Hi all,

Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
formal definition on how to couple OAuth with XMPP but I'm somewhat
disconcerted by the fact that the definition is per XMPP service. Why?
XEP-035 specifies for a few of them (PubSub, MUC and Registration) but I'm
wondering if that wouldn't have made more sense to define a service on its
own.

- Sylvain

[1] https://stpeter.im/?p=2228

--
Sylvain Hellegouarch
http://www.defuze.org
_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

Sylvain Hellegouarch wrote:
> Hi all,
>
> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
> formal definition on how to couple OAuth with XMPP but I'm somewhat
> disconcerted by the fact that the definition is per XMPP service. Why?
> XEP-035 specifies for a few of them (PubSub, MUC and Registration) but I'm
> wondering if that wouldn't have made more sense to define a service on its
> own.

Do you mean that an XMPP server could offer a generalized OAuth service
for use by things like pubsub components, MUC components, and the XMPP
server itself?

BTW, do you known about the social (AT) xmpp (DOT) org list? That's mainly where
we've been talking about OAuth:

http://mail.jabber.org/mailman/listinfo/social

/psa


_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

Peter Saint-Andre a écrit :
> Sylvain Hellegouarch wrote:
>> Hi all,
>>
>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
>> formal definition on how to couple OAuth with XMPP but I'm somewhat
>> disconcerted by the fact that the definition is per XMPP service. Why?
>> XEP-035 specifies for a few of them (PubSub, MUC and Registration) but
>> I'm
>> wondering if that wouldn't have made more sense to define a service on
>> its
>> own.
>
> Do you mean that an XMPP server could offer a generalized OAuth service
> for use by things like pubsub components, MUC components, and the XMPP
> server itself?

Yes.

>
> BTW, do you known about the social (AT) xmpp (DOT) org list? That's mainly where
> we've been talking about OAuth:
>
> http://mail.jabber.org/mailman/listinfo/social

Yeah I've been subscribed and I almost sent my message there but I
considered it was better to discuss it here. Feel free to redirect the
discussion if you think it'd be worth it :)

- Sylvain
_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

Sylvain Hellegouarch wrote:
> Peter Saint-Andre a écrit :
>> Sylvain Hellegouarch wrote:
>>> Hi all,
>>>
>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
>>> disconcerted by the fact that the definition is per XMPP service. Why?
>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration) but
>>> I'm
>>> wondering if that wouldn't have made more sense to define a service on
>>> its
>>> own.
>> Do you mean that an XMPP server could offer a generalized OAuth service
>> for use by things like pubsub components, MUC components, and the XMPP
>> server itself?
>
> Yes.

Could you expand a bit on what you mean by that? I don't think XEP-0235
(which I'm currently updating to reflect our discussions in Portland)
disallows a standalone OAuth service that's used by servers and
components, but that model seems to be a bit more sophisticated and complex.

/psa



_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

Peter Saint-Andre a écrit :
> Sylvain Hellegouarch wrote:
>> Peter Saint-Andre a écrit :
>>> Sylvain Hellegouarch wrote:
>>>> Hi all,
>>>>
>>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
>>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
>>>> disconcerted by the fact that the definition is per XMPP service. Why?
>>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration)
>>>> but I'm
>>>> wondering if that wouldn't have made more sense to define a service
>>>> on its
>>>> own.
>>> Do you mean that an XMPP server could offer a generalized OAuth
>>> service for use by things like pubsub components, MUC components, and
>>> the XMPP server itself?
>>
>> Yes.
>
> Could you expand a bit on what you mean by that? I don't think XEP-0235
> (which I'm currently updating to reflect our discussions in Portland)
> disallows a standalone OAuth service that's used by servers and
> components, but that model seems to be a bit more sophisticated and
> complex.
>
> /psa
>
>

Right. I can see it would indeed make it more complex and would prevent
the solution to be implemented and deployed reasonnably soon.

However I didn't mean your XEP was forbidding a standalone service,
perhaps a note in that spirit would make it clear that indeed you can
write such service.

