[jdev] OAuth and XMPP
Sylvain Hellegouarch
sh at defuze.org
Mon Jul 28 11:56:46 CDT 2008
Peter Saint-Andre a écrit :
> Sylvain Hellegouarch wrote:
>> Peter Saint-Andre a écrit :
>>> Sylvain Hellegouarch wrote:
>>>> Hi all,
>>>>
>>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
>>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
>>>> disconcerted by the fact that the definition is per XMPP service. Why?
>>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration)
>>>> but I'm
>>>> wondering if that wouldn't have made more sense to define a service
>>>> on its
>>>> own.
>>> Do you mean that an XMPP server could offer a generalized OAuth
>>> service for use by things like pubsub components, MUC components, and
>>> the XMPP server itself?
>>
>> Yes.
>
> Could you expand a bit on what you mean by that? I don't think XEP-0235
> (which I'm currently updating to reflect our discussions in Portland)
> disallows a standalone OAuth service that's used by servers and
> components, but that model seems to be a bit more sophisticated and
> complex.
>
> /psa
>
>
Right. I can see it would indeed make it more complex and would prevent
the solution to be implemented and deployed reasonnably soon.
However I didn't mean your XEP was forbidding a standalone service,
perhaps a note in that spirit would make it clear that indeed you can
write such service.
- Sylvain
More information about the JDev
mailing list