[Council] Small changes to JEP-0078 (Non-SASL auth)

Peter Saint-Andre stpeter at jabber.org
Tue Feb 3 10:31:56 CST 2004

On Tue, Feb 03, 2004 at 03:06:32PM +1100, Robert Norris wrote:
> I refer you to this thread in the Psi forums:
>   http://psi.affinix.com/forums/index.php?act=ST&f=2&t=1357
> I'd like to get 78 changed so that the schema requires <username>,
> <password> and <resource>. It really can't be any other way without
> breaking existing implementations, and it'd be good to get rid of the
> confusion.

If the schema requires username, password, and resource, then when I do
an IQ get to request the required fields, I must send this:

<iq type='get'>
  <query xmlns='jabber:iq:auth'>

And that makes no sense.

However, I can modify the JEP so that those three elements are required
in an IQ set.

That thread reveals a fundamental confusion for why the resource is
required for client authentication, and also reveals that people are
trying to use iq:auth to do the kinds of things that are possible in
XMPP resource binding (e.g., server assigns the resource). So I can
clear that up as well.


Peter Saint-Andre
Jabber Software Foundation

More information about the Council mailing list