[JDEV] (announcement) mod_auth_jabber v1.02

Dirk-Willem van Gulik dirkx at covalent.net
Wed Oct 3 00:47:48 CDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For those of you interested in experimenting with federated/third party
authentication against (in this example) the jabber mesh of servers:

        http://research.covalent.net/mod_auth_jabber/.

It is just a simple mod_auth_* module. It'll auth any jabber id against
it's origin server and then fetch the vCard which is exposed in the env().

So when you go to a web page, jsp page or cgi script - you log on with
your jabber id - and then the application behind your server will have a
unique token (your jabber id) with some vCard information to work with.

Thanks to the P2P nature of the network it authenticates against (in this
case www.jabber.org) a web master can suddenly allow third parties to
manage their own username/passwords, provide their vCards without an a
priori (trust) relation or some elaborate local registration procedure.
Where those data providing parties range from a large provider catering
for many; like an ISP, down to a corperations or even a tech savvy
individual their own machine.

And then of course you can start building trust relations from there on.
Some jabber clients/servers support PGP signing of information; and the
XML standard for signing and encryption would cleanly merge into jabber's
XML based protocol. But that is all future.

And because the IM model allows for multiple presences - some better
connected than others - there is a lot of further potential. It especially
gets interesting when certain vCard information is actually kept closer to
the user (in some sort of wallet) - and the IM system prompts the user for
the more private information on his or her pda/desktop/phone prior to
releasing it in real time.

Disclaimer and final wish: the code is not production quality - it is just
proof of concept code - and your milage may vary. Of course if it breaks
you do get to keep all the pieces. But if you have cool ideas - if you
want to use it, change it, build on it - please do. Just drop me a
message, or to the relevant mailing lists, if you can.

Dw


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBO7qlcP1viMYh0KcbEQLc9gCg9AVkQKZkdEWwk9gQj2/VCDcn+FgAnRsi
8RL3rFymHIUJFUZWAqWggLr3
=WXeB
-----END PGP SIGNATURE-----




More information about the JDev mailing list