ANN: BROWSER-ID a new SASL Authentication mechanism under development
ozten at mozilla.com
Fri Sep 2 11:57:49 EDT 2011
On 09/02/2011 05:17 AM, Alexey Melnikov wrote:
> Hi Austin,
> Austin King wrote:
>> At Mozilla, we're experimenting with a new SASL plugin for BrowserID.
>> BrowserID is a decentralized identity system that makes it possible
>> for users to prove ownership of email addresses in a secure manner,
>> without requiring per-site passwords.
> Is there a SASL-related spec for this, or at least an example of the
> SASL exchange?
I can definitely use your help!
I'll be documenting this better over time and just started talking to
our security team about
a architecture review.
>> Once this plugin is production quality, what is the best way to
>> distribute it? Should
>> we try to get it upstream into Cyrus SASL,
>> downstream it into OS distributions, or
>> just provide it for download from a website?
> My personal preferences are to try to get it into the upstream. The
> next step down is a patch in "contrib". Separate download is of course
> always an option.
Great, eventually having source in Cyrus SASL tree makes a lot of sense.
> I will need to have a look at the build dependencies. Complicated
> dependencies are not a showstopper, but at least we should eliminate
> circular dependencies (if any).
The plugin depends on curl and yajl 2  for the browserid.org
The plugin also depends on mysql to maintain a session cache. This is
useful for web oriented uses of the plugin.
I'm not sure there are any "long-lived connection" use cases, but if so
they would not need a session, so mysql is optional.
The session backend could be generalized to be like auxprop (other
backends besides mysql), but I'll only build out one backend in the
>> Next Steps - I see centrally registering auth mechanisms, RFCs for
>> mechanism communication,
>> etc are mentioned. Is this still common practice?
> Very much so. I can help you with this as well, as I've written some
> SASL-related RFCs.
Again, much appreciated. If you like IRC, we're in
ozten is my nick.
More information about the Cyrus-devel