[Psi-devel] JEP-0070 support
Hal Rottenberg
halr9000 at gmail.com
Fri Jun 30 08:33:42 PDT 2006
On 6/30/06, Maciek Niedzielski <machekku at uaznia.net> wrote:
> The idea is to make HTTP authentication more secure by taking advantage
> of strong XMPP authentication.
> Instead of providing normal user/password to a website, you provide your
> JID and so-called transaction identifier. Then server asks you via XMPP
> "oh, it's really you trying to access this site?". If you confirm (in
> your XMPP client), you get access to the site.
So if the http server is doing the xml, why must the client be
modified at all? Guess I'd have to see it in action, but I can
imagine a situation where I would simply get a message with an
activation code or a link to click?
What I'm getting at is that if client modifications are required then
the adoption rate will be pretty low. Hard enough to make server
changes, but ast least the cost/benefit ratio is greater.
For example Flyspray doesn't do anything special for authentication,
but account creation is done over jabber.
--
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
http://halr9000.com
More information about the psi-devel
mailing list