[Standards] Loopback Authentication
Ralph Meijer
jabber.org at ralphm.ik.nu
Thu Feb 1 10:54:45 CST 2007
On Thu, 2007-02-01 at 17:48 +0100, Matthias Wimmer wrote:
> Hi Ralph!
>
> Ralph Meijer schrieb:
> > On the other hand, we could extend this XEP
> > to mention other avenues of identity verification as the SASL part is
> > mostly the same. I'd hate to see different uses of the authorization
> > identity, for example.
>
> I think if we start adding a list of other ways a connection could be
> authenticated externally, readers could assume, that they are the only
> allowed usecases of EXTERNAL.
I'm not talking about actually listing them, but merely mentioning that
there are other ways. Sure we could list some examples, but I wouldn't
go into that.
> (BTW: I do not understand what you mean with "I'd hate to see different
> uses of the authorization identity". What do you mean with these
> different uses? If present an authorization identity is always a JID,
> that's how I read RFC 4422, 3.4.1, 3rd paragraph.)
I'm glad we agree on this :-)
--
Groetjes,
ralphm
More information about the Standards
mailing list