[Standards] Request for Comments: XEP: Two-factor user authentication with a shared secret

Teemu Väisänen uolevi at gmail.com
Fri Dec 20 17:47:24 UTC 2013


Thank Sergey for your message.

I try to clarify it with a simple example with a device. Does it make any sense?

A presents XMPP account of a user U.
B presents XMPP account of the device D.
U does not know B.
U knows D and has it in his/her hand.
A does not (necessarily) know B.
B does not (necessarily) know A.

1. U starts D.
2. B logins in D.
3. A logins in D.
4. B generates a shared secret K.
5. B transmits K to A, e.g., programmatically when both A and B are in same D.
6. Both A and B know now each other (at least inside the program).
7. A sends K to B using presented new ad-hoc commands. A may logout
anytime after succesful transmission.
8. B checks if sender's full JID is known A's full JID and checks if
received K is correct or not.
9. B can be sure whether A really exists or not, whether U knew A's
credentials or not, and that A and no-one else sent the wanted K.

After this B may check, e.g., if A is authorized or not to access
certain resources, do something, or start something.


-Teemu V


2013/12/20 Sergey Dobrov <binary at jrudevels.org>:
> Hello Teemu,
>
> I would like to see some example chart of some example how it works and
> why does it need. Because current text description in the first
> paragraph is hard to understand, from my point of view.
>
> Thanks.
>
> On 12/19/2013 06:04 PM, Teemu Väisänen wrote:
>> Hello all.
>>
>> I have written a new proposal for a XEP: Two-factor user
>> authentication with a shared secret. html and xml files can be
>> downloaded from https://a2nets.erve.vtt.fi/TeemuVaisanen
>>
>> For the next version we have to think, e.g., if there should be only
>> one ad hoc command to ask all supported mechanisms or use separate
>> commands for each authentication mechanism (as in current version).
>>
>> Any questions, comments and suggestions are welcome.
>>
>> Best regards,
>>
>> Teemu Väisänen
>>
>
>
> --
> With best regards,
> Sergey Dobrov,
> XMPP Developer and JRuDevels.org founder.



More information about the Standards mailing list