SASL - Simple Authentication and Security Layer is NOT a security protocol. It is an interface or an abstraction providing pluggable authentication mechanisms to connection-oriented protocols. For example, the SASL interface in a system supporting the LDAP protocol may support Kerberos-based authentication though traditionally LDAP does not support Kerberos-based authentication or security. Another example is that SASL built into an IMAP server may allow Oauth2-based authentication or any new authentication mechanism to be plugged in, though traditionally an IMAP server may only be supporting password-based authentication.
From now on, mechanisms refer to authentication mechanisms like Kerberos-based authentication, OAuth2-based authentication or even plain text authentication and protocols refer to connection-oriented protocols like LDAP, IMAP, SMTP, etc.
The mechanisms are grouped and named. For example, Kerberos-based authentication falls under a mechanism name called GSSAPI.
How a _pr