- Sylvain
_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

On Mon, Jul 28, 2008 at 9:56 AM, Sylvain Hellegouarch <sh (AT) defuze (DOT) org> wrote:

> Peter Saint-Andre a écrit :
> > Sylvain Hellegouarch wrote:
> >> Peter Saint-Andre a écrit :
> >>> Sylvain Hellegouarch wrote:
> >>>> Hi all,
> >>>>
> >>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is
> a
> >>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
> >>>> disconcerted by the fact that the definition is per XMPP service. Why?
> >>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration)
> >>>> but I'm
> >>>> wondering if that wouldn't have made more sense to define a service
> >>>> on its
> >>>> own.
> >>> Do you mean that an XMPP server could offer a generalized OAuth
> >>> service for use by things like pubsub components, MUC components, and
> >>> the XMPP server itself?
> >>
> >> Yes.
> >
> > Could you expand a bit on what you mean by that? I don't think XEP-0235
> > (which I'm currently updating to reflect our discussions in Portland)
> > disallows a standalone OAuth service that's used by servers and
> > components, but that model seems to be a bit more sophisticated and
> > complex.
> >
> > /psa
> >
> >
>
> Right. I can see it would indeed make it more complex and would prevent
> the solution to be implemented and deployed reasonnably soon.
>
> However I didn't mean your XEP was forbidding a standalone service,
> perhaps a note in that spirit would make it clear that indeed you can
> write such service.
>
> - Sylvain
>

Peter and I discussed an iq packet with the oauth namespace being used to
establish trust for a JID permanently. Is that still going to be included
as an option?

_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________

Nathan Fritz wrote:
>
>
> On Mon, Jul 28, 2008 at 9:56 AM, Sylvain Hellegouarch <sh (AT) defuze (DOT) org
> <mailto:sh (AT) defuze (DOT) org>> wrote:
>
> Peter Saint-Andre a écrit :
> > Sylvain Hellegouarch wrote:
> >> Peter Saint-Andre a écrit :
> >>> Sylvain Hellegouarch wrote:
> >>>> Hi all,
> >>>>
> >>>> Following Peter last blog note [1] and XEP-0235, I'm pleased
> there is a
> >>>> formal definition on how to couple OAuth with XMPP but I'm
> somewhat
> >>>> disconcerted by the fact that the definition is per XMPP
> service. Why?
> >>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration)
> >>>> but I'm
> >>>> wondering if that wouldn't have made more sense to define a
> service
> >>>> on its
> >>>> own.
> >>> Do you mean that an XMPP server could offer a generalized OAuth
> >>> service for use by things like pubsub components, MUC
> components, and
> >>> the XMPP server itself?
> >>
> >> Yes.
> >
> > Could you expand a bit on what you mean by that? I don't think
> XEP-0235
> > (which I'm currently updating to reflect our discussions in Portland)
> > disallows a standalone OAuth service that's used by servers and
> > components, but that model seems to be a bit more sophisticated and
> > complex.
> >
> > /psa
> >
> >
>
> Right. I can see it would indeed make it more complex and would prevent
> the solution to be implemented and deployed reasonnably soon.
>
> However I didn't mean your XEP was forbidding a standalone service,
> perhaps a note in that spirit would make it clear that indeed you can
> write such service.
>
> - Sylvain
>
>
> Peter and I discussed an iq packet with the oauth namespace being used
> to establish trust for a JID permanently. Is that still going to be
> included as an option?

Yes, I'll add that use case in the next version of XEP-0235, but I think
it's tangential to what Sylvain is talking about, because you could use
the IQ exchange with a pubsub service, a MUC service, an IM server, or a
standalone OAuth service that's used by all of the above. However I have
no objections to standalone OAuth services, it's just that we'd need to
define the interactions between said service and all the other services
that might be deployed in a domain (e.g., how does the pubsub service
check an OAuth token with the OAuth service). Those flows won't be in
the next version of XEP-0235 but they might be in a future version, or
in a future spec that builds on XEP-0235.

/psa



_______________________________________________
JDev mailing list
FAQ: http://www.jabber.org/discussion-lists/jdev-faq
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe (AT) jabber (DOT) org
_______________________________________________