…Introduction Generic Security Service Application Program Interface (GSS-API) [ RFC2743 ] is a framework that provides security services to applications using a variety of authentication mechanisms. Simple Authentication and Security Layer (SASL) [ RFC4422 ] is a framework to pro…

…chanism. The Generic Security Service Application Program Interface (GSS-API) [ RFC2743 ] provides a framework for applications to support multiple authentication mechanisms through a unified programming interface. This document defines a pure SASL mechanism for SAML, but it conf…

… binding data is excluded when SCRAM is used as a GSS-API mechanism, and b) the RFC2743 section 3.1 initial context token header is prefixed to the client's first authentication message (context token). The GSS-API mechanism OID for SCRAM-SHA-1 is 1.3.6.1.5.5.14 (see Section 10 )…

…. The auth-params exchanged use data formats defined for use with the GSS-API [ RFC2743 ]. In particular, they follow the formats set for the SPNEGO [ RFC4178 ] and Kerberos [ RFC4121 ] mechanisms for GSSAPI. The "Negotiate" auth-scheme calls for the use of SPNEGO GSSAPI tokens t…

…nterface (GSSAPI) host-based service name form, as described in Section 4.1 of [RFC2743] . Note that this registry is shared by all GSSAPI and SASL mechanisms. 2) Detail any mechanism negotiation facility that the protocol provides (see Section 3.2 ). A protocol SHOULD specify a …

… to the MAC, or HMAC in some cases, is described in [ RFC2085 ], [ RFC2246 ], [ RFC2743 ], [ RFC1964 ], [ RFC2025 ], and [ RFC4120 ]. The underlying construct is discussed in [ RFC2104 ]. Essentially, a different sequence number in each packet ensures that at least this one input…

… to the MAC, or HMAC in some cases, is described in [ RFC2085 ], [ RFC2246 ], [ RFC2743 ], [ RFC1964 ], [ RFC2025 ], and [ RFC4120 ]. The underlying construct is discussed in [ RFC2104 ]. Essentially, a different sequence number in each packet ensures that at least this one input…