Difference between revisions of "HTTP-Auth suite"

Jump to navigation Jump to search
3 bytes added ,  00:59, 18 December 2020
m
no edit summary
m
 
m
 
Line 8: Line 8:
; Author: [[User:Machekku|Maciej Niedzielski (machekku)]]
; Author: [[User:Machekku|Maciej Niedzielski (machekku)]]
; Mentor: Jacek Konieczny
; Mentor: Jacek Konieczny
; Target: [http://xmpp.org/extensions/xep-0070.html XEP-0070] client/server implementation
; Target: [https://xmpp.org/extensions/xep-0070.html XEP-0070] client/server implementation
; Website: http://jauto.sourceforge.net/
; Website: http://jauto.sourceforge.net/
</div>
</div>
Line 19: Line 19:
Talk...? Talking is one of the most popular ways of using the Internet. But - for some reason - you don't need to provide your password every time you want to talk with another person. Somehow they know that it's you. So why HTTP servers do not know? And why not to teach them how to do this?
Talk...? Talking is one of the most popular ways of using the Internet. But - for some reason - you don't need to provide your password every time you want to talk with another person. Somehow they know that it's you. So why HTTP servers do not know? And why not to teach them how to do this?


There already exists a protocol ([http://xmpp.org/extensions/xep-0070.html XEP-0070]) which enables HTTP server to verify HTTP requests via XMPP. It describes how HTTP server can take advantage on strong authentication provided by XMPP and just simply associate unknown (until now) user clicking a link in browser with a well-known and "well-authenticated" XMPP user.
There already exists a protocol ([https://xmpp.org/extensions/xep-0070.html XEP-0070]) which enables HTTP server to verify HTTP requests via XMPP. It describes how HTTP server can take advantage on strong authentication provided by XMPP and just simply associate unknown (until now) user clicking a link in browser with a well-known and "well-authenticated" XMPP user.


And now, imagine that your browser acts like an (invisible) XMPP client. Sure, it will need to know your password, but this is just one password (and it's not same-password-everywhere solution!). In exchange for this one password, your XMPP-enabled HTTP browser could automatically confirm all your HTTP requests in background! You don't need to send any password to HTTP server - just tell the server: "''yes, I'm a happy Jabber user!''" and everything else will happen automatically.
And now, imagine that your browser acts like an (invisible) XMPP client. Sure, it will need to know your password, but this is just one password (and it's not same-password-everywhere solution!). In exchange for this one password, your XMPP-enabled HTTP browser could automatically confirm all your HTTP requests in background! You don't need to send any password to HTTP server - just tell the server: "''yes, I'm a happy XMPP user!''" and everything else will happen automatically.


== Project ==
== Project ==
This page is dedicated to [http://code.google.com/soc/ Summer of Code 2006] project, which aims to implement [http://xmpp.org/extensions/xep-0070.html XEP-0070] in a way described above.
This page is dedicated to [http://code.google.com/soc/ Summer of Code 2006] project, which aims to implement [https://xmpp.org/extensions/xep-0070.html XEP-0070] in a way described above.
The components include:
The components include:
* Firefox extension: It will understand server's offer to use this protocol and provide all data needed to start the authentication (like user's JID). At the same time, it will act as invisible XMPP client, which will automatically confirm the requests: this way, the only user action to authenticate will be to provide their JID
* Firefox extension: It will understand server's offer to use this protocol and provide all data needed to start the authentication (like user's JID). At the same time, it will act as invisible XMPP client, which will automatically confirm the requests: this way, the only user action to authenticate will be to provide their JID
Line 54: Line 54:
** [http://jauto.sourceforge.net/subprojects/psi-jauto/ psi]: Displays incoming requests.
** [http://jauto.sourceforge.net/subprojects/psi-jauto/ psi]: Displays incoming requests.
** [http://jauto.sourceforge.net/subprojects/jautod/ jautod]: Sends request as a reply to a message (just for testing Psi).
** [http://jauto.sourceforge.net/subprojects/jautod/ jautod]: Sends request as a reply to a message (just for testing Psi).
** [http://xmpp.org/extensions/xep-0070.html XEP-0070]: Prepared draft changes and sent do XEP Editor.
** [https://xmpp.org/extensions/xep-0070.html XEP-0070]: Prepared draft changes and sent do XEP Editor.
* [http://jauto.sourceforge.net/2006/06/12/week-3/ Week 3]  
* [http://jauto.sourceforge.net/2006/06/12/week-3/ Week 3]  
** [http://jauto.sourceforge.net/subprojects/psi-jauto/ psi]: [http://listserver.dreamhost.com/pipermail/psi-devel-affinix.com/2006-June/005726.html Improved stanza error handling.]
** [http://jauto.sourceforge.net/subprojects/psi-jauto/ psi]: [http://listserver.dreamhost.com/pipermail/psi-devel-affinix.com/2006-June/005726.html Improved stanza error handling.]
Line 99: Line 99:
== References ==
== References ==
* [http://jauto.sourceforge.net/ Official Website of the project]
* [http://jauto.sourceforge.net/ Official Website of the project]
* [http://xmpp.org/extensions/xep-0070.html XEP-0070]
* [https://xmpp.org/extensions/xep-0070.html XEP-0070]
* [http://machekku.uaznia.net/jabber/http-auth/soc2006_application.html my original Summer of Code application]
* [http://machekku.uaznia.net/jabber/http-auth/soc2006_application.html my original Summer of Code application]


[[Category:Summer of Code 2006]]
[[Category:Summer of Code 2006]]
216

edits

Navigation menu