[standards-jig] UPDATED: JEP-0078 (Non-SASL Authentication)

Peter Saint-Andre stpeter at jabber.org
Tue Feb 3 17:34:54 UTC 2004

I've updated JEP-0078 (Non-SASL Authentication) to clarify that both
username and resource are REQUIRED for client authentication (it seems
there was some confusion on this point). In particular, I have added 
the following paragraph:

   Both the username and the resource are REQUIRED for client
   authentication using the 'jabber:iq:auth' namespace; if more 
   flexible authentication and resource provisioning are desired, 
   a server SHOULD implement SASL authentication and resource 
   binding as defined in XMPP Core (e.g., to enable the server 
   to provide the resource). The <username/> and <resource/> 
   elements MUST be included in the IQ result returned by the 
   server in response to the initial IQ get, and also MUST be 
   included in the IQ set sent by the client when providing
   authentication credentials.

The latest version is now 1.4:



Peter Saint-Andre
Jabber Software Foundation

More information about the Standards mailing list