[standards-jig] Account registration and SASL

Robert Norris rob at cataclysm.cx
Sun Jun 9 10:12:33 UTC 2002

> > In the first case, perhaps the client should send a register packet
> > containing only a username, eg:
> > 
> >   <iq id='a1' type='set'>
> >     <query xmlns='jabber:iq:register'>
> >       <username>rob</username>
> >     </query>
> >   </iq>
> > 
> > The server would create an account with no credentials. The client would
> > then be required to authenticate using the PLAIN mechanism, which the
> > server would store for future logins.
> > 
> > Alternatively, the client could simply attempt to authenticate using
> > PLAIN, and if the user doesn't exist, the server creates it.

> Why are those changes better than the current mechanism?  Personally I
> think the current mechanisms are well suited to simplie open/public
> servers.  If they need to be further enhanced can x:data (JEP4) solve
> it?

Just thinking out louder. One way or another, registering directly
requires the client to send a password over the wire. There's nothing we
can do about it.


Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020609/baa51361/attachment.sig>

More information about the Standards mailing list