[Jabber-IETF] Agenda items

Robert Norris rob at cataclysm.cx
Wed Oct 9 19:32:49 CDT 2002

> <iq id='jcl_1' type='result'>
>   <query xmlns='jabber:iq:auth'>
>     <username>hildjj</username>
>     <digest/>
>     <sasl xmlns='http://www.iana.org/assignments/sasl-mechanisms'/>
>     <resource/>
>   </query>
> </iq>

Except that moves authentication out of the stream, and continues to mix
it with the authorisation, which is nasty. One of the benefits of doing
SASL auth in the stream, IMHO, was that you could authenticate the
stream as one user (some admin guy), and then authorise (request a IM
session) as another user.

Also, some streams only require authentication (dialback, component
accept, etc). SASL can be used if it is only the stream layer, but it
gets harder if we have to start doing IQs.


Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://jabber.org/pipermail/xmppwg/attachments/20021010/d288a47a/attachment.pgp

More information about the xmppwg mailing list