Michael sent me a JEP for an authentication JIG but perhaps you guys need to duke it out before I move on this? :)
Peter -- Peter Saint-Andre email/jabber: [EMAIL PROTECTED] web: http://www.saint-andre.com/ On Sun, 30 Sep 2001, Adam Theo wrote: > Michael Hearn wrote > > > I think that authentication could well be one of the next important > > stages in the development of the net. And I think Jabber can do it best. > > So what do people think? Should I go ahead and submit a JEP for the > > creation of the Authentication JIG? > > hm... after some thouhgt, i now think that a new JIG should be set up, > but we have to carefully think about what it would cover. > > *authentication* is verifying who the user/server is. this is not only > used with web services, as we are planning, but also the > username/password/server combo to log into one's account in the first > place. that is authentication, as is dialback for the servers, to make > sure a received jabber message came from the server it says it did (if i > understand dialback correctly). will this auth JIG cover those, as well, > or just the web services aspect of authenticating the user and service > to each other. > > *authorization* is deciding what powers the verified user has. this is > the access control/permissions stuff the profiles-jig recently finished, > as well as admin jid read/write access. does the new jig cover this as > well? if not, then what do we call this jig? 'auth' would be > inappropriate, unless we plan to cover all aspects of authentication and > authorization... > > now, i would not be opposed to creating an auth jig to cover all types > of verification and access control in jabber, but we need to be careful > that is what we are really after. > > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
