[Standards] Re: LAST CALL: XEP-0388 (Extensible SASL Profile)

18 Mar 2024

...
   However it
does lack any way to support indicating to the server
 which
 credential will be used, other than perhaps by implication from the SASL
 mechanism.

 That's not the purview of a SASL profile. If a SASL mechanism supports
multiple credentials, that's entirely encapsulated within that mechanism. 
Except that it is not. For example all of the SCRAM-SASL-* profiles can 
easily support authentication with any of the passwords on an account, but 
they need to know in advance which one is being used. So SASL mechanism is 
insufficient for selecting credential by itself.

The same goes for the HT-* token mechanisms.

2024

2023

[Standards] Re: LAST CALL: XEP-0388 (Extensible SASL Profile)