[Standards] Authorization over HTTP

Tomasz Sterna tomek at xiaoka.com
Thu Nov 8 12:25:04 UTC 2007


Dnia 07-11-2007, Śr o godzinie 15:33 -0800, anders conbere pisze:
> Example work flow
> ==============
> 
> User = user logging into a web application
> Consumer = The Web Application
> Service Provider = Users Jabber Server
> 
> Use requests access to an xmpp api from the Consumer
> Consumer redirects the user to the Service Provider
> The User enters their credentials into the Service Provider
> The Service Provider posts back to the Consumer with a unique access
> token
> The Consumer then make the xmpp api call to the Service Provider with
> the unique token granted to it.
> 
> Future request for data from the Consumer would be done with the
> token, and provided access to the restricted api's

If I understand correctly, what you are describing is
OpenID authorized by XMPP.

It is already in use. Please see http://openid.xmpp.za.net/


-- 
  /\_./o__ Tomasz Sterna
 (/^/(_^^'  Xiaoka.com
._.(_.)_  XMPP: smoku at xiaoka.com




More information about the Standards mailing list