Dnia 09-11-2007, Pt o godzinie 09:15 +0000, Kevin Smith pisze: > a way to authenticate a third party as you, without > revealing your credentials to them.
This is not the way to go. I would not trust a third party, for full access to all my server data. Correct way to go, is to allow a third party access to encapsulated parts of the user data. Permanent, time-framed or one-time. And this is what OpenID was designed for and is good at. One just need to allow "roster read access", "vcard read access" right for the requesting site and it's done. This would require OpenID frontend to jabberd server data. Easy thing to implement. What we could design though, is XMPP based transport for OpenID requests between servers. But IIUC the main PITA is XMPP usage, because it's easier and more natural for web servers to talk HTTP not XMPP. -- /\_./o__ Tomasz Sterna (/^/(_^^' Xiaoka.com ._.(_.)_ XMPP: [EMAIL PROTECTED]