[standards-jig] NEW: XMPP/Jabber MIME Type (JEP-0081)

m at tthias.net m at tthias.net
Thu Apr 24 06:49:33 UTC 2003


Hi Joe!

Joe Hildebrand schrieb am 2003-04-22 09:18:52:
> Just as a note, the main reason for this approach was to solve a single-sign
> on problem we were having.  That section got inadvertently elided from the
> draft that stpeter just released.
[...]
> (actually, the auth tag will specify that the client should transmit all of
> the contents of the auth tag in the <iq type='set'><query
> xmlns='jabber:iq:auth'/></iq>, so that our actual single sign-on protocol
> will work.)

I do not think that this is a good solution for single sign-on.
Jabber/XMPP is changing to use SASL for authentication. Your example
might work with the old authentication but it will break with SASL where
there is an authentication handshake.
Also I do not like that authentication information is passed in clear.
It should be something like a "ticket" that is passed for single sign
own.


Tot kijk
    Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20030424/6f9b8a1e/attachment.sig>


More information about the Standards mailing list