[standards-jig] JEP-0070 & JEP-0101

Richard Dobson richard at dobson-i.net
Thu Jun 26 17:13:50 UTC 2003


It seems you still fail to understand, my mechanism is more of a generic
single sign on, yours as you state in your reply is HTTP transactions
prompted directly from Jabber, mine is the reverse and IMO an essentially
different system, so different in fact that it required a new JEP. Now ill
spell out here the primary difference that mean that they are completely
different.

Primary dfference
---
JEP-0070 - The url you are accessing must have been received in some form as
a response to an action in Jabber, otherwise you do not have a context (JID)
to request the auth from.
JEP-0101 - The url you are accessing can be anything, and does not in anyway
have to be from your Jabber session, you can just be generally browsing a
JabberTicket enabled website and enter a protected page, and if the user so
desires they can be automatically logged into the website without having to
enter any username or password details, their JID will automatically be
used, so this is in essense a single sign on method which can be extended to
far more than HTTP if required, your method is simply too finely focused to
be able to work as a single sign on method.

So because of this fundamental difference IMO a new JEP had to be created
whether you had helped or not.

Richard

----- Original Message ----- 
>From: "Matthew A. Miller" <linuxwolf at outer-planes.no-ip.com>
To: <standards-jig at jabber.org>
Sent: Thursday, June 26, 2003 4:47 PM
Subject: Re: [standards-jig] JEP-0070 & JEP-0101


> One of my former employers used to tell me, "Never assume, because you
> make an 'ass' out of 'u' and 'me'."  This seems a most appropriate
> response.
>
> your assumptions are wrong.  The goal of JEP-0070 was to authorize HTTP
> transactions via Jabber.  This is clearly stated in the heading,
> abstract, and first section.  Where exactly you receive the URL from is
> inconsequential.  I only used "jabber:x:oob" and "jabber:iq:oob" as
> examples because they are immediately identifiable as possible routes
> for receiving a URL.
>
> You could have looked for previous works, and contacted those authors.
> I would have been more than happy to work with you on this, if you had
> only asked.  Instead, we now have two JEPs that mostly similar
> mechanisms to reach the same goal.




More information about the Standards mailing list