[Standards-JIG] Another SASL question: "simple username" and JID assigned by the server

CORVOYSIER David FTRD/DMI/REN david.corvoysier at francetelecom.com
Tue Jun 15 14:34:30 UTC 2004

Let's imagine the following use case:

Alice is a registered user of the rabbit-hole.org portal. When she
registered, she provided her email address as a login and chose a
password (let's say it was alice at wonderland.org/chester_cat).

Rabbit-hole.org adds jabber support to their portal and offers alice a
jabber account. They don't want to disturb alice by asking for another
username, so they decide to assign her a JID automatically.
Unfortunately, they cannot use the email address as the username, so
alice now has a JID whose left part does not correspond to her username
(more, she doesn't know her JID).

I know this may look a bit weird, but believe me these things can happen

Now, in XMPP-Core, it is stated that:

If provision of a "simple username" is supported by the selected SASL
mechanism (e.g., this is supported by the DIGEST-MD5 and CRAM-MD5
mechanisms but not by the EXTERNAL and GSSAPI mechanisms), during
authentication the initiating entity SHOULD provide as the simple
username its sending domain (IP address or fully qualified domain name
as contained in a domain identifier) in the case of server-to-server
communications or its registered account name (user or node name as
contained in an XMPP node identifer) in the case of client-to-server

So my question is: since it is a SHOULD, is it allowed to authenticate
by providing a simple username that is not the left part of the JID
without specifying a valid JID in the authzid (in that case the server
is responsible for retrieving the JID)?

If it is not allowed, I bet the other option would be to get some
credentials from the portal and authenticate using external ?

David Corvoysier

More information about the Standards mailing list