[JDEV] Distributed Authentication - thoughts people?

[Michael Hearn]

Recently MS Passport hit Version 2. It's progressing rapidly and will 
soon support SOAP based authentication for web services (or so I believe).

Therefore I think it's time to start work on an open version of Passport 
that doesn't need centralised servers. The Jabber network is an ideal 
candidate for this, so therefore I'd like to sound out the creation of 
an Authentication JIG. The aims of the JIG would be as follows:

-  Develop a system that allows for users to authenticate themselves 
with websites and services using their Jabber account in a secure and 
easy-to-use fasion.
-  Optionally abstract this system so Jabber is not a necessary 
component for the authentication.

This would involve the following steps:

- Create an authentication protocol, and produce bindings to the Jabber 
protocol and SOAP.
- Create a Jabber server plugin that allows for this authentication
- Create authentication web software that would allow users to login to 
web sites in a similar fashion to Passport, with semi single-sign-in.
- Documenting all the above!

I think that authentication could well be one of the next important 
stages in the development of the net. And I think Jabber can do it best. 
So what do people think? Should I go ahead and submit a JEP for the 
creation of the Authentication JIG?

thanks -mike

_______________________________
Michael Hearn
mhearn at neuk.net
Jabber (jabber.org) tweedledee at jabber.org