sasl-browserid help with code review needed

Austin King ozten at mozilla.com
Tue Sep 27 17:28:53 EDT 2011


I'm looking for a code review or any feedback on sasl-browserid.

This is a new SASL authentication mechanism for Mozillia's BrowserID 
service.

Code:
https://github.com/ozten/mozillians

BrowserID background:
https://browserid.org/developers

Some questions I have:

* Is it okay to re-use SASL_CB_USER and SASL_CB_AUTHNAME
** SASL_CB_USER - browserid's assertion
** SASL_CB_AUTHNAME - browserid's audience
* Am I using the right error codes
* I'm clueless on how to setup max_ssf, any pointers?
** assertion is cyphertext already
** audience is a domain name and can be clear text
** communication with browserid.org is over https
* Any drastic changes that are needed to be considered for upstream 
inclusion
* ???

Feedback could be via cyrus-devel, as github comments/issues, or via IRC 
(irc.mozilla.org #identity)

thanks,
Austin King


More information about the Cyrus-devel mailing list