[standards-jig] Advanced authentication

Robert Norris rob at cataclysm.cx
Mon May 6 00:07:48 UTC 2002

> > So, where do we go from here? I still don't have a problem with AAF as
> > it stands; I don't see any fundamental flaws in it. Should we be doing
> > SASL, even though it down essentially the same job, or just continue
> > refining AAF?
> I still think that if there is a way to do it, sticking with SASL is best.
> I'd be looking for an absolutely must have feature or order of magnitude
> improvement in order to justify rolling your own system.  Of course, I seem
> to be in the minority on this view in the Jabber community so you can also
> take my comment as a single vote and not any group thought.  :)  Many Jabber
> enthusiasts definitely like rolling their own solutions.

As I've said, I think the requirements stipulated by SASL are not well
suited to Jabber, and that AAF does essentially the same job anyway. It
would take some contortions and hoop jumping to make SASL fit with
Jabber, effort that I'm not sure is required. It is still possible to
build any SASL mechanism on top of AAF.

What do others think? I'd like more than two opinions before I take this
any further. Or should I take the relative silence about this to mean
that more complex authentication is not really a need for people?


Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020506/277841fa/attachment.sig>

More information about the Standards mailing list