On 13 Dec 2010, at 11:46, Simon Tennant (buddycloud) wrote:
On 13/12/2010 12:39, Christoph Terwelp wrote:
XEP-0070 doesn't solve this problem because it only handles
authentication of a client to a server. Here a authentication at
the xmpp server itself is required but without showing the users id
and password to an intermediate web server. Something similar is
done for example in "Remember the milk" where you can manage
external websites and clients and their access rights to your
account.
Right - it's the intermediate websites asking for users' password
that worries me.
I'm not so keen on $RANDOM-WEBSITE asking for buddycloud user's
passwords. But I see no solution.
The Enterprise SSO market has a number of solutions for this problem.
Systems like Cosign, WebAuth and Shibboleth allow credentials to be
entered at a single, secure location, and then redirect the user back
to the intermediate website.
S.
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
