[standards-jig] Advanced authentication

Thomas Muldowney temas at box5.net
Mon May 6 14:47:24 CDT 2002


I'm going to finally chime in and agree with Iain here.  SASL is
becoming a dominating force and it strongly behooves us to support it
fully and richly in Jabber.  Jer and I were even discussing it the other
night for a more unified auth model in jabber (user, component, etc).

Like Iain, I'm not against another idea, but it would be beneficial for
us to all focus on one goal.  I personally hope SASL is that goal.

--temas


On Mon, 2002-05-06 at 14:07, Iain Shigeoka wrote:
> On 5/5/02 5:07 PM, "Robert Norris" <rob at cataclysm.cx> wrote:
> 
> >>> So, where do we go from here? I still don't have a problem with AAF as
> >>> it stands; I don't see any fundamental flaws in it. Should we be doing
> >>> SASL, even though it down essentially the same job, or just continue
> >>> refining AAF?
> >> 
> >> I still think that if there is a way to do it, sticking with SASL is best.
> >> I'd be looking for an absolutely must have feature or order of magnitude
> >> improvement in order to justify rolling your own system.  Of course, I seem
> >> to be in the minority on this view in the Jabber community so you can also
> >> take my comment as a single vote and not any group thought.  :)  Many Jabber
> >> enthusiasts definitely like rolling their own solutions.
> > 
> > As I've said, I think the requirements stipulated by SASL are not well
> > suited to Jabber, and that AAF does essentially the same job anyway. It
> > would take some contortions and hoop jumping to make SASL fit with
> > Jabber, effort that I'm not sure is required. It is still possible to
> > build any SASL mechanism on top of AAF.
> 
> Right.  I agree to disagree with you.  :)  I think it would be worth the
> effort to make sasl work within the context of Jabber.  You disagree.
> 
> > What do others think? I'd like more than two opinions before I take this
> > any further. Or should I take the relative silence about this to mean
> > that more complex authentication is not really a need for people?
> 
> Having wrangled with the security issues for a while, I can tell you that
> there is a real need for it.  However, that does not translate into a lot of
> participation.  :(  Most people really want better security, but few will
> help create a new system.  I'm not sure if people just don't like security
> or think its too complicated or what but we've never had a large number of
> participants in security issues.
> 
> I would suggest forging ahead and coming up with a JEP if you still like the
> AAF idea.  Other wise you'll just be discussing it with me and it seems we
> already disagree.  :)
> 
> -iain
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig





More information about the Standards-JIG mailing list