Hello, I'm a student and within a project at the university I want to implement the XEP-0070 [1] as a SASL mechanism [2]. So other protocols for example imap or pop3 can easily use the authentication scheme.
I've noticed the discussion about XEP-70 on December 20007 [3] and I think it would be great if we can combine the XEP-70 (for all users who are online with their jabber client) and the http digest way (like OpenID) which was proposed by Anders Conbere. I'm not really sure if I have understood the XEP-0070 correctly. If it possible to confirm a message request with a client that don't understand the 'http://jabber.org/protocol/http-auth' namespace? I think in the XEP only clients are on focused which understand the namespace and the behavior of the server which receive a message with ok in the body and no confirm element is undefined. So I think a good solution for http authentication is the XEP-70 when it is clear that all users that are online can confirm the request and for others they are redirected to the XMPP server and can authenticate themself via user credentials. -- Günther Nieß [1] http://www.xmpp.org/extensions/xep-0070.html [2] http://tools.ietf.org/html/rfc4422 [3] http://mail.jabber.org/pipermail/standards/2007-December/017406.html
