[Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL
EXTERNAL)
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Tue Nov 28 00:53:06 CST 2006
On Monday 27 November 2006 9:36 pm, XMPP Extensions Editor wrote:
> Version 0.4 of XEP-0178 (Best Practices for Use of SASL EXTERNAL) has been
> released.
Possibly not related to this update, but I don't understand why Section 2,
Step 10 says: "The client SHOULD NOT include an authorization identity since
client-to-server authorization in XMPP is handled during resource binding."
That doesn't sound right at all. Authorization is handled in SASL, not
resource binding. Authzid is used by other SASL mechanisms, there's no
reason EXTERNAL would be different.
This also cleans up Step 11 a little bit. Case 1 would be modified to accept
any JID listed in the cert, and Case 2 could be removed (I don't see a reason
to drag the stream's 'to' attribute into play here).
-Justin
More information about the Standards-JIG
mailing list