[Members] signin-to-browser initial architecture proposal
jehan at zemarmot.net
jehan at zemarmot.net
Wed May 2 14:45:28 UTC 2012
I just wanted to point out an implementation of XMPP as identity
mechanism in a website that I wrote. This is done as a Wordpress plugin
(and I already use it quite successfully on a few Wordpress
installations, so well that I even deactivated authentication by
password for my user!).
And I have to say this is a very comfortable way to log-in, very smooth
and much more comfortable than browserID (or anything email related).
Obviously if we could have XMPP embedded in a browser, that would be
even smoother because we would not even have to click anything (the
browser would automatically acknowledge an auth request that was
initiated through it).
Also that's obviously much more secure than something email based.
I also use this same plugin for comment authorization. Rather than
asking an email (which means nothing, you can enter whatever), or
waiting for admin verification/anti-spam, we can ask for a JID and check
it is actually the real user JID.
There are many close usage that could be made through it in the future,
like giving authorization to access other personal data (oauth like),
But we would need to write the XEP for this part (I don't think having
seen any about this, but I have not seen all!). And of course fix the
current XEP for auth. Also we would need to display real demos (like my
plugin!) to show something concrete and understandable to users (which
is why I proposed once to have this plugin on xmpp.org website so that
we could finally have easy but safe commenting there!).
Anyway all this to say I obviously agree that should be nice to push
this on browser.
And I am happy to help with spec and code with all this if we have some
nice project going on. :-)
I can adapt my plugin if needed to have it demo-ing on xmpp.org, I can
even give the copyright to the XSF. I do this because I believe that's
the way to go, not glory or whatever (anyway can one have glory with
such thing? uhuh).
Le 2012-05-02 23:25, Arc Riley a écrit :
> Ive had a few conversations with Dan Callahan (who was just hired by
> Mozilla to work on BrowserID) about using XMPP as an identity
> mechanism. He seemed receptive to the idea.
> Personally Id like to see this go a lot further than identity but
> thered need to be a lot of work on defining a standard security model
> for allowing websites to (eg) send messages on behalf of a user,
> Id like to point out that XMPP is already getting integrated with
> browsers, but not in the way wed prefer - Google is integrating
> gTalk/Hangouts with Chrome and pushing it as a plugin to gmail/g+
More information about the Members