[Standards] XMPP OAuth2 login at Google

Hannes Tschofenig hannes.tschofenig at gmx.net
Tue Sep 18 17:21:15 UTC 2012


Hi Randy,

the issue about the browser interaction is that the SSO mechanisms for 
the Web* have not standardized the authentication part. Since there is 
so much Web deployment out there and folks have an interest to work with 
existing deployment.

However, there is a window of opportunity here: there is currently an 
effort ongoing to standardize a new HTTP authentication mechanism. 
Additionally, there is the (maybe a bit theoretical) chance to make use 
of ABFAB (another IETF effort, see 
http://tools.ietf.org/html/draft-ietf-abfab-arch-03).

Does this make sense to you?

Ciao
Hannes

*: For the mobile world (if you consider 3GPP specifications) then there 
is a way to use WebSSO procedures without the interactive browser 
interaction.

On 09/18/2012 06:22 AM, Randy Turner wrote:
>
> I would like to emphasize the earlier point….it would be nice if we had a solution that did NOT require an interactive browser procedure.
>
> Randy
>
>
> On Sep 17, 2012, at 5:21 PM, Randy Turner <rturner at amalfisystems.com> wrote:
>
>> What about a combination...OpenID Connect ?
>> Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 9/17/12 3:00 PM, Ivan Martinez wrote:
>>> I'm currently considering wether to use OAuth2 or OpenID2 in my
>>> server. Which one do you think will be more adopted as a user
>>> authentication mechanism in XMPP servers?. Which companies are
>>> planing to use each of them?.
>>
>> IMHO it is much more likely that people will implement and deploy
>> OAuth2 than OpenID for XMPP authentication.
>>
>> /psa
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>>
>> iEYEARECAAYFAlBXlNAACgkQNL8k5A2w/vwhhgCfdakf/6wV7D+shOKcerR6bcTP
>> YFYAoI60RJcxNcz3Uj7X0kA1CWfz9pot
>> =0TLT
>> -----END PGP SIGNATURE-----
>>
>




More information about the Standards mailing list