[jdev] Signing (Was: Alternate MUC Authentication Mechanisms)
Kurt Zeilenga
Kurt.Zeilenga at Isode.com
Sat Oct 16 19:13:06 CST 2010
On Oct 14, 2010, at 4:32 AM, Dave Cridland wrote:
> So this means writing a SASL-in-77 spec (not impossible), and working on a signing spec (Kurt, with whom I work, proposed XEP-0285, but I think we've convinced him into a different approach now).
Well I think I and another colleague have convinced some that an approach I previously proposed is generally more suitable. :-) That is, I've long preferred an 'encapsulated' approaches over 'encapsulating' approaches for a number of reasons. XEP 285 came about due to some folks pushing back I got from the encapsulated XML DSIG approach discussed in XEP 274, in particular how XML elements were referenced from the manifest being signed and the canonicalization requirements, as well as general dependency on XML DSIG.
My current plan is to introduce a 'simplified' encapsulated specification and then let the community/market decide which to progress. I hope to have this alternative drafted in the next few weeks.
And, yes, this could be used as a way to 'authenticate' authorized users into rooms (clients can sign the join stanzas, the MUC service can verify those signatures, and then choose whether to allow the join or not).
-- Kurt
More information about the JDev
mailing list