[standards-jig] Advanced authentication

Robert Norris rob at cataclysm.cx
Mon Apr 15 22:52:59 UTC 2002


> I have not yet read your proposal, but just curious, any reasons why you 
> want to propose something 'similar' to SASL? I will try and look at it 
> sometime later today and hopefully we can get some discussions going.

SASL was really designed to be built on top of a command-driven
interface, which Jabber is not (at least, not directly). It could be
implemented on top of Jabber if we wanted, but it would not take
advantage of Jabber's strengths.

All a SASL profile (a protocol-specific SASL implementation) is required
to do is provide a method by which a client can find out what mechanisms
are supported, and provide a standard challenge/response mechanism that
will work for all authentication mechanisms. AAF does this.

It is entirely possible to implement any SASL mechanism on top of AAF.
In fact, the thing that pushed me to write these proposals was an
earlier proposal for doing SASL DIGEST-MD5 over Jabber. It was only
after completing this I realised that a) it could be made more generic
and b) DIGEST-MD5 is an overkill for Jabber anyway.

Rob.

--
Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020416/664ee8f7/attachment.sig>


More information about the Standards mailing list