[Standards-JIG] re-authentication

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Thu Sep 28 21:03:20 UTC 2006


On Thursday 28 September 2006 13:47, Chris Mullins wrote:
> If we were to go down this route it seems as if a Time To Live (TTL)
> feature could be added to the stream. This would allow servers to
> examine SSL certs and issue an appropriate TTL, examine upcoming
> password expiration dates and issue a TTL, or even have business rules
> based on configuration settings.

I, too, want to see a re-auth mechanism, for C2S.  This could be useful in 
smart-card situations, so that even if you plug your card into an evil 
machine, the evil machine cannot stay logged into your Jabber account 
indefinitely.  Eventually it will need to re-auth, and your card won't be 
there.

-Justin



More information about the Standards mailing list