jonathan.dickinson at k2.com
Mon Jul 6 06:02:43 CDT 2009
Has anyone thought about how SAML [Security Assertion Markup Language] would work in terms of SASL <http://en.wikipedia.org/wiki/Saml> and XMPP? This is especially interesting regarding the whole OpenID/SSO discussion a while back; SAML isn't bound to HTTP or any other client for that matter (don't get the wrong idea from the abundance of HTTP documentation - it will work in any transport).
I have been reading a bit about SAML and it looks like they do B64 the SAML XML, with no explanation. It seems a bit strange to B64 an XML fragment in a SOAP document (or an XMPP stream for that matter) - maybe it has to do with the WS-Security schema.
As far as XMPP 1.0 goes we probably would have to B64 the fragment; but here are my initial thoughts on XMPP 2.0:
Which gives raise to:
<mechanism type="urn:xmpp:tmp:text-plain">PATHETIC</mechanism><!-- something like [name];[password] -->
Indeed, we could go as far as to turn it into a feature on its own. It does support SASL-like mechanism selection itself; it should be possible to jippo SASL right in there:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev