內容簡介
這個外掛有兩個主要功能:
站點上的任何讀者都可以發表評論,只要他們擁有即時通訊地址(XMPP協議,也稱為Jabber。Gmail或LiveJournal帳戶等都是這樣的標準即時通訊識別符號);
已訂閱用戶(不論其角色如何)可以通過設置自己的即時通訊地址進行身份驗證。
這個外掛仍然處於實驗狀態,但是可以使用。
詳細過程
驗證部分有些像 openID,不過它使用現有的即時通訊地址:您在網站上請求驗證,它會在即時通訊上彈出一個確認信息(您可以接受或拒絕)
考慮到即時通訊協議(XMPP)非常安全,所有安全地交換身份驗證請求的基礎設施都在那裡。不需要再創建任何帳戶,不需要特殊客戶端,也不需要第三方身份證明提供者,而且它真的是瞬間的(如即時通訊),比 HTTP 或 SMTP 協議更安全。
防止垃圾郵件
它添加了一個額外的層,通過驗證身份使用一個非常安全和現代的協議(XMPP),這也是即時的,因此比電子郵件更可靠。
安全且易於登錄
使用此外掛進行登錄的許多原因:
不需要記住新密碼(可以在個人資料中關閉密碼登錄,根據每個用戶的選擇);
你身處一個非常不安全的環境(例如一家網吧),只考慮你的即時通訊帳戶是最小程度的安全。或者更好的是,在你的智能手機(或類似工具)上運行即時通訊客戶端,當你從未在不安全的平台上輸入任何類型的密碼時,你會在這個個人物品上接收查詢。
等等。
配置
發佈帳戶
此部分包含將用作wordpress機器人的帳戶的連接參數。我個人建議為它創建一個專門的帳戶(當然也可以使用個人帳戶,因為外掛的機器人會為每個連接創建一個唯一的資源識別符號),並將其配置為拒絕任何聯繫和通訊(因為除了您之外沒有人需要將它添加到自己的花名冊中,您可能只是用於測試或調試目的)。
這些字段是:
機器人地址(bare jid形式:mybotname@myserveraddress);
密碼。
高級連接參數
xmpp-auth 默認可以使用SRV記錄,這是從域名(例如http://dns.vanrein.org/srv/的建議方式)廣告化的服務器和端口。
如果你不理解我說的所有東西,那麼這是一個進階部分,在你的服務器不使用 SRV 的情況下,並且使用的服務器不是 jid 的域名或端口不同於默認端口(5222),才會用到這裡。
因此,只有當這些字段是空的且 Jabber 服務器上沒有配置 SRV 時,才會使用默認值:
XMPP服務器(通常與 jid 的 myseveraddress 相同);
XMPP端口(通常是5222)。
外掛標籤
開發者團隊
原文外掛簡介
This plugin has two main features:
any reader on your website can comment if one has an Instant Messaging
address (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal
account for instance are such standard IM identifiers as well);
a subscribed user (whatever its role) can authenticate with one’s IM
address if they set their IM address.
This plugin is still in experimental state but is usable.
Detailed Process
The authentication part is something like openID, except that it uses your
existing IM address: you ask for authentication on a website, and it pops-up a
confirmation via IM (that you can accept, or refuse).
Considering that the IM protocol (XMPP) is very secure,
all the infrastructure to securely exchange an authentication request is
there. No need to make any new account, no need a special client, nor a
identity third party provider, and that’s really instantaneous (as instant
messaging) and more secure than HTTP or SMTP protocols.
Spam Protection
It adds an additional layer to protect against Spam by verifying an
identity using a very secure and modern protocol (XMPP), which also is instant,
hence much more reliable in any way than email for instance.
Secure and Easy Login
Many reasons to use such a plugin for login:
not to have to remember a new password (password-login can be disabled in
your profile, on a per-user choice);
you are in a very insecure environment (for instance a cybercafe) and consider
only your IM account to be a minimum securized. Or better, you run an IM
client on your smartphone (or a similar tool), so you would receive the query
on this personal item while never typing any kind of password on the insecure
platform where you log.
And so on.
Configuration
Publishing Account
This section contains the connection parameters of the account which will be
used as a wordpress bot. I would personnaly advice to create a dedicated account
just for it (you may also use your personal account of course, as the plugin’s
bot will create a resource identifier unique for every connection) and to
configure it to refuse any contact and communication (as noone will have to
add it to one’s roster, except you maybe for test or debugging purpose?).
The fields are:
The bot address (bare jid form: mybotname@myserveraddress);
the password.
Advanced Connection Parameters
By default xmpp-auth can use SRV records which is a recommended way to
advertize server and port from a domain name (see for instance
http://dns.vanrein.org/srv/ for details).
This is an advanced section in case your server does not use SRV AND uses a server
which is not the same as the domain from the jid or a port different from the
default one (5222).
Hence there will be very very few cases where you will have to fill this
section and if you don’t understand all what I say here, just don’t fill
anything there (if you fill even only one field, then it will be used instead
of SRV and default values).
The default values will be used if the fields are empty and no SRV is configured on
the Jabber server:
the XMPP server (often the same as ‘myseveraddress’ of the jid);
the XMPP port (usually 5222).
TODO
Features I am considering:
check quickstart (http://xmpp.org/extensions/inbox/quickstart.html). In
particular, I should at least cache DNS lookups now.
deactivate IM features when plugin not configured.
For comments, use the IM avatar of the commenter instead of gravatar;
Make various notifications usually done by email be done by IM instead (if
adequate);
Display the comment’s JID on the admin page (as we display the email
address, obviously only for administrators);
Add Scram-* to SASL package;
Make the generic XMPP part a PEAR package.
Subscribe with XMPP JID.
Login with JID or username (both possible).
If password is disabled, it also cannot be resetted.
Make user choose to receive password reset or other notification through IM
instead of email.
XMPP Features
Full Secure XML Stream with:
TLS (with real certificate verification, so confidentiality and
authentication);
SASL (Digest-MD5, CRAM-MD5 and PLAIN only for now);
SRV records “randomization” algorithm.
Contacts
You can have some news about this plugin on my freedom
haven.
You can also drop me an instant message on “hysseo” at zemarmot.net.
Have a nice life!