Mastodon + XMPP + SIP
Published:
This is an idea. I haven’t looked at actually doing it yet, but I might.
Mastodon needs complimentary instant messaging and I’ve been thinking about how this might be achieved. XMPP and SIP are great federated protocols and it’s possible to use the same domain used for Mastodon for these through SRV records.
Authentication for XMPP and SIP is based on passwords. Mastodon could be extended to write out password hashes to a database to have one password for each service per device. You could then have those servers query the database and check password hashes. I’m not sure what the security properties of this would be compared to OAuth, but I think it’s similar just without the in-band setup.
I’m told there was previously an attempt to build out a social network on top of XMPP which sounded interesting, but OStatus seems to have won in this space. Still, if it’s possible for Mastodon to control authentication for the XMPP server, temporary passwords could be created for access from a web client embedded in the Mastodon frontend to provide federated real-time chat.
Adding users to your roster would likely need to be a seperate step (which would perhaps be beneficial to those that don’t want to chat with everyone they follow). The actual level of integration may vary between instances and that’s perfectly fine, implementations would need to consider this.
Presence information (online/offline status) would perhaps raise privacy concerns and so information would need to be conveyed to users about possible implications.
I’m not sure whether to start off with the backend work or the frontend work either. It would be possible for one to exist without the other entirely, you could link an XMPP account to your Mastodon account and use an external service, or you could only create the XMPP account from Mastodon and use only external clients.
If this is something that interests you, I’d be happy to have a discussion about it. On Mastodon I am @irl@mastodon.technology.