[jdev] OAuth and XMPP

Nathan Fritz nathanfritz at gmail.com
Mon Jul 28 15:58:33 CDT 2008


On Mon, Jul 28, 2008 at 9:56 AM, Sylvain Hellegouarch <sh at defuze.org> wrote:

> Peter Saint-Andre a écrit :
> > Sylvain Hellegouarch wrote:
> >> Peter Saint-Andre a écrit :
> >>> Sylvain Hellegouarch wrote:
> >>>> Hi all,
> >>>>
> >>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is
> a
> >>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
> >>>> disconcerted by the fact that the definition is per XMPP service. Why?
> >>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration)
> >>>> but I'm
> >>>> wondering if that wouldn't have made more sense to define a service
> >>>> on its
> >>>> own.
> >>> Do you mean that an XMPP server could offer a generalized OAuth
> >>> service for use by things like pubsub components, MUC components, and
> >>> the XMPP server itself?
> >>
> >> Yes.
> >
> > Could you expand a bit on what you mean by that? I don't think XEP-0235
> > (which I'm currently updating to reflect our discussions in Portland)
> > disallows a standalone OAuth service that's used by servers and
> > components, but that model seems to be a bit more sophisticated and
> > complex.
> >
> > /psa
> >
> >
>
> Right. I can see it would indeed make it more complex and would prevent
> the solution to be implemented and deployed reasonnably soon.
>
> However I didn't mean your XEP was forbidding a standalone service,
> perhaps a note in that spirit would make it clear that indeed you can
> write such service.
>
> - Sylvain
>

Peter and I discussed an iq packet with the oauth namespace being used to
establish trust for a JID permanently.  Is that still going to be included
as an option?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20080728/039cb31d/attachment-0002.htm>


More information about the JDev mailing list