[Standards] Loopback Authentication

Peter Saint-Andre stpeter at jabber.org
Thu Feb 1 17:04:29 UTC 2007


Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>>> Yes, that sounds reasonable. On the other hand, we could extend this XEP
>>> to mention other avenues of identity verification as the SASL part is
>>> mostly the same. I'd hate to see different uses of the authorization
>>> identity, for example.
>>
>> I'd be happy to incorporate other scenarios into XEP-0178 once we 
>> figure out what those are. :-)
> 
> I don't think we need them there. EXTERNAL is already fully defined by 
> RFC 4422. So XEP-0178 is not that much about EXTERNAL, but about how to 
> map/verify certificate identities to valid authorization identites.
> 
> This is something bound to TLS + EXTERNAL. I don't think that other ways 
> of using EXTERNAL could reuse that much definitons, that are already 
> present in XEP-0178.
> 
> If there is another usage of EXTERNAL, that needs as much thought as TLS 
> + EXTERNAL, I'd prefere that we create an additional XEP. But for the 
> other use-cases of EXTERNAL we had already in this thread, I don't think 
> this is necessary.

OK, that makes sense. I'll modify the title of XEP-0178, then.

Any other feedback on XEP-0178? It's in Last Call now. :-)

One thing we need to clarify is whether we want to use id-on-xmppAddr 
for server and component hostnames, or only for end-user JIDs. IMHO it 
might be simpler and less confusing to use dnsName fields for server and 
component hostnames and not use id-on-xmppAddr at all for those.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070201/f1c1a9a4/attachment.bin>


More information about the Standards mailing list