[Standards] Authentication via XMPP (Concern over XEP-70)
Dave Cridland
dave at cridland.net
Tue Jan 8 05:20:06 CST 2008
On Tue Jan 8 00:35:43 2008, Guenther Niess wrote:
> I'm a student and within a project at the university I want to
> implement the XEP-0070 [1] as a SASL mechanism [2]. So other
> protocols for example imap or pop3 can easily use the authentication
> scheme.
>
>
I'm not sure I follow the idea behind this.
The point of SASL is that different protocols, including all those
mentioned above, can use the same SASL mechanisms, so XMPP already
can (and does, in some implementations) share the same authentication
infrastructure with POP3 and IMAP services (as well as with SUBMIT).
The point of XEP-0070 is for websites which wish to authenticate that
a particular user owns a particular JID - in this respect it's
similar to OpenID. But it also notifies the user that the service is
being used, which is also potentially useful. The moment you start
introducing SASL, you're well away from this goal, since HTTP doesn't
- after much effort - do SASL.
Offering email services to anyone with a valid JID seems a little odd
to me, so maybe you could expand on your use-cases a bit more.
> So I think a good solution for http authentication is the XEP-70
> when it is clear that all users that are online can confirm the
> request
> and for others they are redirected to the XMPP server and can
> authenticate themself via user credentials.
That would mean tunelling SASL through HTTP. I'd be intrigued to see
what you come up with, as it'd be directly applicable to simply doing
SASL within HTTP.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards
mailing list