[Standards] Proposed XMPP Extension: Remote Authentication

Waqas Hussain waqas20 at gmail.com
Thu Dec 2 14:50:46 UTC 2010


On Thu, Dec 2, 2010 at 7:54 AM, XMPP Extensions Editor <editor at xmpp.org> wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
>
> Title: Remote Authentication
>
> Abstract: This document defines an XMPP protocol extension that enables entities to use SASL for authentication with remote services (such as Multi-User Chat rooms).
>
> URL: http://www.xmpp.org/extensions/inbox/remote-auth.html
>
> The XMPP Council will decide at its next meeting whether to accept this proposal as an official XEP.
>

Some comments:

1. The SASL mechanisms list can be sent back in the presence error,
avoiding a round trip.
2. The presence after authentication need not be sent. On successful
auth, the initially sent presence can be used, avoiding a round trip.
3. What the authentication identity looks like is undefined. I'm not
sure if this is good or bad.
4. The error condition is 'sasl-required'. Does this imply that normal
MUC password auth should fail, even with a correct password?

And finally, an implementation:
http://code.google.com/p/prosody-modules/source/browse/mod_saslauth_muc/mod_saslauth_muc.lua

The linked implementation works with Prosody trunk, and verifies that
the user knows the room password. This would be far more interesting
with some per-user credentials.

--
Waqas Hussain



More information about the Standards mailing list