[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]A Proposal for a Solution (please read the end at least)

From: Adam Theo
Subject: [Auth]A Proposal for a Solution (please read the end at least)
Date: Mon, 16 Jul 2001 00:23:01 -0400

I have a proposal to make. I have been thinking about this all day, and
believe I am ready to advocate such a position.

Before this point I believed DotGNU's best idea was to take the fully
client-side, P2P route for authentication, since it seemed to 'fit' with
the GNU philosophy the best. But after some thought and reading the
recent threads on this list, I have come to believe otherwise.

I am very active in the development of a system called 'Jabber' ( ). Jabber is a 100% open source protocol and platform
(notice I say protocol and platform, not software or product). As an
entry in the Jabber FAQ says:

"Jabber is an XML-based, open-source system and protocol for real-time
messaging and presence notification. The first application of Jabber is
an instant messaging (IM) system similar to AOL Instant Messenger, ICQ,
MSN Instant Messenger, or Yahoo! Messenger. However, Jabber is also
being applied in the realms of wireless communications, embedded
systems, and Internet infrastructure."

Jabber FAQ:

It uses a very distributed client/server tier platform, *very* much like
the email system (email was the 'eureka!' idea that the founders had in
mind, i believe in fact). It does this to remove complexity away from
the client and client developers, and eliminate massive software updates
when updates come through. However, as the FAQ says: 

"since the Jabber server is relatively small (especially if only
Jabber-native communications are desired), it can be embedded in devices
so that each machine has its own Jabber server, thus moving Jabber
closer to a peer-to-peer model." and "We're also excited about the
rapidly-evolving peer-to-peer space, and are working to make Jabber more
of a true peer-to-peer application".

Also since it is similar to the email system, that means anyone can set
up a Jabber server of their choice. I in fact have done so under my
domain name, and hundreds of others have as well.

No one can even control the naming system, since this follows email as
well, using the well-known user*host.domain naming convention, instead
of 'global' names like AIM's 'Adam Theo 2000' or ICQ's '3617306'. So
no-one controls the naming system of it anymore than they can now.

You also do not need to worry about the the jabber server not fitting
your needs, meaning that the Jabber system is the *protocol* not any
server daemon created by one company or group of people. For example,
the Jabelin people are working on a Open Source Jabber server ( ), while is working on a proprietary Jabber
server to sell to businesses that are skeptical of open source. Both
implimentations follow the standards and guidelines set up by the newly
created Jabber Foundation (created using the Apache and GNOME
Foundations as inspiration).

The Jabber Foundation is a very open, very flexible organization run by
the developers, and takes in comments and requests from the users and
other organizations. You can check it and transcripts of it's meetings
out at .

The Jabber protocol heavily uses XML, which as we all know is a truely
awesome technology (ok, sorry, I'm a little biased. I love XML... :-).
It's XML implimentation is also very open to other XML specs and
Schemas, potentially allowing someone to use Jabber to send and recieve
XML-RPC and SOAP calls (web services over Jabber, anyone?); talk with
applications on the Internet, not just human users (take a second and
think of the possibilities); and also any other XML-based communication
you can think of.

And for Authentication and Identity for the Jabber system, this is being
taken care of, as well. By none other than myself and a small group of
others who are making fast progress on an open, flexible, powerful, and
very secure Identity system that runs using Jabber. For more information
on this, head over to .

Now, if all of you are still skeptical about how Jabber can be used, I
propose that this list choose one or two people from among us to learn
about Jabber. Give them a week or so, and have the report back to the
list on what they think. This way all of us can see how Jabber looks
from a FSF and DotGNU perspective, without all of us having to learn
about it.

The only problem, and I repeat the *only* problem I can see any of you
having with Jabber is licensing. The Jabber protocol itself is licensed
undfer the Jabber Open Source License (JOSL), which is BSD and MPL in
origin. This was decided the best license for their needs at the time
because they wanted to get businesses and other developers to take up
the Jabber system. Therefore they allowed proprietary extensions and
narrowed the definition of 'derivitive work'. This has worked very well
for the needs so far, and would allow everyone (including everyone here)
to do what they want with the system.

However, I can understand the people in this project wanting to use the
GPL. *hm... thinking...* Ok, here's what I can try. Everyone here please
take a look at Jabber. Please. Discuss it, maybe try it. Ask questions
about it to me (maybe even here since I think it is relevent), and I
will answer them. Then, if it looks like using Jabber is a viable option
people here really want to see, I'll talk to Jeremie Miller (the head
hancho and founder) about dual-licensing it under the GPL as well. I
think that if it would get Jabber used by such a large and ambitious
project such as DotGNU and GNU itself, then I think I can convince him.

Now, the Jabelin server may not become GPL'ed. There have been a lot of
contributors, some of whom may not want the GPL. Howevere, as I said
above, it is the protocol, not the server, that makes the Jabber system.
I, and I know Jeremie, would love to see another Jabber server being
built. It would re-enforce the "Jabber is the protocol" point.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]