On 6/14/05, Peter Saint-Andre <[EMAIL PROTECTED]> wrote: > > You call that a cool feature? Giving away credentials to one service, to > > other, unrelated? I would understand using JID as userid and > > authenticate it via Jabber (to prove it is authentic and belongs to one > > who is to use it), but not giving my Jabber password to any other > > service not related with my Jabber server. > > Yes, I think there are better approaches to single sign on. But IMHO > some of the best approaches have not been released yet:
You are so coy. :) But to be fair, SSO != "giving your password to another service". The way the Drupal jabber module works, you have to trust the site with your password, which could be so easily captured and THEN sent to the Jabber server. Real SSO would bypass the site requesting authentication, and only give it a token that would allow you in. -- Psi webmaster (http://psi-im.org) im:[EMAIL PROTECTED] http://halr9000.com _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
