[webteam] We are popular
Grégoire Menuel
gregoire.menuel at gmail.com
Sat Apr 26 16:40:42 CDT 2008
Le samedi 26 avril 2008, Alexander Jones a écrit :
> Of course this is more optimally done with a proper XEP and client
> support, but baby steps...
This seems really similar to what DIAS can do (http://weeno.net/dias/), which
is also similar to http://www.xmpp.org/extensions/xep-0101.html. DIAS allows
to ask a ticket to an entity, and to use it to authenticate on a web site (or
on any other type of connection).
It is IMHO better than XEP 70, because it is not the web server that ask the
user to confirm his identity, but the other way around.
I have done an implementation of DIAS for testing purpose, my implementation
uses a method similar to kerberos (encrypted ticket, which can only be read
with the good key, this way the only information that must be shared between
the ticket provider and the web server is this key). If someone is interested
I can publish my work.
Regards,
--
Grégoire Menuel
xmpp:omega at im.apinc.org
GPG: 1024D/D3BF3B20
More information about the webteam
mailing list