[JDEV] Distributed Authentication - thoughts people?

Michael Hearn mhearn at mailandnews.net
Fri Sep 28 13:12:56 CDT 2001

First, let's sort out a misconception for Jay Curry:

Yes, the way chat network compatability is implemented in Jabber might 
be called a fudge but it is in fact the best anyone will ever get. You 
must always have an account on the other IM networks for very simple 
reasons - say the MSN network assumes you have an account with it. It's 
not possible to send messages to people without being logged in to MSN, 
and it's not possible to login to MSN without an account. Ditto for all 
the other platforms. You will never ever be able to remove that requirement.

Adam: yes I am well aware of the difference between authorization and 
authentication, I have put a note to this effect in the JEP I am writing 
now. I think the proposed protcols will deal with both, but separately 
so there is no confusion.

Finally, I don't think this should be part of the security JIG. Security 
and authentication are two different things. Security is about ensuring 
that the network is hacker-proof, and that communications are properly 
encrypted amongst other things. Authentication is about verifying 
identity. They do  overlap in some areas, but I do think that this needs 
its own JIG.

thanks -mike

More information about the JDev mailing list