On Wed, Mar 28, 2007 at 07:42:51AM -0600, Randy Smith wrote:
Since OpenID is built to allow authentication, among other things,
against 3rd party systems, it seems like an excellent way to allow and
recipient server to authenticate all users who wish to send or deliver
mail with their server.
Randy, could you use OpenID terms in describing your SMTP extension?
I'm having trouble understanding how this would work from your
description in your blog. Adding PGP seems to add additional overhead
for what OpenID provides (unless I'm totally mis-understanding OpenID).
Here are what I think are some of the relevant terms:
MTA terms:
C: Sending MTA - sending message
S: Receiving MTA - receiving message
OpenID terms:
Consumer - wants proof
End User - wants to prove their identity to Consumer
User Agent - End user web browser
I is the Identity server
Say there is a new ESMTP keyword, OPENID. Here's a breakdown loosely
following your example:
C->S: connects
S->C: banner
C->S: ehlo
S->C: OPENID is returned along with whatever else
C->S: OPENID <url identifier>
S: <becomes a Consumer>
S->I: <fetches url identifier: Section 3.3 of OpenID spec>
S->C: 250 <identity provider URL: Section 3.5 of OpenID spec>
S->I: associate with identity provider? Section 4.1.x
C->I: go to identity provider? Section 4.2.x
C->S: OPENID CRED <stuff from 4.2.2.3?>
S->C: 250 Ok Credentials are OK
<continue with normal SMTP>
I may of abused SMTP extensions in this example (re: OPENID CRED).
--
:: Jeff Macdonald | Principal Engineer, Messaging Technologies
:: e-Dialog | jmacdonald(_at_)e-dialog(_dot_)com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
:: www.e-dialog.com