...
This is the main interface that drives the authentication mechanism and allows channels to add security
contexts that must be resolved at authenticate time. Some of the aesthetics of this interface require further
discussion. The integer value returned by getAuthType() should be a globally unique authentication flavor.
One possibility is to use the SASL names for authentication. It is important, for instance that if we agree
that:
public static final int PASSWORD_AUTH = 0x44;
The concept of PASSWORD_AUTH is clearly documented and no one else uses either the number or the
name for a different flavor of password-based authentication. The concept of channel affiliation allows
credentials to be stored that will be used by channel-specific authentication. (See single sign on below). If
there are no additional authentication descriptors or no stored opaque credentials, the value returned from
these methods is allowed to be null and the caller must check for this before continuing.
...