|
I might be completely off the mark,
But surely the authentication mechanism could be completely different from the end application?
ie. a http(s) module / library could be used for authentication and then parse relevant information / tokens to an IMAP application?
>>> I doubt it will be possible to use exactly the same methods for HTTP, XMPP, SMTP and IMAP. The latter three (XMPP, SMTP and IMAP) are session based, and might require authentication/authorization only once during a session. HTTP is stateless (at least in general), so some thought needs to be given to extending the auth across multiple requests.
A method for HTTP will need to consider potential performance issues, replay protection, and possible tie-in with other available session state (such as a TLS channel), among other things. The others can generally get away with a on-time verification step per session. It may be possible to share portions of the mechanism. In fact, TLS/SSL with client authentication supports all 4 protocols. However it seems to be rejected because of other issues: PKI lifecycles, physical portability of the key, trust management, etc. |
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
