aspose file tools
The moose likes Java in General and the fly likes To Cay and Gary: SASL and JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » Java in General
Reply Bookmark "To Cay and Gary: SASL and JAAS" Watch "To Cay and Gary: SASL and JAAS" New topic
Author

To Cay and Gary: SASL and JAAS

Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
posted private message
0
Quote
Hi Cay,

Tiger has introduced SASL. Does this overlap some functionality provided by JAAS?

I saw the JSR said SASL depends on JAAS, however, if so, why we need such a subset? Does it really simply JAAS a lot for simple security measurements?

Nick

SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Cay Horstmann
author
Ranch Hand

Joined: Nov 14, 2004
Posts: 77
posted private message
0
Quote
I am definitely not an expert on SASL, and it seems to me a rather specialized issue. It is a protocol that allows client and server to negotiate an authentication mechanism. SASL is used by LDAPv3 and IMAP. However, if all you want is talk to LDAP or IMAP servers, then you need not worry about SASL--the JNDI and JavaMail APIs have the necessary plumbing built-in. You would worry about SASL if you wanted to implement your own client and server application and have the benefits of the SASL protocol. According to http://java.sun.com/j2se/5.0/docs/guide/security/sasl/sasl-refguide.html,
SASL is more lightweight than using SSL or Kerberos (via Java GSS).

Cheers,

Cay

Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0131482025/ref=jranch-20" target="_blank" rel="nofollow">Core Java 2, Volume I - Fundamentals (7th Edition)</a>
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
posted private message
0
Quote

SASL is more lightweight

Does it compare with JAAS?

Also, SASL is a lightweight seems it uses light weight *handshaking* methods between client and server?

Nick
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
posted private message
0
Quote
Moreover, taking about Security issue, I would like to know whether Tiger support ECC as one of its encryption algorithms?

Nick
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: To Cay and Gary: SASL and JAAS
 
Similar Threads
what is SASL and JAAS
Thanks for having me!
SCEA exam coverage versions
user maintenance
SASL support in jdk 1.4