[Council] XEP-0178 (was: Re: Minutes 2011-04-27)

Kevin Smith kevin at kismith.co.uk
Wed May 11 14:25:26 UTC 2011


On Wed, May 11, 2011 at 3:24 PM, Kevin Smith <kevin at kismith.co.uk> wrote:
> On Wed, May 11, 2011 at 2:52 PM, Kevin Smith <kevin at kismith.co.uk> wrote:
>> On Wed, May 11, 2011 at 2:46 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>>> On 5/10/11 6:13 AM, Ralph Meijer wrote:
>>>> On Tue, 2011-05-10 at 12:18 +0100, Kevin Smith wrote:
>>>>
>>>>> 4) Update XEP-0178 (Best Practices for Use of SASL EXTERNAL with
>>>>> Certificates) with the interim version 1.1rc5
>>>>>
>>>>> Everyone to vote onlist  by 11th May (a fortnight).
>>>>
>>>> +1
>>>
>>> Ralph's is the only position I've seen expressed on XEP-0178. Anyone else?
>>>
>>> http://xmpp.org/extensions/tmp/xep-0178-1.1.html
>>>
>>> http://xmpp.org/extensions/diff/api/xep/0178/diff/1.0/vs/1.1rc6
>>
>> It's on my TODO for the next hour. I'm just cutting it quite close.
>
> "If the certificate contains more than one valid XMPP address that
> corresponds to a registered account on the server (e.g., because the
> server offers virtual hosting), then the server SHOULD allow
> authentication and authorization of the JID specified as the
> authorization identity in the SASL exchange."
>
> I *think* you can read that as saying that if I can provide a cert
> valid for both alice at wonderland.lit and lostgirl at wonderland.lit, if I
> specify hatter at wonderland.lit in my authzid, the server SHOULD log me
> in as hatter. Probably needs clarification that it needs to be an
> authzid that's present in the cert.

This is an existing block of text, I think, so this comment probably
shouldn't block publication of the new version, but it should be
fixed.

/K


More information about the Council mailing list