On 10 May 2017, at 21:45, Daniel Gultsch <dan...@gultsch.de> wrote: > 2017-05-10 22:08 GMT+02:00 Sam Whited <s...@samwhited.com>: > All this being said, I could sway either way at this point, and as an > actual client developer you probably have a better perspective on what > makes the most sense for the client ecosystem, so I defer to your > knowledge on what's best here. > > I actually was trying to make this easier for the server developers. I was > assuming that managing multiple tokens in a database is more complicated than > doing some quick calculations on one. > > One more argument for being able to generate new tokens based on a secret in > a PEP node is, that once I have that secret cached (because it was sent to me > at the beginning of the session) I can create tokens at any time without > needing a server connection right then. I can very easily come up with a lot > of scenarios in which I want to show a QR code to someone when I don't have a > connection to the server (session is hibernating) or only a very lagging one. > Or in other words I would like to avoid a spinning wheel 'generating QR code > / requesting token' before being able to invite someone.
The thing that I’m very clear should be server-side is the acceptance logic of the sub. I like the idea of the client just requesting tokens, but I can see the merit in something that can be generated offline - although I’m not sure that doing this necessitates use of PEP. /K _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
