[Standards] Authentication via XMPP (Concern over XEP-70)
Guenther Niess
niess at uni-potsdam.de
Mon Jan 7 18:35:43 CST 2008
Hello,
I'm a student and within a project at the university I want to
implement the XEP-0070 [1] as a SASL mechanism [2]. So other
protocols for example imap or pop3 can easily use the authentication
scheme.
I've noticed the discussion about XEP-70 on December 20007 [3] and I
think it would be great if we can combine the XEP-70 (for all users
who are online with their jabber client) and the http digest way
(like OpenID) which was proposed by Anders Conbere.
I'm not really sure if I have understood the XEP-0070 correctly.
If it possible to confirm a message request with a client that don't
understand the 'http://jabber.org/protocol/http-auth' namespace?
I think in the XEP only clients are on focused which understand
the namespace and the behavior of the server which receive a message
with ok in the body and no confirm element is undefined.
So I think a good solution for http authentication is the XEP-70 when
it is clear that all users that are online can confirm the request
and for others they are redirected to the XMPP server and can
authenticate themself via user credentials.
--
Günther Nieß
[1] http://www.xmpp.org/extensions/xep-0070.html
[2] http://tools.ietf.org/html/rfc4422
[3] http://mail.jabber.org/pipermail/standards/2007-December/017406.html
More information about the Standards
mailing list