[Members] In-Band Regiration with Jabber.org
Robert B Quattlebaum, Jr.
darco at deepdarc.com
Sat Oct 28 15:17:31 CDT 2006
On Oct 28, 2006, at 3:31 AM, Ian Paterson wrote:
> As Tomasz said those XEPs are only "Defered" because we don't
> expect anyone to implement them until the SPIM "war" begins. Coding
> up an implementation usually takes *far* less time than developing
> and agreeing a protocol. Despite their "Defered" status the content
> of those XEPs is pretty mature. So IMHO we're sufficiently prepared.
> I just checked a couple of minor changes to XEP-0158 and XEP-0159
> into CVS, and asked Peter to publish new versions of the XEPs with
> Experimental status.
> Robert, it would be great if you decide to implement these XEPs and
> XEP-0161. I expect any implementation experience or feedback you
> can provide would result in valuable additions to the documents.
> And the XMPP developer community would be even better prepared. :-)
I would be happy to help in whatever way I can, including helping to
establish some implementations of these XEPs (if for no other purpose
than to provide a test which client developers can use).
However, the issue still stands that the registration process at
Jabber.org is easily automated and abused. Based on the responses I
have received so far, it seems that people want to wait for one of
two things to happen:
1) For XEP-0158 and XEP-0159 to be implemented in ejabberd and
deployed widely across clients.
2) For someone to actually start abusing the existing registration
This *IS* going to be abused unless we fix it soon. I'm just amazed
that people aren't seeing this.
IMHO, the most realistic approach is as follows:
1. Make email verification a requirement for jabber.org account
activation. Existing accounts should be 'grandfathered' in.
2. Implement a web page for account registration for the clients
which either a) implement jabber:iq:register poorly, or b) don't
implement jabber:iq:register at all.
This would be a good start, and I think it makes everyone happy:
jabber:iq:register sticks around, and as an added bonus people can
now register accounts if their client doesn't support
jabber:iq:register at all.
I'd even go so far as to say that this should be a part of a jabber
server administration "best practices" XEP.
Jabber: darco at deepdarc.com
eMail: darco at deepdarc.com
More information about the Members