[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DotGNU]Jabber & Authentication
|
From: |
Chris Smith |
|
Subject: |
Re: [DotGNU]Jabber & Authentication |
|
Date: |
Mon, 22 Apr 2002 17:10:07 +0100 |
On Monday 22 April 2002 05:20, Jonathan P Springer wrote:
> So I started fiddling with the idea of accepting SOAP over Jabber.
> Essentially, I'm trying to create a Jabber "client" that will accept
> SOAP as the content of a Message or Query (asynchronous vs.
> synchronous).
This is also the first stage of a VRS <-> Jabber Bridge.
What language are you coding this in?
We might as well share our toys (if you don't mind) :o)
> The first problem I faced was having the client securely
> log in to the server. This is the traditional problem of "How do I
> automate a password?".
>
> For the time being, I'll stow the password locally in a file and use the
> Jabber SHA-1 digest method to encrypt it on its way to authenticate with
> the server. Unfortunately, because Jabber wants the SHA-1 digest of
> concatenate(SessionID, Password), I can't put the password in the file
> in its digest form. That leaves two options: (1) use a two-way
> encryption scheme to store passwords locally, or (2) trust root and
> whomever may have access to the UID under which the service is run.
Yeah. We've the same problem with the LDS/VRS design. The passwords have
to be stored somewhere, in fact it's worse with the VRS because there will be
private keys floating about too.
At the moment we're assuming root is secure and will come back to the
security issue when the project is a little more mature.
> I don't particularly trust either of those options. In my ideal world,
> Jabber will expand to support some sort of public/private key
> authentication (though I guess I must stil trust root to steer clear of
> my private keys in that case).
ditto.
> I guess my question boils down to: What are the thoughts of others in
> the group on how automated services authenticate with each other and
> establish trust? Feel free to tell me to RTFM. (Just tell me where TFM
> is.)
Me too.
Cheers,
Chris
--
Chris Smith
Technical Architect - netFluid Technology Limited.
"Internet Technologies, Distributed Systems and Tuxedo Consultancy"
E: address@hidden W: http://www.nfluid.co.uk