On 6/3/10 7:48 AM, Jonathan Dickinson wrote: >> Date: Thu, 3 Jun 2010 07:41:25 -0600 >> From: [email protected] >> To: [email protected] >> Subject: Re: [jdev] Claims-based Authentication >> >> 1. Is there a compelling use case for this? > > I have seen a few devs approach the mailing list with this problem. It > most often appears in the form "How to use OAuth". > >> >> 2. Why wouldn't the WS-* folks define a new SASL mechanism? > > The problem is the XML - WSF uses XML to do the exchange, to base64-ing > it wouldn't be the best (as per requirement from the SASL RFC). If that > lands up being the route taken they would probably only need to reserve > a namespace.
I don't see why we couldn't embed XML. The point about Base64-encoding
in RFC 3920 is that if you have XML character data that's content of the
<auth/> element, it needs to be Base64-encoded. But for different
authentication mechanisms we might define more elaborate approaches.
Unfortunately that might mean that the <auth/>, <challenge/>, and
<response/> elements end up having a mixed content model (ick), like this:
R: <stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>EXTERNAL</mechanism>
<mechanism>FOOBAR</mechanism>
</mechanisms>
</stream:features>
I: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='FOOBAR'>
<some-xml-here/>
</auth>
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
