[standards-jig] Advanced authentication
rob at cataclysm.cx
Mon May 6 23:40:25 UTC 2002
> I just had the opportunity to really dig into SASL last week as a result
> of some ongoing IETF discussions, and learning that no matter what we at a
> minimum need to provide a Jabber profile for SASL.
Allright. I'm happy to go with SASL if we're forced to. I wasn't aware
that the IETF was forcing it.
> I suggest that everyone interested at least read RFC 2222, even just the
> first parts, it's pretty short and easy (in comparison to other RFCs).
> I've started writing down my thoughts and simple XML namespace here:
Looks fairly straightforward.
> Anyway, there is the other question of how to use SASL. It's easy to just
> throw it into it's own IQ, or alternatively make it something that is
> extended to work in the legacy jabber:iq:auth framework. There is one
> other alternative, and it's one I've been considering in more depth as a
> fully "unifying" possibility.
> A SASL namespace could be used at the stream layer to auth the stream
> itself, outside of the realm of the Jabber traffic (much like dialback):
> <stream:stream xmlns="jabber:client" xmlns:sasl="http://...sasl">
> <sasl:sasl status="..."/>
This looks fine, as long as we allow for authentication between two
entities as well as stream authentication (which shouldn't be a problem
if we just wrap the SASL stuff in an IQ).
> This is unifying in that it can be used by S2S and the internal component
> connections supported by the servers, as well as by clients. Also, for C2S
> connections it could be used in a way that compliments the existing
> iq:auth instead of replacing it, where you would use SASL to authorize the
> client stream, and the iq:auth would associate the resource.
Sounds a bit hacky, but it might be a good transition step. Whatever.
> Just some additional thoughts and discussion :)
Thanks, I'll go and chew on it some more :)
Robert Norris GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
More information about the Standards