[Standards] XMPP OAuth2 login at Google
hannes.tschofenig at gmx.net
Tue Sep 18 17:21:15 UTC 2012
the issue about the browser interaction is that the SSO mechanisms for
the Web* have not standardized the authentication part. Since there is
so much Web deployment out there and folks have an interest to work with
However, there is a window of opportunity here: there is currently an
effort ongoing to standardize a new HTTP authentication mechanism.
Additionally, there is the (maybe a bit theoretical) chance to make use
of ABFAB (another IETF effort, see
Does this make sense to you?
*: For the mobile world (if you consider 3GPP specifications) then there
is a way to use WebSSO procedures without the interactive browser
On 09/18/2012 06:22 AM, Randy Turner wrote:
> I would like to emphasize the earlier point….it would be nice if we had a solution that did NOT require an interactive browser procedure.
> On Sep 17, 2012, at 5:21 PM, Randy Turner <rturner at amalfisystems.com> wrote:
>> What about a combination...OpenID Connect ?
>> Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 9/17/12 3:00 PM, Ivan Martinez wrote:
>>> I'm currently considering wether to use OAuth2 or OpenID2 in my
>>> server. Which one do you think will be more adopted as a user
>>> authentication mechanism in XMPP servers?. Which companies are
>>> planing to use each of them?.
>> IMHO it is much more likely that people will implement and deploy
>> OAuth2 than OpenID for XMPP authentication.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>> -----END PGP SIGNATURE-----
More information about the Standards