[Standards] resource identifiers: a summary

Chris Mullins chris.mullins at coversant.net
Fri Jun 1 15:36:31 CDT 2007 

For your case, you might want to take a look at the Service XEP:
http://www.xmpp.org/extensions/inbox/dix.html

I still owe Peter something in order to get this finished off, but
bugger if I can remember what it was...

--
Chris Mullins

-----Original Message-----
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On
Behalf Of Andrew Plotkin
Sent: Friday, June 01, 2007 1:19 PM
To: XMPP Extension Discussion List
Subject: Re: [Standards] resource identifiers: a summary

On Thu, 31 May 2007, Peter Saint-Andre wrote:

> Here is a summary of the recent thread about resource identifiers...
>
> 6. Allowing a client to specify the resource identifier is not evil
and 
> should not be disallowed. So I am not arguing that a server MUST
generate the 
> resource identifer or override a resource identifier provided by the
client 
> during resource binding. As long as client developers understand the
risks 
> involved, let them do what they've always done. But we need to add
something 
> about this to the security considerations in rfc3920bis and perhaps 
> rfc3921bis.

Our game system uses *well-known* resource IDs for IQ-based (bot) 
services. We're treating it as a feature, not merely a byproduct of poor

security.

We have a service running at bookkeeper at volity.net/volity. We want to 
always have that full address (including resource string), because its 
purpose is to accept IQs (disco and XML-RPC) from clients. If we got a 
random resource every time the bot restarted, our lives would be harder
-- 
we'd have to do additional negotiation. (Either require every client to 
add the bookkeeper to roster, or do a round of <message> to establish
the 
resource ID.)

Is the well-known ID (for a particular JID) a legitimate use case? Or 
should we be handling this some other way?

--Z

-- 
"And Aholibamah bare Jeush, and Jaalam, and Korah: these were the
borogoves..."
*
"Bush has kept America safe from terrorism since 9/11." Too bad his
job was to keep America safe *on* 9/11.

More information about the Standards mailing list