[Standards] Loopback Authentication
Peter Saint-Andre
stpeter at jabber.org
Thu Feb 1 11:04:29 CST 2007
Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>>> Yes, that sounds reasonable. On the other hand, we could extend this XEP
>>> to mention other avenues of identity verification as the SASL part is
>>> mostly the same. I'd hate to see different uses of the authorization
>>> identity, for example.
>>
>> I'd be happy to incorporate other scenarios into XEP-0178 once we
>> figure out what those are. :-)
>
> I don't think we need them there. EXTERNAL is already fully defined by
> RFC 4422. So XEP-0178 is not that much about EXTERNAL, but about how to
> map/verify certificate identities to valid authorization identites.
>
> This is something bound to TLS + EXTERNAL. I don't think that other ways
> of using EXTERNAL could reuse that much definitons, that are already
> present in XEP-0178.
>
> If there is another usage of EXTERNAL, that needs as much thought as TLS
> + EXTERNAL, I'd prefere that we create an additional XEP. But for the
> other use-cases of EXTERNAL we had already in this thread, I don't think
> this is necessary.
OK, that makes sense. I'll modify the title of XEP-0178, then.
Any other feedback on XEP-0178? It's in Last Call now. :-)
One thing we need to clarify is whether we want to use id-on-xmppAddr
for server and component hostnames, or only for end-user JIDs. IMHO it
might be simpler and less confusing to use dnsName fields for server and
component hostnames and not use id-on-xmppAddr at all for those.
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070201/f1c1a9a4/smime-0001.bin
More information about the Standards
mailing list