As an administrator, I want the IAM to communicate securely with registered Applications and Resource Servers using well-known protocols and standards, which comply with US Export Control laws.

TLS/SSL, encryption algorithms that are compatible with Java Cryptography architecture (but not restricted by export control), SASL mechanisms (DIGEST_MD5, GSSAPI, PLAIN w/ SSL)