[standards-jig] In-Band Registration and DoS protection
julian at jabber.org
Thu Jan 15 18:39:20 UTC 2004
On 15 Jan, 2004, at 13:08, Tomasz Sterna wrote:
> W liście z śro, 14-01-2004, godz. 22:23, Thomas Muldowney pisze:
> They have the option (or even Wizard) to register during client setup,
> but it does not work... They complain.
>> A lot of the other networks use web based interfaces to sign
>> up for user accounts.
> :-) I cannot name even one.
> Maybe I don't know that many. Poland is very specific with IM.
AIM, ICQ (it has both), MSN, Yahoo!.. any of those ring a bell?
I do think web-based registration is the way to go. I no longer trust
client developers to be able to come up with a decent way to register,
and so much more could be done. We only need to develop *one* web-based
registration system on jabber.org.. that could register with any server
the user chooses (we could even give them a much easier way to choose
than currently exists in clients). See, the web site can just use the
In-Band Registration that clients currently use--that means it can
connect to *any* server which supports that or any future protocol for
registration and deal with it appropriately. People who want to could
install this system elsewhere, but it's not like every server needs to
have a web site.
I think that a really concerted effort spent *once* to develop a really
really good web-based registration system could help us a lot in the
long run. Just think of all of the additional checks and server choices
and things like that that could be built in. It's a level of complexity
that we do not want to have to stick in clients--most clients refer to
a web site with a list of servers anyway!
A single page to go to to register for any Jabber server would also
help Jabber's image with the general public--it will feel more
centralized and friendly to use any server. Businesses and the like can
install the web registration internally or just use/develop clients
that do IBR as it currently exists...
More information about the Standards