write client and server applications or protocol libraries that can authenticate using different SASL mechanisms, and to write mechanism implementations that can be used by such SASL-enabled applications/libraries.

2.6 Proposed package name

javax.security.sasl

2.7 Dependencies

The Java Authentication and Authorization Service

2.8 Security issues that cannot be addressed by the current security model?

The proposed API can use the current security model.

2.9 Internationalization or localization issues

None

2.10 Existing specifications that might be rendered obsolete, deprecated, or in need of revision

None

Section 3: Contributions

3.1 Existing documents, specifications, or implementations that describe the technology.

The SASL negotiation protocol is defined by RFC 2222. The proposed API must support authentication negotiations conforming to the protocol defined in this document.

An Internet Draft has been published with a proposal for a Java SASL API, available as ftp://ftp.isi.edu/internet-drafts/draft-weltman-java-sasl-02.txt. The draft will be a starting point for definition of this proposal.

3.2 Explanation of how these items might be used as a starting point for the work.

Using the Internet Draft as a starting point, the proposal will make the API fit better within the Java platform, using patterns common to the platform.