[Standards] HTTP Authentication with XMPP (Concern over XEP-70)
Alex Jones
alex at weej.com
Wed Dec 19 20:12:25 CST 2007
On 19 Dec 2007, at 23:56, anders conbere wrote:
> On Dec 19, 2007 10:44 AM, Alex Jones <alex at weej.com> wrote:
>>
>> I envisage going to a website, clicking "Authenticate via XMPP",
>> having my browser and my XMPP client do some IPC magic and prompt me
>> to choose an identity (i.e. a JID) for which to authenticate as, and
>> then be authenticated with the website.
>
> These methods appear to me to be just as misguided. I don't consider
> it particularly likely that any significant portion of the installed
> browser base will include support for xmpp authentication.
This, of course, is not a requirement. Much like XEP-70's hint that
unsupporting clients can simply have their users send an "OK" message
back, I see no problem with a "manual" token exchange (maybe even
initiated by xmpp URIs) being a fallback mechanism.
> I think a
> better solution would be to look at how jabber servers can begin to
> integrate a basic http endpoint for digesting http requests. At least
> in the foreseeable future in order to do authentication over the web
> we need to think of ways to work over http.
Could you clarify this point, please?
Thanks
More information about the Standards
mailing list