[standards-jig] JEP-0025

Ian Paterson ian.paterson at clientside.co.uk
Tue Jan 20 09:10:40 UTC 2004

The primary reasons that we need JEP-0025 or JEP-0124 is to make XMPP work
through firewalls, and on clients that are limited to working with HTTP
connections. Although leveraging existing XML-streams code might be
desirable, it is not a primary objective.

JEP-0025 requires that XMPP client software is installed on the client
machines behind the firewall. In the real world client machines behind
firewalls are often "locked", preventing the installation of XMPP clients
(e.g. in cafes, libraries and many large corporations). This is a serious
disadvantage for the XMPP protocol, especially considering that Microsoft is
likely to build some sort of SIP/SIMPLE client into future versions of

I am a long-time HTTP/browser developer who has worked daily with Jabber
streams for the last two years. For the record, at the end of this message I
have described the minimum *necessary* changes to JEP-0025 for a Web-page
client running on a standard installation of Internet Explorer to connect
via HTTP. Happily, JEP-0124 goes further than these changes. Some of the
extra advantages of JEP-0124 from my perspective are:

1. Specifically does not require polling, (instant responses with only about
1% of the network traffic)
2. HTTP Clients are not required to implement SASL stream encryption
3. HTTP Clients are not required to deal with partial XML stanzas - all
responses can be parsed as complete valid XML documents
4. The use of XML binding is more clear and elegant


Minimum changes to JEP-0025 for a Web-page client running on a
standard installation of Internet Explorer to connect via HTTP:

1. Example 4 in JEP-0025 sets the cookie 'expires' parameter to an illegal
value: '; expires=-1'. The expires parameter is not required, so the problem
can be corrected easily if the JEP simply avoids setting the expires

2. For Internet Explorer 4, HTTP responses must have "Content-Type:
text/html", instead of "Content-Type: text/xml". This does not affect
operation since existing JEP-0025 clients generally ignore the Content-Type
header anyway.

3. The HTTP response body must be surrounded by <body> tags. e.g.
<body><message to='contact at example.com'><body>Hi

I guess that other HTTP clients (not IE) would probably also require
response stream tags to be valid XML stanzas (i.e. empty tags) e.g.:
<body><stream:stream from='example.com' id='someid' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'/></body>

More information about the Standards mailing list