[Standards] Authorization over HTTP
Tomasz Sterna
tomek at xiaoka.com
Thu Nov 8 06:25:04 CST 2007
Dnia 07-11-2007, Śr o godzinie 15:33 -0800, anders conbere pisze:
> Example work flow
> ==============
>
> User = user logging into a web application
> Consumer = The Web Application
> Service Provider = Users Jabber Server
>
> Use requests access to an xmpp api from the Consumer
> Consumer redirects the user to the Service Provider
> The User enters their credentials into the Service Provider
> The Service Provider posts back to the Consumer with a unique access
> token
> The Consumer then make the xmpp api call to the Service Provider with
> the unique token granted to it.
>
> Future request for data from the Consumer would be done with the
> token, and provided access to the restricted api's
If I understand correctly, what you are describing is
OpenID authorized by XMPP.
It is already in use. Please see http://openid.xmpp.za.net/
--
/\_./o__ Tomasz Sterna
(/^/(_^^' Xiaoka.com
._.(_.)_ XMPP: smoku at xiaoka.com
More information about the Standards
mailing list