[standards-jig] Advanced authentication

Iain Shigeoka iainshigeoka at yahoo.com
Mon May 6 19:07:11 UTC 2002

On 5/5/02 5:07 PM, "Robert Norris" <rob at cataclysm.cx> wrote:

>>> So, where do we go from here? I still don't have a problem with AAF as
>>> it stands; I don't see any fundamental flaws in it. Should we be doing
>>> SASL, even though it down essentially the same job, or just continue
>>> refining AAF?
>> I still think that if there is a way to do it, sticking with SASL is best.
>> I'd be looking for an absolutely must have feature or order of magnitude
>> improvement in order to justify rolling your own system.  Of course, I seem
>> to be in the minority on this view in the Jabber community so you can also
>> take my comment as a single vote and not any group thought.  :)  Many Jabber
>> enthusiasts definitely like rolling their own solutions.
> As I've said, I think the requirements stipulated by SASL are not well
> suited to Jabber, and that AAF does essentially the same job anyway. It
> would take some contortions and hoop jumping to make SASL fit with
> Jabber, effort that I'm not sure is required. It is still possible to
> build any SASL mechanism on top of AAF.

Right.  I agree to disagree with you.  :)  I think it would be worth the
effort to make sasl work within the context of Jabber.  You disagree.

> What do others think? I'd like more than two opinions before I take this
> any further. Or should I take the relative silence about this to mean
> that more complex authentication is not really a need for people?

Having wrangled with the security issues for a while, I can tell you that
there is a real need for it.  However, that does not translate into a lot of
participation.  :(  Most people really want better security, but few will
help create a new system.  I'm not sure if people just don't like security
or think its too complicated or what but we've never had a large number of
participants in security issues.

I would suggest forging ahead and coming up with a JEP if you still like the
AAF idea.  Other wise you'll just be discussing it with me and it seems we
already disagree.  :)


More information about the Standards mailing list