On Cz, 2007-12-20 at 15:16 -0800, anders conbere wrote: > Ah I think there's some confusion here. When I say "jabber server > requests user credentials" I really mean that it expects an http post > with jid and password in it.
I would NEVER give my jabber account password to some site out there! That's why token authentication systems like Kerberos or OpenID were designed. You give a thirdparty only your ID. You do not give it your full credentials (like password). You give it only to your trusted authentication provider(jabber server or OpenID server) to prove that you are you, and it tells the thirdparty, that you proved that you are you, and it may let you in. -- /\_./o__ Tomasz Sterna (/^/(_^^' Xiaoka.com ._.(_.)_ XMPP: [EMAIL PROTECTED]
