[Council] XEP-0178 (was: Re: Minutes 2011-04-27)

Kevin Smith kevin at kismith.co.uk
Wed May 11 14:24:44 UTC 2011


On Wed, May 11, 2011 at 2:52 PM, Kevin Smith <kevin at kismith.co.uk> wrote:
> On Wed, May 11, 2011 at 2:46 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> On 5/10/11 6:13 AM, Ralph Meijer wrote:
>>> On Tue, 2011-05-10 at 12:18 +0100, Kevin Smith wrote:
>>>
>>>> 4) Update XEP-0178 (Best Practices for Use of SASL EXTERNAL with
>>>> Certificates) with the interim version 1.1rc5
>>>>
>>>> Everyone to vote onlist  by 11th May (a fortnight).
>>>
>>> +1
>>
>> Ralph's is the only position I've seen expressed on XEP-0178. Anyone else?
>>
>> http://xmpp.org/extensions/tmp/xep-0178-1.1.html
>>
>> http://xmpp.org/extensions/diff/api/xep/0178/diff/1.0/vs/1.1rc6
>
> It's on my TODO for the next hour. I'm just cutting it quite close.

"If the certificate contains more than one valid XMPP address that
corresponds to a registered account on the server (e.g., because the
server offers virtual hosting), then the server SHOULD allow
authentication and authorization of the JID specified as the
authorization identity in the SASL exchange."

I *think* you can read that as saying that if I can provide a cert
valid for both alice at wonderland.lit and lostgirl at wonderland.lit, if I
specify hatter at wonderland.lit in my authzid, the server SHOULD log me
in as hatter. Probably needs clarification that it needs to be an
authzid that's present in the cert.

/K


More information about the Council mailing list