[JDEV] Distributed Authentication - thoughts people?
mhearn at mailandnews.net
Fri Sep 28 13:12:56 CDT 2001
First, let's sort out a misconception for Jay Curry:
Yes, the way chat network compatability is implemented in Jabber might
be called a fudge but it is in fact the best anyone will ever get. You
must always have an account on the other IM networks for very simple
reasons - say the MSN network assumes you have an account with it. It's
not possible to send messages to people without being logged in to MSN,
and it's not possible to login to MSN without an account. Ditto for all
the other platforms. You will never ever be able to remove that requirement.
Adam: yes I am well aware of the difference between authorization and
authentication, I have put a note to this effect in the JEP I am writing
now. I think the proposed protcols will deal with both, but separately
so there is no confusion.
Finally, I don't think this should be part of the security JIG. Security
and authentication are two different things. Security is about ensuring
that the network is hacker-proof, and that communications are properly
encrypted amongst other things. Authentication is about verifying
identity. They do overlap in some areas, but I do think that this needs
its own JIG.
More information about the JDev