[standards-jig] Advanced authentication
iainshigeoka at yahoo.com
Wed May 8 17:31:03 UTC 2002
On 5/6/02 4:40 PM, "Robert Norris" <rob at cataclysm.cx> wrote:
>> A SASL namespace could be used at the stream layer to auth the stream
>> itself, outside of the realm of the Jabber traffic (much like dialback):
>> <stream:stream xmlns="jabber:client" xmlns:sasl="http://...sasl">
>> <sasl:sasl status="..."/>
I like this approach. It is very BEEP-ish which I think is good.
> This looks fine, as long as we allow for authentication between two
> entities as well as stream authentication (which shouldn't be a problem
> if we just wrap the SASL stuff in an IQ).
Perhaps we could move iq:auth to this function.
>> This is unifying in that it can be used by S2S and the internal component
>> connections supported by the servers, as well as by clients. Also, for C2S
>> connections it could be used in a way that compliments the existing
>> iq:auth instead of replacing it, where you would use SASL to authorize the
>> client stream, and the iq:auth would associate the resource.
It would be nice to create a unified auth scheme for c2s and s2s.
> Sounds a bit hacky, but it might be a good transition step. Whatever.
>> Just some additional thoughts and discussion :)
> Thanks, I'll go and chew on it some more :)
Robert, don't give up your convictions! Group think is bad so if you have a
contrary opinion keep plugging it (while keeping an open mind of course).
Debate can only help in creating a good spec.
More information about the Standards