[Standards-JIG] Re: SASL Anonymous
jd.conley at coversant.net
Fri Aug 26 19:34:24 UTC 2005
> > What if I don't have a JID? Think customer service portal.
> As I've done it now, the user specifies username "foo", and gets
> assigned the JID "foo at anonymous.example.com" temporarily.
> Or, do you mean that the user would simply get a random JID? That
> would be useful...
That's what our implementation does if anonymous is enabled. Users get
a random JID assigned to them and minimal security rights in the server.
It doesn't use the trace information for anything as it is not
guaranteed to be present, though it will use the resource they provide
during resource binding. We chose to think of trace information like
anonymous FTP, you are just asking for some sort of identifying
information, but it might not necessarily correctly identify the entity,
and it certainly can't be considered unique.
That being said it could be useful to read the trace into a JID if it's
present and not taken on the system. :)
More information about the Standards