Platinum sponsors
Secure plaintext transmission
The transmission of plaintext passwords is needed by some services. This is not a nice thing and should be replaced by a more secure solution. While those services need the original plaintext password the transmission can be secured by using a public key encryption (e.g. RSA). Volunteers are very much welcome.
The solution have to use JavaScript to encrypt the password in the login form before it will be transmitted, similar to the currently used md5 encryption. Using a public key encryption make this possible. The login form with the public key will be transported over the internet and an attacker (man in the middle) can see the key, but it will not help him. The decryption can be done on the host only. This is like PGP and GPG works.
So we need a JavaScript encryption and a PHP decryption solution which uses RSA or a similar public key encryption.
I haven't found a full solution for this problem but here are some links which solve parts of the problem, maybe.
http://home.zonnet.nl/MAvanEverdingen/Code/
http://shop-js.sourceforge.net/crypto2.htm
http://www.codeproject.com/jscript/JscriptRSA.asp
Create/Update user record API
This is useful for services which connects to external resources and need to create a local user record. This will come in a next version.
API for external user data storage
This introduces a new API for user data handling to make it possible to use external resources to store the user record. Nothing definite planned here.
