[jdev] oAuth equivalent for for XMPP?
Simon Wilkinson
sxw at inf.ed.ac.uk
Mon Dec 13 05:50:20 CST 2010
On 13 Dec 2010, at 11:46, Simon Tennant (buddycloud) wrote:
> On 13/12/2010 12:39, Christoph Terwelp wrote:
>> XEP-0070 doesn't solve this problem because it only handles
>> authentication of a client to a server. Here a authentication at
>> the xmpp server itself is required but without showing the users id
>> and password to an intermediate web server. Something similar is
>> done for example in "Remember the milk" where you can manage
>> external websites and clients and their access rights to your
>> account.
> Right - it's the intermediate websites asking for users' password
> that worries me.
>
> I'm not so keen on $RANDOM-WEBSITE asking for buddycloud user's
> passwords. But I see no solution.
The Enterprise SSO market has a number of solutions for this problem.
Systems like Cosign, WebAuth and Shibboleth allow credentials to be
entered at a single, secure location, and then redirect the user back
to the intermediate website.
S.
More information about the JDev
mailing list