Right now, all requests require a callback with a token. user a@a.com sends a request to b@b.com with a generated token. b@b.com then sends a verification request back with that token to a@a.com, and a@a.com sends back true, and b@b.com completes the request.
Which, if I'm not mistaken, is very similar to how XMPP does it.
The protocol also tries and minimizes the amount of actions that a third party node can take. You only trust your own node to take actions on your behalf.
Which, if I'm not mistaken, is very similar to how XMPP does it.
The protocol also tries and minimizes the amount of actions that a third party node can take. You only trust your own node to take actions on your behalf.