[jdev] Alternate MUC Authentication Mechanisms
Dave Cridland
dave at cridland.net
Thu Oct 14 05:32:30 CST 2010
On Thu Oct 14 00:23:16 2010, Alex Milowski wrote:
> I've been playing around with Multi-user Chat and I'm wondering if
> anyone
> has experience with extending the protocol to include alternate room
> password mechanisms? Specifically, I'm interest in using something
> like
> digest authentication in conjunction with signed stanzas. I'd like
> to have
> better guarantees on who is actually in the room.
We handle authorization based on XEP-0258, and we're working on
putting together a signed stanzas specification which'd also help
authenitcate.
For taking the "room password" mechanism beyond a simple plaintext
password - which is really not a security thing at all - you'd need
to establish something like a SASL exchange between the user and the
room. It's possible you could do this by provisioning the user with a
XEP-0077 registration exchange embodying a SASL exchange, which'd
leave you having "proven" the user and obtaining their certificate,
in which case the signed stanzas would suffice to authenticate the
user.
So this means writing a SASL-in-77 spec (not impossible), and working
on a signing spec (Kurt, with whom I work, proposed XEP-0285, but I
think we've convinced him into a different approach now).
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list