[Standards] XMPP OAuth2 login at Google

Hannes Tschofenig hannes.tschofenig at gmx.net
Tue Sep 18 17:21:15 UTC 2012

Hi Randy,

the issue about the browser interaction is that the SSO mechanisms for 
the Web* have not standardized the authentication part. Since there is 
so much Web deployment out there and folks have an interest to work with 
existing deployment.

However, there is a window of opportunity here: there is currently an 
effort ongoing to standardize a new HTTP authentication mechanism. 
Additionally, there is the (maybe a bit theoretical) chance to make use 
of ABFAB (another IETF effort, see 

Does this make sense to you?


*: For the mobile world (if you consider 3GPP specifications) then there 
is a way to use WebSSO procedures without the interactive browser 

On 09/18/2012 06:22 AM, Randy Turner wrote:
> I would like to emphasize the earlier point….it would be nice if we had a solution that did NOT require an interactive browser procedure.
> Randy
> On Sep 17, 2012, at 5:21 PM, Randy Turner <rturner at amalfisystems.com> wrote:
>> What about a combination...OpenID Connect ?
>> Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> Hash: SHA1
>> On 9/17/12 3:00 PM, Ivan Martinez wrote:
>>> I'm currently considering wether to use OAuth2 or OpenID2 in my
>>> server. Which one do you think will be more adopted as a user
>>> authentication mechanism in XMPP servers?. Which companies are
>>> planing to use each of them?.
>> IMHO it is much more likely that people will implement and deploy
>> OAuth2 than OpenID for XMPP authentication.
>> /psa
>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>> iEYEARECAAYFAlBXlNAACgkQNL8k5A2w/vwhhgCfdakf/6wV7D+shOKcerR6bcTP
>> YFYAoI60RJcxNcz3Uj7X0kA1CWfz9pot
>> =0TLT
>> -----END PGP SIGNATURE-----

More information about the Standards mailing list