[Standards-JIG] JID assigned by the server and SASL authentication

CORVOYSIER David FTRD/DMI/REN david.corvoysier at francetelecom.com
Tue Jun 15 13:28:03 UTC 2004


Thanks for the answer. 
I tried to describe the stanza flows for both use cases.

UC #1:
SASL EXTERNAL (assuming that the phone number is retrieved on a lower
level).

C >> S

<stream:stream
    xmlns='jabber:client'
    xmlns:stream='http://etherx.jabber.org/streams'
    to='example.org'
    version='1.0'>

C << S

<stream:stream
    xmlns='jabber:client'
    xmlns:stream='http://etherx.jabber.org/streams'
    id='c2s_234'
    from='example.org'
    version='1.0'>

C << S

<stream:features>
  <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
    <mechanism>DIGEST-MD5</mechanism>
    <mechanism>EXTERNAL</mechanism>
  </mechanisms>
</stream:features>

Now we are supposed to put the authzid in the initial response, that MAY
be included in the 'auth' command.
I couldn't find a description of the response containing the authzid,
but since an empty initial response is just '=', I imagine it should be
something like:

C >> S

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
      mechanism='EXTERNAL'>authzid='alice at example.org'</auth>

Then the server checks the association between the phone number and the
provided JID.

C << S

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

UC #2:
SASL EXTERNAL + resource binding

...

C >> S

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
      mechanism='EXTERNAL'>=</auth>

No authzid provided: the server retrieves the JID that is associated
with the underlying phone number.

C << S

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

The JID is sent back during the resource binding step.

...

C >> S

<iq type='set' id='bind_1'>
  <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/>
</iq>

C << S

<iq type='result' id='bind_1'>
  <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
    <jid>alice at example.org/someresource</jid>
  </bind>
</iq>

Is it what you meant or am I wrong again ?

David CORVOYSIER



More information about the Standards mailing list