[standards-jig] Advanced authentication
temas at box5.net
Mon May 6 14:47:24 CDT 2002
I'm going to finally chime in and agree with Iain here. SASL is
becoming a dominating force and it strongly behooves us to support it
fully and richly in Jabber. Jer and I were even discussing it the other
night for a more unified auth model in jabber (user, component, etc).
Like Iain, I'm not against another idea, but it would be beneficial for
us to all focus on one goal. I personally hope SASL is that goal.
On Mon, 2002-05-06 at 14:07, Iain Shigeoka wrote:
> On 5/5/02 5:07 PM, "Robert Norris" <rob at cataclysm.cx> wrote:
> >>> So, where do we go from here? I still don't have a problem with AAF as
> >>> it stands; I don't see any fundamental flaws in it. Should we be doing
> >>> SASL, even though it down essentially the same job, or just continue
> >>> refining AAF?
> >> I still think that if there is a way to do it, sticking with SASL is best.
> >> I'd be looking for an absolutely must have feature or order of magnitude
> >> improvement in order to justify rolling your own system. Of course, I seem
> >> to be in the minority on this view in the Jabber community so you can also
> >> take my comment as a single vote and not any group thought. :) Many Jabber
> >> enthusiasts definitely like rolling their own solutions.
> > As I've said, I think the requirements stipulated by SASL are not well
> > suited to Jabber, and that AAF does essentially the same job anyway. It
> > would take some contortions and hoop jumping to make SASL fit with
> > Jabber, effort that I'm not sure is required. It is still possible to
> > build any SASL mechanism on top of AAF.
> Right. I agree to disagree with you. :) I think it would be worth the
> effort to make sasl work within the context of Jabber. You disagree.
> > What do others think? I'd like more than two opinions before I take this
> > any further. Or should I take the relative silence about this to mean
> > that more complex authentication is not really a need for people?
> Having wrangled with the security issues for a while, I can tell you that
> there is a real need for it. However, that does not translate into a lot of
> participation. :( Most people really want better security, but few will
> help create a new system. I'm not sure if people just don't like security
> or think its too complicated or what but we've never had a large number of
> participants in security issues.
> I would suggest forging ahead and coming up with a JEP if you still like the
> AAF idea. Other wise you'll just be discussing it with me and it seems we
> already disagree. :)
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards-JIG