[jdev] Claims-based Authentication
Peter Saint-Andre
stpeter at stpeter.im
Thu Jun 3 08:54:48 CDT 2010
On 6/3/10 7:48 AM, Jonathan Dickinson wrote:
>> Date: Thu, 3 Jun 2010 07:41:25 -0600
>> From: stpeter at stpeter.im
>> To: jdev at jabber.org
>> Subject: Re: [jdev] Claims-based Authentication
>>
>> 1. Is there a compelling use case for this?
>
> I have seen a few devs approach the mailing list with this problem. It
> most often appears in the form "How to use OAuth".
>
>>
>> 2. Why wouldn't the WS-* folks define a new SASL mechanism?
>
> The problem is the XML - WSF uses XML to do the exchange, to base64-ing
> it wouldn't be the best (as per requirement from the SASL RFC). If that
> lands up being the route taken they would probably only need to reserve
> a namespace.
I don't see why we couldn't embed XML. The point about Base64-encoding
in RFC 3920 is that if you have XML character data that's content of the
<auth/> element, it needs to be Base64-encoded. But for different
authentication mechanisms we might define more elaborate approaches.
Unfortunately that might mean that the <auth/>, <challenge/>, and
<response/> elements end up having a mixed content model (ick), like this:
R: <stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>EXTERNAL</mechanism>
<mechanism>FOOBAR</mechanism>
</mechanisms>
</stream:features>
I: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='FOOBAR'>
<some-xml-here/>
</auth>
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20100603/2c0c51ce/attachment-0001.bin>
More information about the JDev
mailing list