[jdev] "Add Account"URI?
Marcel Waldvogel
marcel.waldvogel at uni-konstanz.de
Thu Nov 3 20:05:36 UTC 2016
Peter,
I completely agree. Writing down passwords anywhere is a bad idea, but
I think the benefits greatly outweigh the risks in this case:
--
-Marcel
On Do, 2016-11-03 at 12:17 -0600, Peter Saint-Andre wrote:
> On 11/3/16 9:04 AM, Marcel Waldvogel wrote:
> >
> > Hi,
> >
> > we're looking into using XMPP together with (passwordless) single
> > sign
> > on mechanisms such as Shibboleth (SAML).
> >
> > As most (all?) clients only support password authentication, this
> > cannot
> > be used directly. Implementing Shibboleth is also not trivial, so
> > it is
> > unlikely we can convince a large portion of the developers to do
> > so.
> >
> > We are therefore looking into creating per-application passwords on
> > a
> > web page. To make this easy, it would be nice if applications were
> > to
> > supported a URI like xmpp:romeo at montague.net?addaccount;password=Ju
> > l13t
> > <file://romeo@montague.net?addaccount;password=Jul13t>, as an
> > extension
> > to XEP-0147.
> >
> > This would be much easier to implement and would — for the user —
> > make
> > adding an account almost as simple as native SSO support.
> >
> > What do you think?
> Putting passwords in URLs is a bad idea. :-)
>
> Peter
>
>
>
> _______________________________________________
> JDev mailing list
> Info: https://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20161103/32fc6303/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6431 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20161103/32fc6303/attachment-0001.bin>
More information about the JDev
mailing list