[Standards] Loopback Authentication

Ralph Meijer jabber.org at ralphm.ik.nu
Thu Feb 1 16:54:45 UTC 2007


On Thu, 2007-02-01 at 17:48 +0100, Matthias Wimmer wrote:
> Hi Ralph!
> 
> Ralph Meijer schrieb:
> > On the other hand, we could extend this XEP
> > to mention other avenues of identity verification as the SASL part is
> > mostly the same. I'd hate to see different uses of the authorization
> > identity, for example.
> 
> I think if we start adding a list of other ways a connection could be 
> authenticated externally, readers could assume, that they are the only 
> allowed usecases of EXTERNAL.

I'm not talking about actually listing them, but merely mentioning that
there are other ways. Sure we could list some examples, but I wouldn't
go into that.

> (BTW: I do not understand what you mean with "I'd hate to see different 
> uses of the authorization identity". What do you mean with these 
> different uses? If present an authorization identity is always a JID, 
> that's how I read RFC 4422, 3.4.1, 3rd paragraph.)

I'm glad we agree on this :-)

-- 
Groetjes,

ralphm




More information about the Standards mailing list