OAuth over XMPP

OAuth over XMPP

Kellan Elliot-McCrea and Rabble presented Beyond Rest: Building Data Services with XMPP PubSub earlier today at OSCON in Portland. Aside from an interesting anecdote about FriendFeed’s polling habits against Flickr, the pair also revealed the consensus coming out of the XMPP Summit on how to perform OAuth token exchange over XMPP.

Kellan notes:

Defenese against MITM, and replay-ability are inherited from the Jabber transport, so the consensus of those of us present was that we only needed to prove possession of the consumer and token secrets.

This moves us ever closer to being able to use XMPP as a reliable and effective OAuth transport mechanism, not to mention standardizing authenticated data streams between unaffiliated endpoints.

More information on Building Data Services with XMPP PubSub has been published by Robert Kaye.
This entry was written by Chris Messina and posted on July 23, 2008 at 6:32 pm and filed under Development with tags , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

One Trackback/Pingback

  1. By OAuth über XMPP (Jabber) at notizBlog - a private weblog written by Matthias Pfefferle on 24 Jul 2008 at 12:46 am

    [...] (via) « MarsEdit mit AtomPub unterstützung [...]

Post a Comment

You must be logged in to post a comment.