Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jabber Takes On MS Passport

Posted by timothy on from the lower-fat dept.

Lord Prox writes "Jabber Ticket Authentication is a method of authenticating with HTTP servers using your jabber identification. This allows you to login to websites using your jabber address in a single sign-on fashion similar to .NET Passport, but unlike .NET Passport is not locked into a single authentication provider. Tickets also mean the jabber ticket provider and the web server do not need to be tightly integrated for authentication to work, also because its not tightly integrated it means webmasters do not need to setup their own jabber server to provide tickets, they can use a third party provider even a central "tickets.jabber.org". Also because tickets are not tightly integrated it makes it far easier for webmasters to integrate with Jabber, it also makes web farms far more scalable and reliable." Update: 02/11 19:22 GMT by T : The link to jabber.org has been fixed; thanks to reader Laurence Withers.

8 of 32 comments (clear)

  1. Jabber Site by Mizery+De+Aria · · Score: 2, Informative

    I think the poster meant http://www.jabber.org
    I could be wrong though. Perhaps he wanted some Duff(tm/r/c?)

    --
    If you're religishitty, KILL YOURSELF!
    1. Re:Jabber Site by Mizery+De+Aria · · Score: 2, Informative

      http://www.jabber.org

      Also, a mirror in case it gets slashdotted:

      --
      If you're religishitty, KILL YOURSELF!
  2. Jabber is good stuff... by tcopeland · · Score: 2, Informative

    ....we've been using the Jabber4R Ruby wrapper to route Cougaar status messages for a couple years now.

    It's kind of running out of gas on us as our message volume increases, but it's worked well enough so far...

    --
    The Army reading list
    1. Re:Jabber is good stuff... by tcopeland · · Score: 3, Informative

      > how come you're using Ruby and
      > not a Java wrapper

      We've put together a distributed testing and control framework in Ruby, and so we used Jabber as middleware between Java and Ruby. We've got some in house expertise in Ruby and it just made sense to use a scripting language to do some of the sorts of things we're doing.

      > Peter Saint-Andre and Matt Miller will
      > be talking about Jabber

      Cool. I work with Dana Moore and Bill Wright who wrote the Jabber Developer's Handbook. Fun stuff!

      --
      The Army reading list
    2. Re:Jabber is good stuff... by AJWM · · Score: 2, Informative

      The running style is the big givaway, other points are the shape of the head and the length of the tail. That thing is built for speed, for running down its prey in open, flat terrain. Cougars (at least around these parts) live in mountainous, wooded terrain and prefer to attack from hiding.

      At least it's colored correctly for a cougar, no spots.

      --
      -- Alastair
  3. Still vulnerable to man in the middle by hargettp · · Score: 3, Informative

    The proposed design asserts that man-in-the-middle (MITM) attacks can be eliminated by using SSL. However, SSL suffers from man in the middle vulnerabilities; see Netscape's SSL documentation and this paper from the SANS institute.

    I think I was hoping for an algorithm with the handshaking complexity of Kerberos or SSL, because unfortunately a good security algorithm typically requires that level of sophistication, I would assert. Perhaps the design was aiming for a simpler starting point, with furthe refinement in the future; if so, it has met the goal nicely.

  4. Kerberos + PAM?? by SgtChaireBourne · · Score: 2, Informative
    I may be totally out of line, but the idea of single sign-on through tickets/tokens already works rather well with Kerberos. Why not incorporate Kerberos into the Jabber system?
    I know nothing of Jabber, but looking at the jabber components they seem like the might be able to use Pluggable Authentication Modules (PAM) by telling that service to authenticate using Kerberos. Kerberos is not so difficult to implement using PAM and you can even set it up for fail over between different authentication methods.

    Even installing Kerberos is not a bit deal anymore. For several years now it's been part of distros as ready-to-use RPMs or .deb packages. If you combine Kerberos with OpenLDAP, then you get great flexiblity with users and groups in addition to the security, scalability, and platform independence lacking for weaker substitutes like MSAD.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  5. Re:Kerberos?? by Anonymous Coward · · Score: 1, Informative

    Kerberos is supported by lots of software save for web browsers - but for those one could use kx509, kweb, or other services. Even jabber may be usable for kerberised http someday.
    And interrealm kerberos is used every day by big universities and other institutions (not to mention single users as well)