OAuth over XMPP

OAuth over XMPP

Kellan Elliot-McCrea and Rabble presented Beyond Rest: Building Data Services with XMPP PubSub earlier today at OSCON in Portland. Aside from an interesting anecdote about FriendFeed’s polling habits against Flickr, the pair also revealed the consensus coming out of the XMPP Summit on how to perform OAuth token exchange over XMPP.

Kellan notes:

Defenese against MITM, and replay-ability are inherited from the Jabber transport, so the consensus of those of us present was that we only needed to prove possession of the consumer and token secrets.

This moves us ever closer to being able to use XMPP as a reliable and effective OAuth transport mechanism, not to mention standardizing authenticated data streams between unaffiliated endpoints.

More information on Building Data Services with XMPP PubSub has been published by Robert Kaye.

About this entry

You’re currently reading “OAuth over XMPP,” an entry on OAuth

Published:: July 23, 2008 / 6:32 pm

Category:: Development

Tags:: jabber, oauth, xmpp

No comments yet

Jump to comment form | comment rss [?] | trackback uri [?]

Have your say

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

You must be logged in to post a comment.