[jdev] Claims-based Authentication
stpeter at stpeter.im
Thu Jun 3 08:54:48 CDT 2010
On 6/3/10 7:48 AM, Jonathan Dickinson wrote:
>> Date: Thu, 3 Jun 2010 07:41:25 -0600
>> From: stpeter at stpeter.im
>> To: jdev at jabber.org
>> Subject: Re: [jdev] Claims-based Authentication
>> 1. Is there a compelling use case for this?
> I have seen a few devs approach the mailing list with this problem. It
> most often appears in the form "How to use OAuth".
>> 2. Why wouldn't the WS-* folks define a new SASL mechanism?
> The problem is the XML - WSF uses XML to do the exchange, to base64-ing
> it wouldn't be the best (as per requirement from the SASL RFC). If that
> lands up being the route taken they would probably only need to reserve
> a namespace.
I don't see why we couldn't embed XML. The point about Base64-encoding
in RFC 3920 is that if you have XML character data that's content of the
<auth/> element, it needs to be Base64-encoded. But for different
authentication mechanisms we might define more elaborate approaches.
Unfortunately that might mean that the <auth/>, <challenge/>, and
<response/> elements end up having a mixed content model (ick), like this:
I: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
More information about the JDev