I'm really sorry, but I genuinely do not know what is going on at all in your example below. Could you give a concrete example, with things like "An app" instead of A, or whatever it's meant to be.
I just don't follow what A and B are, and why they need to authenticate to each other, and why U and D might possibly have different accounts, and perhaps a simple use-case might clarify things. On 20 Dec 2013 17:47, "Teemu Väisänen" <[email protected]> wrote: > Thank Sergey for your message. > > I try to clarify it with a simple example with a device. Does it make any > sense? > > A presents XMPP account of a user U. > B presents XMPP account of the device D. > U does not know B. > U knows D and has it in his/her hand. > A does not (necessarily) know B. > B does not (necessarily) know A. > > 1. U starts D. > 2. B logins in D. > 3. A logins in D. > 4. B generates a shared secret K. > 5. B transmits K to A, e.g., programmatically when both A and B are in > same D. > 6. Both A and B know now each other (at least inside the program). > 7. A sends K to B using presented new ad-hoc commands. A may logout > anytime after succesful transmission. > 8. B checks if sender's full JID is known A's full JID and checks if > received K is correct or not. > 9. B can be sure whether A really exists or not, whether U knew A's > credentials or not, and that A and no-one else sent the wanted K. > > After this B may check, e.g., if A is authorized or not to access > certain resources, do something, or start something. > > > -Teemu V > > > 2013/12/20 Sergey Dobrov <[email protected]>: > > Hello Teemu, > > > > I would like to see some example chart of some example how it works and > > why does it need. Because current text description in the first > > paragraph is hard to understand, from my point of view. > > > > Thanks. > > > > On 12/19/2013 06:04 PM, Teemu Väisänen wrote: > >> Hello all. > >> > >> I have written a new proposal for a XEP: Two-factor user > >> authentication with a shared secret. html and xml files can be > >> downloaded from https://a2nets.erve.vtt.fi/TeemuVaisanen > >> > >> For the next version we have to think, e.g., if there should be only > >> one ad hoc command to ask all supported mechanisms or use separate > >> commands for each authentication mechanism (as in current version). > >> > >> Any questions, comments and suggestions are welcome. > >> > >> Best regards, > >> > >> Teemu Väisänen > >> > > > > > > -- > > With best regards, > > Sergey Dobrov, > > XMPP Developer and JRuDevels.org founder. >
