[JDEV] Distributed Authentication - thoughts people?

Max Metral Max.Metral at PeoplepcHQ.com
Mon Oct 1 12:02:38 CDT 2001

Never say never... Isn't that phase 2 of the IM Interop efforts, to allow
server to server interop?  I would think it WILL happen, just not on any
time schedule other than market pressure.

-----Original Message-----
From: Michael Hearn [mailto:mhearn at mailandnews.net]
Sent: Friday, September 28, 2001 2:13 PM
To: jdev at jabber.org
Subject: Re: [JDEV] Distributed Authentication - thoughts people?

First, let's sort out a misconception for Jay Curry:

Yes, the way chat network compatability is implemented in Jabber might 
be called a fudge but it is in fact the best anyone will ever get. You 
must always have an account on the other IM networks for very simple 
reasons - say the MSN network assumes you have an account with it. It's 
not possible to send messages to people without being logged in to MSN, 
and it's not possible to login to MSN without an account. Ditto for all 
the other platforms. You will never ever be able to remove that requirement.

Adam: yes I am well aware of the difference between authorization and 
authentication, I have put a note to this effect in the JEP I am writing 
now. I think the proposed protcols will deal with both, but separately 
so there is no confusion.

Finally, I don't think this should be part of the security JIG. Security 
and authentication are two different things. Security is about ensuring 
that the network is hacker-proof, and that communications are properly 
encrypted amongst other things. Authentication is about verifying 
identity. They do  overlap in some areas, but I do think that this needs 
its own JIG.

thanks -mike

jdev mailing list
jdev at jabber.org

More information about the JDev mailing list