-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For those of you interested in experimenting with federated/third party authentication against (in this example) the jabber mesh of servers:
http://research.covalent.net/mod_auth_jabber/. It is just a simple mod_auth_* module. It'll auth any jabber id against it's origin server and then fetch the vCard which is exposed in the env(). So when you go to a web page, jsp page or cgi script - you log on with your jabber id - and then the application behind your server will have a unique token (your jabber id) with some vCard information to work with. Thanks to the P2P nature of the network it authenticates against (in this case www.jabber.org) a web master can suddenly allow third parties to manage their own username/passwords, provide their vCards without an a priori (trust) relation or some elaborate local registration procedure. Where those data providing parties range from a large provider catering for many; like an ISP, down to a corperations or even a tech savvy individual their own machine. And then of course you can start building trust relations from there on. Some jabber clients/servers support PGP signing of information; and the XML standard for signing and encryption would cleanly merge into jabber's XML based protocol. But that is all future. And because the IM model allows for multiple presences - some better connected than others - there is a lot of further potential. It especially gets interesting when certain vCard information is actually kept closer to the user (in some sort of wallet) - and the IM system prompts the user for the more private information on his or her pda/desktop/phone prior to releasing it in real time. Disclaimer and final wish: the code is not production quality - it is just proof of concept code - and your milage may vary. Of course if it breaks you do get to keep all the pieces. But if you have cool ideas - if you want to use it, change it, build on it - please do. Just drop me a message, or to the relevant mailing lists, if you can. Dw -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBO7qlcP1viMYh0KcbEQLc9gCg9AVkQKZkdEWwk9gQj2/VCDcn+FgAnRsi 8RL3rFymHIUJFUZWAqWggLr3 =WXeB -----END PGP SIGNATURE----- _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev