Has anyone thought about how SAML [Security Assertion Markup Language] would work in terms of SASL <http://en.wikipedia.org/wiki/Saml> and XMPP? This is especially interesting regarding the whole OpenID/SSO discussion a while back; SAML isn't bound to HTTP or any other client for that matter (don't get the wrong idea from the abundance of HTTP documentation - it will work in any transport).
I have been reading a bit about SAML and it looks like they do B64 the SAML XML, with no explanation. It seems a bit strange to B64 an XML fragment in a SOAP document (or an XMPP stream for that matter) - maybe it has to do with the WS-Security schema. As far as XMPP 1.0 goes we probably would have to B64 the fragment; but here are my initial thoughts on XMPP 2.0: Possibly: <mechanism type="http://www.w3.org/XML/1998/namespace";>SAML</mechanism> Which gives raise to: <mechanism type="urn:xmpp:tmp:text-plain">PATHETIC</mechanism><!-- something like [name];[password] --> And implicitly: <mechanism type="urn:xmpp:tmp:base64">DIGEST-MD5</mechanism> Indeed, we could go as far as to turn it into a feature on its own. It does support SASL-like mechanism selection itself; it should be possible to jippo SASL right in there: <stream:features> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>DIGEST-MD5</mechanism> <mechanism>PLAIN</mechanism> <mechanism>EXTERNAL</mechanism> </mechanisms> <saml xmlns='http://the/saml/namespace'/> </stream:features> -- Jonathan
_______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
