Thank Sergey for your message. I try to clarify it with a simple example with a device. Does it make any sense?
A presents XMPP account of a user U. B presents XMPP account of the device D. U does not know B. U knows D and has it in his/her hand. A does not (necessarily) know B. B does not (necessarily) know A. 1. U starts D. 2. B logins in D. 3. A logins in D. 4. B generates a shared secret K. 5. B transmits K to A, e.g., programmatically when both A and B are in same D. 6. Both A and B know now each other (at least inside the program). 7. A sends K to B using presented new ad-hoc commands. A may logout anytime after succesful transmission. 8. B checks if sender's full JID is known A's full JID and checks if received K is correct or not. 9. B can be sure whether A really exists or not, whether U knew A's credentials or not, and that A and no-one else sent the wanted K. After this B may check, e.g., if A is authorized or not to access certain resources, do something, or start something. -Teemu V 2013/12/20 Sergey Dobrov <[email protected]>: > Hello Teemu, > > I would like to see some example chart of some example how it works and > why does it need. Because current text description in the first > paragraph is hard to understand, from my point of view. > > Thanks. > > On 12/19/2013 06:04 PM, Teemu Väisänen wrote: >> Hello all. >> >> I have written a new proposal for a XEP: Two-factor user >> authentication with a shared secret. html and xml files can be >> downloaded from https://a2nets.erve.vtt.fi/TeemuVaisanen >> >> For the next version we have to think, e.g., if there should be only >> one ad hoc command to ask all supported mechanisms or use separate >> commands for each authentication mechanism (as in current version). >> >> Any questions, comments and suggestions are welcome. >> >> Best regards, >> >> Teemu Väisänen >> > > > -- > With best regards, > Sergey Dobrov, > XMPP Developer and JRuDevels.org founder.
