[standards-jig] Proposal: Jabber as universal ID

CORVOYSIER David FTRD/DMI/REN david.corvoysier at rd.francetelecom.com
Fri Dec 19 15:41:10 UTC 2003

Never heard of the Liberty Alliance ?


Here an extract of the FAQ:

Q: What is the Liberty Alliance Project? 
A: The Liberty Alliance Project (http://www.projectliberty.org) was
formed in September 2001
 to serve as the premier open standards organization for federated
identity and identity-based services.
 The Alliance is delivering specifications and guidelines to enable a
complete network identity
 infrastructure that will resolve many of the technology and business
issues hindering the
 deployment of identity-based web services.

Q. What is the objective of the Liberty Alliance Project?
A: To create open, technical specifications that (i) enable simplified
sign-on through federated
 network identification using current and emerging network access
devices, and (ii) support and 
promote permission-based attribute sharing to enable a user's choice and
control over the use
 and disclosure of his/her personal identification.


Take a look, you might find what you're looking for (but it's not jabber
centric, of course).

-----Message d'origine-----
De : Kent Wang [mailto:kwang at kwang.org]
Envoye : lundi 1 decembre 2003 11:41
A : standards-jig at jabber.org
Objet : [standards-jig] Proposal: Jabber as universal ID

Universal ID services like Microsoft's Passport offer the convenience of
universal login at participating sites. This is useful because you don't
have to retype your personal information like age, real name, etc. at
every single website for which you register. It's also centralized, so
you can change your info once and the change can be propagated to the
participating sites.

The problem with Passport of course is that it's Microsoft and targeted
for big websites like Ebay. Because one of the major pieces of
information Passport is supposed to share is credit card information,
it's important to corporate clients that it's secure and backed by a big
name like Microsoft.

What I propose is a universal ID scheme using Jabber that is focused on
non e-commerce use, particularly site registration. Few websites offer a
"my" section, and even fewer require it, but every website's forum
section requires you to undergo a registration process. This I feel is a
big hassle when you want to just ask a quick question at a tech support
forum for example. It's also quite a hassle considering that I actively
frequent about seven forums and keeping my information consistent and
up-to-date for all them is rather unwieldy.

The way it could work is that the forum software offers a Jabber
universal login option in lieu of conventional registration. The user
simply enters his Jabber username and password and the forum software
pulls certain information like real name and email address from his
Jabber profile. That's it. There'll also be no need for a verification

The forum software can also pull other additional information and even
forum preferences from his Jabber account. It can also regularly poll
the Jabber account for updated information. Of course the user can
always specify site-specific preferences, but the site software can
simply default to his Jabber-specified preferences.

Although it's entirely possible to create a separate infrastructure for
universal ID services, Jabber has an existing userbase. Additionally,
the distributed nature of Jabber servers provides for a sufficiently
wide namespace; simple username IDs has a much smaller namespace than
Jabber's username at domain.tld ID scheme.

I'm by no means a Jabber protocol guru, so I'd like to hear what the
more experienced members have to think. I'm a long-time PHP/MySQL
developer so I can hack phpBB to create a proof of concept, but someone
else will have to code the client part.

Kent Wang
IC2 Institute

Standards-JIG mailing list
Standards-JIG at jabber.org

More information about the Standards mailing list