[JDEV] SSI Protocol draft 1
mhearn at mailandnews.com
Mon Oct 15 16:03:37 CDT 2001
Here it is. Dead simple. And not finished. But you get the idea.
The following elements represent the different actions that are
available in the Single Sign-In Protocol.
The following terms are used in this document:
Client - users software (web browser, ftp client etc. that is not
directly connected to the jabber network).
Host - users host (for instance, jabber.org).
Requester - the entity that wishes to authenticate the Client with the Host.
At the start of a SSI transaction, the Requester should interrogate the
Host to determine what authentication options are available. The first
version of this protcol will define 3 types, however, more may be added
at a later date.
The following message is sent.
and the Host sends back:
<transaction id="02343151" xmlns="http://jabber.org/ssi">
The Requester now has a transaction ID that can be used in subsequent
The Requester now sends something like this:
<signIn id="02343151" xmlns="http://jabber.org/ssi">
and the Host sends back when successful
<instructions id="02343151" xmlns="http://jabber.org/ssi">
Note that the redirect-URL can be anything, the fact that the
transaction ID features in it in this example doesn't indicate this has
to be the case.
The Requestor then sends an HTTP Redirect to the Client. The Sign-in
program loads up the file specified in the <template> element of the
<signIn> message, and then interpolates the form into that page
(Passport calls this co-branding) and sends it to the Client. Once the
Client has submitted their credentials, they are cleared, and sent back
to the return-url. The sign in page can set cookies so the credentials
don't have to be re-entered. The Requestor site can also set a cookie
with the user name in, so the Client will not have to reauthenticate in
mhearn at neuk.net
Jabber (jabber.org) tweedledee at jabber.org
More information about the JDev