[jdev] SAML

Peter Saint-Andre stpeter at stpeter.im
Mon Jul 6 14:01:49 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/6/09 5:02 AM, Jonathan Dickinson wrote:
> Has anyone thought about how SAML [Security Assertion Markup Language]
> would work in terms of SASL <http://en.wikipedia.org/wiki/Saml> and
> XMPP? This is especially interesting regarding the whole OpenID/SSO
> discussion a while back; SAML isn’t bound to HTTP or any other client
> for that matter (don’t get the wrong idea from the abundance of HTTP
> documentation – it will work in any transport).

You want to use SAML to authenticate with the server, or to provide
authorization for accessing certain resources (e.g., a chatroom) after
you have authenticated?

IMHO SAML is more focused on authorization than authentication:

http://mail.jabber.org/pipermail/standards/2004-July/005804.html

Yes, it would be possible to define a SASL mechanism for SAML, but
that's outside the scope of XMPP (it's something that people would
define in the SASL WG, I think).

Peter

- --
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpSSh0ACgkQNL8k5A2w/vxwegCg5NQQrRRZDDHGyN7//Yx2oSJK
bjEAn3NQLwlJAcscqrSJwL+6NtCpJ76+
=0j67
-----END PGP SIGNATURE-----



More information about the JDev mailing list