OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-568) Authentication

    [ https://issues.oasis-open.org/browse/MQTT-568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=78114#comment-78114 ] 

Ian Craggs commented on MQTT-568:
---------------------------------

OK. I think I know how to make this work.
 * the connect packet contains a flag to indicate that an AUTH packet is going to be sent to the server.
 * Even if that flag is not set, the server can send an AUTH packet to the client.
 * The AUTH packet contains two pieces of information, similar to the MQTT 5.0 AUTH packet.
 ## An authentication method string
 ## Authentication data (binary)
 * Typically, the mechanisms to be used will be in those defined in the SASL ([https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer)] registry.
 * For example, to use userid/password authentication, the method would be PLAIN and the contents of the data as defined in [https://tools.ietf.org/html/rfc4616:|https://tools.ietf.org/html/rfc4616]

The mechanism consists of a single message, a string of [
[UTF-8|https://tools.ietf.org/html/rfc4616#ref-UTF-8]
]encoded [
[Unicode|https://tools.ietf.org/html/rfc4616#ref-Unicode]
] characters, from the client to the server.  The client presents the authorization identity (identity to act as),   followed by a NUL (U+0000) character, followed by the authentication identity (identity whose password will be used), followed by a NUL(U+0000) character, followed by the clear-text password.  As with other SASL mechanisms, the client does not provide an authorization identity when it wishes the server to derive an identity from thecredentials and use that as the authorization identity.
Â

Consideration: if we wanted to save data, the authentication method could be a one byte value, but then the meaning of that byte to SASL mechanism string would have to be defined. It could be left up to the implementation, but that would limit application portability.

Â

Â

> Authentication
> --------------
>
>                 Key: MQTT-568
>                 URL: https://issues.oasis-open.org/browse/MQTT-568
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: MQTT-SN
>    Affects Versions: MQTT-SN-1.2
>            Reporter: Ian Craggs
>            Assignee: Ian Craggs
>            Priority: Major
>
> Authentication has been raised as an important omission.Â
> Mirroring the MQTT 5.0 AUTH packet seems like a good idea.



--
This message was sent by Atlassian Jira
(v8.3.3#803004)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]