[jdev] Google Summer of Code
Hal Rottenberg
halr9000 at gmail.com
Tue Jun 14 11:09:36 CDT 2005
On 6/14/05, Peter Saint-Andre <stpeter at jabber.org> wrote:
> > You call that a cool feature? Giving away credentials to one service, to
> > other, unrelated? I would understand using JID as userid and
> > authenticate it via Jabber (to prove it is authentic and belongs to one
> > who is to use it), but not giving my Jabber password to any other
> > service not related with my Jabber server.
>
> Yes, I think there are better approaches to single sign on. But IMHO
> some of the best approaches have not been released yet:
You are so coy. :) But to be fair, SSO != "giving your password to
another service". The way the Drupal jabber module works, you have to
trust the site with your password, which could be so easily captured
and THEN sent to the Jabber server. Real SSO would bypass the site
requesting authentication, and only give it a token that would allow
you in.
--
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
http://halr9000.com
More information about the JDev
mailing list