[JDEV] Distributed Authentication - thoughts people?

[Peter Saint-Andre]

Michael sent me a JEP for an authentication JIG but perhaps you guys need
to duke it out before I move on this? :)

Peter

--
Peter Saint-Andre
email/jabber: stpeter at jabber.org
web: http://www.saint-andre.com/

On Sun, 30 Sep 2001, Adam Theo wrote:

> Michael Hearn wrote
> 
> > I think that authentication could well be one of the next important 
> > stages in the development of the net. And I think Jabber can do it best. 
> > So what do people think? Should I go ahead and submit a JEP for the 
> > creation of the Authentication JIG?
> 
> hm... after some thouhgt, i now think that a new JIG should be set up, 
> but we have to carefully think about what it would cover.
> 
> *authentication* is verifying who the user/server is. this is not only 
> used with web services, as we are planning, but also the 
> username/password/server combo to log into one's account in the first 
> place. that is authentication, as is dialback for the servers, to make 
> sure a received jabber message came from the server it says it did (if i 
> understand dialback correctly). will this auth JIG cover those, as well, 
> or just the web services aspect of authenticating the user and service 
> to each other.
> 
> *authorization* is deciding what powers the verified user has. this is 
> the access control/permissions stuff the profiles-jig recently finished, 
> as well as admin jid read/write access. does the new jig cover this as 
> well? if not, then what do we call this jig? 'auth' would be 
> inappropriate, unless we plan to cover all aspects of authentication and 
> authorization...
> 
> now, i would not be opposed to creating an auth jig to cover all types 
> of verification and access control in jabber, but we need to be careful 
> that is what we are really after.
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>