On Wed Sep 5 18:34:51 2007, Alex Mauer wrote:
Perhaps include a token in the invite? Give the token to the room,
and
then the invitee would include that token when joining? This would
have
a couple of benefits: It would be possible to invite someone to a
password-protected room without revealing the password, and also to
invite someone to a members-only room without making them a member.
Ah, that's a plan. Pawn ticket technologies have been deployed in
Lemonade's forward without download stuff, so there's some prior art
we can draw on. Take a look at the URLAUTH RFC, erm, RFC 4467.
That model would have the room supply the token for the use of the
invitee, so there's an additional round-trip involved, but it's
nicely secure.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
