> On 31-Oct-09, at 3:10 PM, Evan Prodromou wrote: >> Craig Andrews wrote: >>> I would like to make a command called "login." The command takes no >>> parameters, and returns a URL that logs the user in. >>> >> Why? > > Actually, I'm kind of in support of this. > I personally always have the XMPP interface up and only go to the web > interface when I need to do something that isn't supported in XMPP. > In this case it'd be great to be able to use one of the already open > and authenticated channels to create another.
That's what I was thinking. It's just another way to use an already trusted method to log into the web - just like OpenID or username/password. > > I also have at least 3 account in XMPP at all times, and I often log > in and out of each in turn as need arises. > This would significantly speed up this process. > > Also, as a last point there are people who can't log in to their > accounts because they've forgotten the password or something, but > they still have access to the XMPP. > So, they can use their account for things like reading and posting, > but can't get on to the web interface without using the request > password link. > Of course, this would require that someone who logs in via XMPP would > be able to reset their password without knowing their old ones. I would like to add this capability in the future. > I'm not sure if this is a security hole or not, but I think it could > be really useful for me personally. > >From XMPP, the user can already post notices, mark favorites, and things like that, which are the core StatusNet activities, so I'd say we already trust it. Therefore, adding login behavior would not damage security - we're just providing another command in an already secure channel. ~Craig _______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
