[Standards-JIG] JID assigned by the server and SASL authentication

Jacek Konieczny jajcus at bnet.pl
Tue Jun 15 10:12:41 UTC 2004


On Tue, Jun 15, 2004 at 11:53:30AM +0200, CORVOYSIER David FTRD/DMI/REN wrote:
> Hi,
> 
> Consider the following use cases:
> 
> Example.org is a jabber server that allow wireless users to authenticate
> only using their MSIDSN (phone number).
[...]
> I think XMPP-core provides a way to solve UC #1 using the authzid:
> 
> Server:
> 
>    realm="example.org",nonce="OA6MG9tEQGm2hh",\
>    qop="auth",charset=utf-8,algorithm=md5-sess

That looks like DIGEST-MD5 authentication - that is secret based.
What you probably want in EXTERNAL authentication mechanism.
When using EXTERNAL auth client sends his authzid (JID) and server uses
its information about user's connection to authenticate and authorize
user.

> Now, I don't see how to solve UC #2 (ie how the server can send back the
> JID )?

I am not sure EXTERNAL SASL auth will solve that. I think rather
"resource binding" protocol could be used for that.

Greets,
	Jacek



More information about the Standards mailing list