[jdev] Question about XMPP authentication

Trejkaz trejkaz at trypticon.org
Sun Jun 4 17:24:58 CDT 2006


On Monday 05 June 2006 03:56, Michal vorner Vaner wrote:
> On Mon, Jun 05, 2006 at 12:27:18AM +0700, Nguyen TV wrote:
> >    -  In case the JID belongs to [11]jabber.org, my server now will act
> > like a forward server. It receives messages from myClient then sends to
> > [12]jabber.org on behalf of that user.
> >
> >                  message                          message
> >    myClient    ---->       [13]myserver.org        --->
> >    [14]jabber.org
> >                    <----                                  <---
> >                  message                          message
> >
> >    Is that possible??
>
> Yes, of course. If the server acts like a client to it, it can just take
> the <message> stanza and send it to the server. You have no work here,
> since the client is client to you and you are client to the server. So
> you have everything prepared.

There is one problem with this approach -- it requires the user to give their 
password to your server.  A better approach might be having your server send 
a one-use token to that user via XMPP, and having them enter that.  Then you 
can prove they own the JID without them having to sacrifice their password.

Of course, it's possible to simulate this behaviour without the user knowing 
-- a Java applet in the web page could login and send a message to the user's 
server without the password needing to be sent through your own site.  
Although whether users trust that this won't send the password to you, that's 
another story entirely.

On Monday 05 June 2006 03:58, Chris Chen wrote:
> Why not just run an XMPP federated server and have it configured to
> connect and use Server-to-server communication?
>
> You can then have your web conference software create accounts and
> login to your own server.  Then have you server become part of a
> federation with other servers.

I think the point is to avoid people needing to sign up on Yet Another Site 
just to use One More Application.  Global single sign-on is a good idea, for 
cutting down the mindless duplicate registrations that people have left all 
over the Internet (and IIRC, someone is working on integrating such a thing 
with a browser right now.)

TX

-- 
             Email: trejkaz at trypticon.org
         Jabber ID: trejkaz at trypticon.org
          Web site: http://trypticon.org/
   GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F  A62C B8C7 BC8B 037E EA73
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060605/92c64c16/attachment-0002.pgp>


More information about the JDev mailing list