On Nov 15, 2009, at 10:46 AM, Norman Rasmussen wrote: > DIGEST-MD5 (and so some degree GSSAPI), allows you to authenticate with > separate credentials from the account you're authorizing to. > > So it's 100% valid in the XMPP world to login into the [email protected] xmpp > account using a username of bob and bob's password.
I think the OP was looking at how to specify a different authcid, not assert an authzid for identity assumption. That is, Joe wants the JID [email protected] to have an authcid of say j. That's quite different than Bob (Bob != Joe) wanting to act as Joe, hence authenticating as Bob (via either JID [email protected] or as b) and assuming the entity identified by the JID j...@example or the identity j. While SASL's authzid mechanism does get used to specification of alternative identities for the same entity, that (IMO) is a misuse. This misuse interfers with the ability of the user to perform identity assumption. That is, if the user Bob wants to act as Joe but needs to specify both an authcid and authzid to just to authenticate as Bob, then it can use the authzid to say he wants act as Joe. Anyways, some servers might have authcid which are not JIDs. For instance, my authcid might be "Kurt Zeilenga". XMPP clients should, just like most email clients do, the option to enter a authcid that's different than the user's JID (just like email clients allow for authcids which are different than the user's email address). -- Kurt _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
