On 09/02/2011 05:17 AM, Alexey Melnikov wrote:
Hi Austin,
Austin King wrote:
At Mozilla, we're experimenting with a new SASL plugin for BrowserID[1].
BrowserID is a decentralized identity system that makes it possible
for users to prove ownership of email addresses in a secure manner,
without requiring per-site passwords[2].
Is there a SASL-related spec for this, or at least an example of the
SASL exchange?
I can definitely use your help!
https://github.com/ozten/sasl-browserid/blob/master/docs/sasl-browserid-design.md
I'll be documenting this better over time and just started talking to
our security team about
a architecture review.
Once this plugin is production quality, what is the best way to
distribute it? Should
we try to get it upstream into Cyrus SASL,
downstream it into OS distributions, or
just provide it for download from a website?
My personal preferences are to try to get it into the upstream. The
next step down is a patch in "contrib". Separate download is of course
always an option.
Great, eventually having source in Cyrus SASL tree makes a lot of sense.
I will need to have a look at the build dependencies. Complicated
dependencies are not a showstopper, but at least we should eliminate
circular dependencies (if any).
The plugin depends on curl and yajl 2 [1] for the browserid.org
verification call.
The plugin also depends on mysql to maintain a session cache. This is
useful for web oriented uses of the plugin.
I'm not sure there are any "long-lived connection" use cases, but if so
they would not need a session, so mysql is optional.
The session backend could be generalized to be like auxprop (other
backends besides mysql), but I'll only build out one backend in the
short term.
Next Steps - I see centrally registering auth mechanisms, RFCs for
mechanism communication,
etc are mentioned. Is this still common practice?
Very much so. I can help you with this as well, as I've written some
SASL-related RFCs.
Again, much appreciated. If you like IRC, we're in
ircs://irc.mozilla.org/#identity
ozten is my nick.
thanks,
Austin
[1] http://lloyd.github.com/yajl/
