This plugin has two main features: any reader on your website can comment if one has an Instant Messaging address (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal acco
any reader on your website can comment if one has an Instant Messaging
address (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal
account for instance are such standard IM identifiers as well);
a subscribed user (whatever its role) can authenticate with one’s IM
address if they set their IM address.
This plugin is still in experimental state but is usable.
Detailed Process
The authentication part is something like openID, except that it uses your
existing IM address: you ask for authentication on a website, and it pops-up a
confirmation via IM (that you can accept, or refuse).
Considering that the IM protocol (XMPP) is very secure,
all the infrastructure to securely exchange an authentication request is
there. No need to make any new account, no need a special client, nor a
identity third party provider, and that’s really instantaneous (as instant
messaging) and more secure than HTTP or SMTP protocols.
Spam Protection
It adds an additional layer to protect against Spam by verifying an
identity using a very secure and modern protocol (XMPP), which also is instant,
hence much more reliable in any way than email for instance.
Secure and Easy Login
Many reasons to use such a plugin for login:
not to have to remember a new password (password-login can be disabled in
your profile, on a per-user choice);
you are in a very insecure environment (for instance a cybercafe) and consider
only your IM account to be a minimum securized. Or better, you run an IM
client on your smartphone (or a similar tool), so you would receive the query
on this personal item while never typing any kind of password on the insecure
platform where you log.
And so on.
Configuration
Publishing Account
This section contains the connection parameters of the account which will be
used as a wordpress bot. I would personnaly advice to create a dedicated account
just for it (you may also use your personal account of course, as the plugin’s
bot will create a resource identifier unique for every connection) and to
configure it to refuse any contact and communication (as noone will have to
add it to one’s roster, except you maybe for test or debugging purpose?).
The fields are:
The bot address (bare jid form: mybotname@myserveraddress);
the password.
Advanced Connection Parameters
By default xmpp-auth can use SRV records which is a recommended way to
advertize server and port from a domain name (see for instance
http://dns.vanrein.org/srv/ for details).
This is an advanced section in case your server does not use SRV AND uses a server
which is not the same as the domain from the jid or a port different from the
default one (5222).
Hence there will be very very few cases where you will have to fill this
section and if you don’t understand all what I say here, just don’t fill
anything there (if you fill even only one field, then it will be used instead
of SRV and default values).
The default values will be used if the fields are empty and no SRV is configured on
the Jabber server:
the XMPP server (often the same as ‘myseveraddress’ of the jid);
the XMPP port (usually 5222).
TODO
Features I am considering:
check quickstart (http://xmpp.org/extensions/inbox/quickstart.html). In
particular, I should at least cache DNS lookups now.
deactivate IM features when plugin not configured.
For comments, use the IM avatar of the commenter instead of gravatar;
Make various notifications usually done by email be done by IM instead (if
adequate);
Display the comment’s JID on the admin page (as we display the email
address, obviously only for administrators);
Add Scram-* to SASL package;
Make the generic XMPP part a PEAR package.
Subscribe with XMPP JID.
Login with JID or username (both possible).
If password is disabled, it also cannot be resetted.
Make user choose to receive password reset or other notification through IM
instead of email.
XMPP Features
Full Secure XML Stream with:
TLS (with real certificate verification, so confidentiality and
authentication);
SASL (Digest-MD5, CRAM-MD5 and PLAIN only for now);
SRV records “randomization” algorithm.
Contacts
You can have some news about this plugin on my freedom
haven.
You can also drop me an instant message on “hysseo” at zemarmot.net.
This website uses cookies to improve your experience. If you decide to use this website, you agree that certain cookies will be used. If you do not agree please close this website. Read moreACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
XMPP Authentication
€0
This plugin has two main features: any reader on your website can comment if one has an Instant Messaging address (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal acco
0.6
2015.09.12
10
3.2.0
4.4.30
5.00
1
Description
This plugin has two main features:
address (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal
account for instance are such standard IM identifiers as well);
address if they set their IM address.
This plugin is still in experimental state but is usable.
Detailed Process
The authentication part is something like openID, except that it uses your
existing IM address: you ask for authentication on a website, and it pops-up a
confirmation via IM (that you can accept, or refuse).
Considering that the IM protocol (XMPP) is very secure,
all the infrastructure to securely exchange an authentication request is
there. No need to make any new account, no need a special client, nor a
identity third party provider, and that’s really instantaneous (as instant
messaging) and more secure than HTTP or SMTP protocols.
Spam Protection
It adds an additional layer to protect against Spam by verifying an
identity using a very secure and modern protocol (XMPP), which also is instant,
hence much more reliable in any way than email for instance.
Secure and Easy Login
Many reasons to use such a plugin for login:
your profile, on a per-user choice);
only your IM account to be a minimum securized. Or better, you run an IM
client on your smartphone (or a similar tool), so you would receive the query
on this personal item while never typing any kind of password on the insecure
platform where you log.
Configuration
Publishing Account
This section contains the connection parameters of the account which will be
used as a wordpress bot. I would personnaly advice to create a dedicated account
just for it (you may also use your personal account of course, as the plugin’s
bot will create a resource identifier unique for every connection) and to
configure it to refuse any contact and communication (as noone will have to
add it to one’s roster, except you maybe for test or debugging purpose?).
The fields are:
Advanced Connection Parameters
By default xmpp-auth can use SRV records which is a recommended way to
advertize server and port from a domain name (see for instance
http://dns.vanrein.org/srv/ for details).
This is an advanced section in case your server does not use SRV AND uses a server
which is not the same as the domain from the jid or a port different from the
default one (5222).
Hence there will be very very few cases where you will have to fill this
section and if you don’t understand all what I say here, just don’t fill
anything there (if you fill even only one field, then it will be used instead
of SRV and default values).
The default values will be used if the fields are empty and no SRV is configured on
the Jabber server:
TODO
Features I am considering:
particular, I should at least cache DNS lookups now.
adequate);
address, obviously only for administrators);
instead of email.
XMPP Features
Full Secure XML Stream with:
authentication);
Contacts
You can have some news about this plugin on my freedom
haven.
You can also drop me an instant message on “hysseo” at zemarmot.net.
Have a nice life!