HomeForumsSupportFeature requests

Login /Authentication information

Wed, 05/14/2008 - 18:41 — gtandon

I think it will be useful to have an Intent to manage and retrieve login information tied with client-server type applications . Users cannot be expected to type this info every single time, especially with an "Always On" mindset.

Ofcourse users may have different usernames and passwords on different servers and there would need to be a *safe and secure* way to pull these out and associate to an application.

Users may also have their personal information stored on the phone, which is required many times to create/validate web based accounts. There might be some value in exposing this thru an Intent as well.

‹ Greater integration with web services
Fri, 09/05/2008 - 11:04 — peli

Login / authentication

Good idea! It does not seem to be an easy problem though, if one really wants to make it secure. One of the problems I see is that any application could in principle call such an intent to retrieve a password. How would the password provider know which are trusted applications and which are not?

Maybe it should be more like a connection service? The application never gets to read the password, but asks for a connection - which is then granted by the connection service. I don't know if this would be more secure, or if this would introduce even more loopholes?

Peli