[xwiki-devs] Storing third-party credentials in user profiles

Hello devs, I'm trying to figure out a "clean" way of storing third-party applications credentials in a XWiki user profile. My use case is the following (and I believe such use cases will continue to occur as we offer more web-services integration). We want XWiki Workspaces users to be able to update their twitter status too when posting an update on a workspace "workstream", just checking a box. First time they would be asked for their twitter credentials, but for the following ones, it be nice not to ask. A possible way I want to propose is to encrypt the username/password couple (for example, represented under their base-64 form since twitter API requires basic authentication) through a cipher, using a secret key based on a combination of the user XWiki password hash and a secret parameter located in xwiki.cfg. This way, programming rights or physical access to xwiki.cfg would be required to decrypt the login/passwd. If the user changes his XWiki password, thus the hash, or if the secret parameter value is changed, the user would be asked to enter is credentials again (In fact, as soon as the service authentication fails). WDYT ? Are there cleaner/more secured ways of doing this ? Thanks for your inputs, Jerome.