[standards-jig] Advanced authentication

Iain Shigeoka iainshigeoka at yahoo.com
Sat Apr 20 17:09:52 UTC 2002


On 4/20/02 5:59 AM, "Robert Norris" <rob at cataclysm.cx> wrote:

>>> Agreed, sort of. You mean that the protocols need to be in either the
>>> jabber:client or the jabber:server namespaces. The problem is that
>>> neither of these are defined, per se, and the line between them is very
>>> fuzzy.
>> 
>> :)  Well, the documentation for them may be a bit fuzzy.  :)  But they
>> actually are pretty clearly defined.  Almost all Jabber protocols exist as
>> both a c2s and s2s protocol.  The main difference is that authentication
>> differs for c2s and s2s, and that s2s allows multiplexing of user traffic,
>> while c2s will only support packets sent from, or destined to the
>> authenticated user account established during c2s authentication for that
>> session.
>> 
>> Although the protocols may be used s2s, c2s, or c2c, there is only servers
>> and clients...
> 
> s2s "authentication" isn't, not exactly, because it relies on the DNS.

:)  My thoughts exactly.

>>> (Using AAF, it would be entirely possible to implement a Kerberos
>>> authentication mechanism without too much trouble).
>> 
>> This would actually be interesting to mention in your doc. I think something
>> along these lines is a current hot button in IM security.
> 
> Perhaps I'll need to read more about Kerberos, and put together an auth
> mehanism for it.

It would be nice to at least see how it could fit in.

> So, where do we go from here? I still don't have a problem with AAF as
> it stands; I don't see any fundamental flaws in it. Should we be doing
> SASL, even though it down essentially the same job, or just continue
> refining AAF?

I still think that if there is a way to do it, sticking with SASL is best.
I'd be looking for an absolutely must have feature or order of magnitude
improvement in order to justify rolling your own system.  Of course, I seem
to be in the minority on this view in the Jabber community so you can also
take my comment as a single vote and not any group thought.  :)  Many Jabber
enthusiasts definitely like rolling their own solutions.

-iain


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the Standards mailing list