There is one problem with this approach -- it requires the user to give their
password to your server. A better approach might be having your server send
a one-use token to that user via XMPP, and having them enter that. Then you
can prove they own the JID without them having to sacrifice their password.
Trejkaz, can you explain more about that approach? I have found this article which is about x google token. Is that what you mean??
http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token-and-why-it-matters/
Hmm, by the way can anybody explain me about the "Web conference" (WC) concept?
I have looked it up on Wikipedia but still have some confusions about the word "Web".
- Does a WC software have to be a web-based application?
- Does the WC software have to be based on HTTP?
I'm trying to develope my own WC software. There's so many WC software providers nowadays. That would be great if users can login with his only JID and still can communicate with other users at any XMPP servers while taking part in the conference. That's what brings me to XMPP.
I'm developing a system that provides all the WC features (Slide presentations, Application sharing, Text messaging, File sharing, Whiteboard...). It's an application-based one and I just exchange data via TCP/IP by sending my data packet (include flags and serialized data), no standard protocol (except for XMPP in Authentication and sending messages).
The truth is, when i began developing this, i found there's really a problem if I wrote it as a web-based app because of the limitations of Web controls (especially for developing Application sharing and Whiteboard features). That's why my software now is an application-based and isn't based on HTTP.
So the question is : Can still my software be called a Web conference software?
