[Standards-JIG] Re: Call for Experience: JEP-0078 (Non-SASLAuthentication)

Peter Saint-Andre stpeter at jabber.org
Wed Sep 29 14:56:58 UTC 2004


In article 
<8CDC3525190B624F8F740435C7B9A01D0C1100 at heineken.winfessor.com>,
 "JD Conley" <jconley at winfessor.com> wrote:

> > You presume that ALL users can authenticate using the same method.
> > This is not always the case. A server implementation may not allow
> > admins to ever authenticate via plaintext for example. We need to keep
> > the username element for these scenarios.
> 
> But we can't do this in SASL.  If this is a valid case then we have to
> keep this JEP around forever.

This JEP is not going to be maintained forever -- Section 7 states that 
it will expire 6 months from the date it goes Final unless the Council 
decides to extend it. The desire is to deprecate this JEP as soon as 
most implementations have implemented SASL.

And if I understand the use case Peter brought up, we can do this with 
SASL, since SASL auth lets the server offer or accept different methods 
from different users.

/psa




More information about the Standards mailing list