On 19 Dec 2007, at 23:56, anders conbere wrote:
On Dec 19, 2007 10:44 AM, Alex Jones <[EMAIL PROTECTED]> wrote:
I envisage going to a website, clicking "Authenticate via XMPP",
having my browser and my XMPP client do some IPC magic and prompt me
to choose an identity (i.e. a JID) for which to authenticate as, and
then be authenticated with the website.
These methods appear to me to be just as misguided. I don't consider
it particularly likely that any significant portion of the installed
browser base will include support for xmpp authentication.
This, of course, is not a requirement. Much like XEP-70's hint that
unsupporting clients can simply have their users send an "OK" message
back, I see no problem with a "manual" token exchange (maybe even
initiated by xmpp URIs) being a fallback mechanism.
I think a
better solution would be to look at how jabber servers can begin to
integrate a basic http endpoint for digesting http requests. At least
in the foreseeable future in order to do authentication over the web
we need to think of ways to work over http.
Could you clarify this point, please?
Thanks
