On Tue Jan 8 00:35:43 2008, Guenther Niess wrote:
I'm a student and within a project at the university I want to
implement the XEP-0070 [1] as a SASL mechanism [2]. So other
protocols for example imap or pop3 can easily use the authentication
scheme.
I'm not sure I follow the idea behind this.
The point of SASL is that different protocols, including all those
mentioned above, can use the same SASL mechanisms, so XMPP already
can (and does, in some implementations) share the same authentication
infrastructure with POP3 and IMAP services (as well as with SUBMIT).
The point of XEP-0070 is for websites which wish to authenticate that
a particular user owns a particular JID - in this respect it's
similar to OpenID. But it also notifies the user that the service is
being used, which is also potentially useful. The moment you start
introducing SASL, you're well away from this goal, since HTTP doesn't
- after much effort - do SASL.
Offering email services to anyone with a valid JID seems a little odd
to me, so maybe you could expand on your use-cases a bit more.
So I think a good solution for http authentication is the XEP-70
when it is clear that all users that are online can confirm the
request
and for others they are redirected to the XMPP server and can
authenticate themself via user credentials.
That would mean tunelling SASL through HTTP. I'd be intrigued to see
what you come up with, as it'd be directly applicable to simply doing
SASL within HTTP.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
