[jdev] Jabber Login with OpenID

[Peter Saint-Andre]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/2/09 10:18 PM, Peter Saint-Andre wrote:
> On 5/22/09 6:39 AM, Bernhard zwischenbrugger wrote:
>> Hi All
> 
>> I try to make a webchat with OpenID Login.
> 
>> OpenID is not difficult.
>> Using https://rpxnow.com/ for example makes it very simple.
>> Also a Jabber Login using "Strophe" or and other BOSH Lib is simple.
>> No Problem with that
> 
>> But combining this 2 things is not easy at all.
> 
>> If you have never seen openid, here is a simple login process:
>> http://lamp2.fhstp.ac.at/~lbz/beispiele/ss2009/openid/
> 
>> ejabberd provides the "auth_method: external" and it should be possible
>> to login using openid.
> 
> That's SASL EXTERNAL. Typically it is used with a digital certificate
> presented during TLS negotiation.
> 
>> The problem:
> 
>> 1.) I don't know how to make the login. I have to send the TOKEN to the
>> jabberserver, but I don't have a username or password.
>> 2.) If I don't have a username, the jabberserver can't create a useraccount
>> 3.) What to use as username? openid provides an "identifier" which seems
>> to be unique - but thats not a good username.
> 
>> Maybe you have an idea for some if this things.
> 
> My idea is that if people want OpenID login, they would need to define a
> new SASL mechanism. Personally I don't trust OpenID, but other people
> might have enough trust in it to define and use such a SASL mechanism.

I've been looking into this and will probably work soon with some IETF
folks on an Internet-Draft about this.

Peer

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoxlNoACgkQNL8k5A2w/vx1pQCg447jVZ5wQW7Vt3zqU3w7l4Os
ByMAn1P8FWWGQoic9O2pXHtTkExLGqHG
=N5Df
-----END PGP SIGNATURE-----