Johannes Ernst blogged about using XMPP for various digital identity concerns, such as pub-sub for rss and website changes. There is an additional best practice pattern from the XMPP space that can inform design in SOA and digital identity worlds. Peter Gutmann wrote about why XML Security is Broken and how XMPP uses S/MIME instead of XML Security for end to end signing and encryption Beyond the specific flaws addressed in Peter Gutmann's paper, I think the fundamental question is: how closely coupled should the security mechanisms be to the protocol/language.
Comments