sasl-browserid help with code review needed

Austin King ozten at
Tue Sep 27 17:28:53 EDT 2011

I'm looking for a code review or any feedback on sasl-browserid.

This is a new SASL authentication mechanism for Mozillia's BrowserID 


BrowserID background:

Some questions I have:

* Is it okay to re-use SASL_CB_USER and SASL_CB_AUTHNAME
** SASL_CB_USER - browserid's assertion
** SASL_CB_AUTHNAME - browserid's audience
* Am I using the right error codes
* I'm clueless on how to setup max_ssf, any pointers?
** assertion is cyphertext already
** audience is a domain name and can be clear text
** communication with is over https
* Any drastic changes that are needed to be considered for upstream 
* ???

Feedback could be via cyrus-devel, as github comments/issues, or via IRC 
( #identity)

Austin King

More information about the Cyrus-devel mailing list