Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL. In 1997, John Gardiner Myers wrote the original SASL specification (RFC 2222) while at Carnegie Mellon University. In 2006 that document was made obsolete by RFC 4422.
SASL is an IETFStandard Track protocol and is, as of 2010[update], a Proposed Standard.
^Bartlett, Andrew (2005-04-25). "GENSEC - Designing a security subsystem" (PDF). p. 4. Retrieved 2010-03-28. The idea of a generic security API is not new [...] to implement, by some mechanism or other, a wide variety of these protocols, including SASL, GSS-API, SPNEGO as well as the proprietary NTLMSSP [...] in the wider open source world we see individual applications introduce similar abstraction layers, or adopt the Open Source Cyrus-SASL library to provide one.