Auth only
Just some idea I'm writing down here... This is a bit like OpenID, but you use your JID.
- When logging in to the wiki you're asked for your JID instead of username/password
- the wiki sends you a message on jabber asking for login confirmation and at the same time shows a multistage auth in the browser that just contains "Click this button"
- you reply to the jabber message and accept/deny the request
- you click the button in the browser and the multistage auth continues where you left off and lets you in if you accepted on jabber
- if you click the button too early it just sends you back to the same button
This should be easy to implement with the 1.7 auth code once JabberSupport is there.
If you don't mind tieing up some server resources you could even have the server wait for the jabber response and not serve a response to the browser before some time has expired, that way in the common case where the user is quick enough with their jabber client they never have to click that continue button in the browser. Or make some ajaxy stuff.
Combining with OpenID
The whole thing gets even nicer when you combine it with the upcoming OpenID server support in Moin, then you could completely tie your OpenID to your jabber account if the request form for allowing serving the openid out to a relying party is also queried via jabber instead of shown in the browser, in the browser you'd only see a few redirects and maybe some waiting time (see above note about having the server wait for a response.)
Of course, there are probably better ways to implement an OpenID server based on jabber 
Cf. http://openid.xmpp.za.net/ (when it's up)