Peter, I completely agree. Writing down passwords anywhere is a bad idea, but I think the benefits greatly outweigh the risks in this case:
-- -Marcel On Do, 2016-11-03 at 12:17 -0600, Peter Saint-Andre wrote: > On 11/3/16 9:04 AM, Marcel Waldvogel wrote: > > > > Hi, > > > > we're looking into using XMPP together with (passwordless) single > > sign > > on mechanisms such as Shibboleth (SAML). > > > > As most (all?) clients only support password authentication, this > > cannot > > be used directly. Implementing Shibboleth is also not trivial, so > > it is > > unlikely we can convince a large portion of the developers to do > > so. > > > > We are therefore looking into creating per-application passwords on > > a > > web page. To make this easy, it would be nice if applications were > > to > > supported a URI like xmpp:ro...@montague.net?addaccount;password=Ju > > l13t > > <file://ro...@montague.net?addaccount;password=Jul13t>, as an > > extension > > to XEP-0147. > > > > This would be much easier to implement and would — for the user — > > make > > adding an account almost as simple as native SSO support. > > > > What do you think? > Putting passwords in URLs is a bad idea. :-) > > Peter > > > > _______________________________________________ > JDev mailing list > Info: https://mail.jabber.org/mailman/listinfo/jdev > Unsubscribe: jdev-unsubscr...@jabber.org > _______________________________________________
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
