It isn’t any one type of authentication, but it is an extensible framework that allows for just about any type of authentication. The type of authentication is identified with a mechanism name, and the credentials can be encoded in a manner that is specific to that mechanism.

Some SASL mechanisms provide support for specifying an alternate authorization identity that should be used for processing subsequent operations on the connection. Some mechanisms also provide support for adding integrity (digital signatures) or confidentiality (encryption) to any communication that occurs over the connection after the authentication has completed.