[Wocky] Buddy Authorization

[Paul B. Hill]

Hi,

Thank you for your comments and questions. 

I believe we are approaching jabber with an open mind, and for several
different purposes. 

First there are several communities of users at MIT that have never broadly
adopted Zephyr. Many people do use AIM, but as more work is done over IM,
relying on AIM, Yahoo, or MSN becomes problematic. By providing an
institutional IM service we hope that people will appreciate the consistent
namespace and find it of value. We are also somewhat uncomfortable with some
people using these 3rd party commercial services to carry out institutional
business. 

The jabber protocol appears to offer support of most of the Zephyr features
that MIT users feel are important. We realize that today, few, if any, of
the clients support many of these features. This may change overtime, either
through the efforts of people at MIT or elsewhere.

I feel there are reasons to explore alternatives Zephyr. Many people at MIT
need to collaborate with others around the world. Although Zephyr is used at
some other sites, it has never had the wide spread deployment that some
other IM systems enjoy. Furthermore NATs are a reality, and Zephyr does not
work well when using address translation.

As GSS support is added to jabber client and servers it remains to be seen
how developers will deal with the authorization issues. Although we expect
to use GSS within the campus community, which might argue against the
current authorization model, we also want the jabber service to provide an
IM foundation for extra-institutional IM. Not all of those other sites will
necessarily being using authentication methods that we find acceptable. The
UIs will have to evolve over time to address these different needs. 

At this time we are not talking about replacing Zephyr with jabber. We are
trying to create an environment where jabber can compete with Zephyr and
determine what needs to be changed to best meet our customer's needs. 

Paul

-----Original Message-----
From: wocky-bounces at MIT.EDU [mailto:wocky-bounces at MIT.EDU] On Behalf Of Joel
N. Weber II
Sent: Thursday, August 11, 2005 2:42 PM
To: Jonathan Reed
Cc: wocky at mit.edu
Subject: Re: [Wocky] Buddy Authorization

I think a more general question is whether the goal is for an Athena
Jabber server to provide the same semantics as zephyr currently does,
or whether jabber is supposed to provide support for some other
culture.

I get the impression that there are many zephyr users who would be
unhappy if jabber were to replace zephyr without providing a similar
user experience.

But I'm not clear on what problem the Athena jabber server is supposed
to solve.  (On the other hand, if it's not supposed to be a zephyr
replacement, what does it offer that AIM doesn't?)

How does jabber's current buddy authorization interact with jabber
conferences?  Occasionally I participate in conversations on zephyr
classes where it ends up being useful to move to personals, and on
rare occasions this involves someone who I wouldn't happen to have
already authorized as a buddy, and so the semantics of letting anyone
send are useful.  Every now and then we see a webzephyr user carrying
out an extensive conversation on a zephyr class trying to get someone
to subscribe to webzephyr so that they can send a personal message,
which is somewhat annoying for everyone else who's watching the class.

I think it's also the case that jabber was designed with the idea that
anyone anywhere on the Internet would normally be able to connect,
without any strong mechanism for authenticating the users.  In such a
context, buddy authorization probably makes a _lot_ of sense.  If you
have a system that discourages annoymous messages from being sent
through relatively strong authentication of users, needing to
authorize each user you individually talk to probably becomes much
less of a problem.


_______________________________________________
Wocky mailing list
Wocky at mit.edu
http://mailman.mit.edu/mailman/listinfo/wocky