On Thu Oct 14 00:23:16 2010, Alex Milowski wrote:
I've been playing around with Multi-user Chat and I'm wondering if
anyone
has experience with extending the protocol to include alternate room
password mechanisms? Specifically, I'm interest in using something
like
digest authentication in conjunction with signed stanzas. I'd like
to have
better guarantees on who is actually in the room.
We handle authorization based on XEP-0258, and we're working on
putting together a signed stanzas specification which'd also help
authenitcate.
For taking the "room password" mechanism beyond a simple plaintext
password - which is really not a security thing at all - you'd need
to establish something like a SASL exchange between the user and the
room. It's possible you could do this by provisioning the user with a
XEP-0077 registration exchange embodying a SASL exchange, which'd
leave you having "proven" the user and obtaining their certificate,
in which case the signed stanzas would suffice to authenticate the
user.
So this means writing a SASL-in-77 spec (not impossible), and working
on a signing spec (Kurt, with whom I work, proposed XEP-0285, but I
think we've convinced him into a different approach now).
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
