[Standards] MUC Spam and MUC invites
Dave Cridland
dave at cridland.net
Wed Sep 5 17:24:31 CDT 2007
On Wed Sep 5 18:34:51 2007, Alex Mauer wrote:
> Perhaps include a token in the invite? Give the token to the room,
> and
> then the invitee would include that token when joining? This would
> have
> a couple of benefits: It would be possible to invite someone to a
> password-protected room without revealing the password, and also to
> invite someone to a members-only room without making them a member.
>
>
Ah, that's a plan. Pawn ticket technologies have been deployed in
Lemonade's forward without download stuff, so there's some prior art
we can draw on. Take a look at the URLAUTH RFC, erm, RFC 4467.
That model would have the room supply the token for the use of the
invitee, so there's an additional round-trip involved, but it's
nicely secure.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards
mailing list