[Standards] MUC Spam and MUC invites

Dave Cridland dave at cridland.net
Wed Sep 5 22:24:31 UTC 2007


On Wed Sep  5 18:34:51 2007, Alex Mauer wrote:
> Perhaps include a token in the invite?  Give the token to the room,  
> and
> then the invitee would include that token when joining?  This would  
> have
> a couple of benefits:  It would be possible to invite someone to a
> password-protected room without revealing the password, and also to
> invite someone to a members-only room without making them a member.
> 
> 
Ah, that's a plan. Pawn ticket technologies have been deployed in  
Lemonade's forward without download stuff, so there's some prior art  
we can draw on. Take a look at the URLAUTH RFC, erm, RFC 4467.

That model would have the room supply the token for the use of the  
invitee, so there's an additional round-trip involved, but it's  
nicely secure.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list