[Standards-JIG] re-authentication
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Thu Sep 28 16:03:20 CDT 2006
On Thursday 28 September 2006 13:47, Chris Mullins wrote:
> If we were to go down this route it seems as if a Time To Live (TTL)
> feature could be added to the stream. This would allow servers to
> examine SSL certs and issue an appropriate TTL, examine upcoming
> password expiration dates and issue a TTL, or even have business rules
> based on configuration settings.
I, too, want to see a re-auth mechanism, for C2S. This could be useful in
smart-card situations, so that even if you plug your card into an evil
machine, the evil machine cannot stay logged into your Jabber account
indefinitely. Eventually it will need to re-auth, and your card won't be
there.
-Justin
More information about the Standards-JIG
mailing list