[JDEV] (announcement) mod_auth_jabber v1.02
Dirk-Willem van Gulik
dirkx at covalent.net
Wed Oct 3 00:47:48 CDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
For those of you interested in experimenting with federated/third party
authentication against (in this example) the jabber mesh of servers:
It is just a simple mod_auth_* module. It'll auth any jabber id against
it's origin server and then fetch the vCard which is exposed in the env().
So when you go to a web page, jsp page or cgi script - you log on with
your jabber id - and then the application behind your server will have a
unique token (your jabber id) with some vCard information to work with.
Thanks to the P2P nature of the network it authenticates against (in this
case www.jabber.org) a web master can suddenly allow third parties to
manage their own username/passwords, provide their vCards without an a
priori (trust) relation or some elaborate local registration procedure.
Where those data providing parties range from a large provider catering
for many; like an ISP, down to a corperations or even a tech savvy
individual their own machine.
And then of course you can start building trust relations from there on.
Some jabber clients/servers support PGP signing of information; and the
XML standard for signing and encryption would cleanly merge into jabber's
XML based protocol. But that is all future.
And because the IM model allows for multiple presences - some better
connected than others - there is a lot of further potential. It especially
gets interesting when certain vCard information is actually kept closer to
the user (in some sort of wallet) - and the IM system prompts the user for
the more private information on his or her pda/desktop/phone prior to
releasing it in real time.
Disclaimer and final wish: the code is not production quality - it is just
proof of concept code - and your milage may vary. Of course if it breaks
you do get to keep all the pieces. But if you have cool ideas - if you
want to use it, change it, build on it - please do. Just drop me a
message, or to the relevant mailing lists, if you can.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----
More information about the JDev