[Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)
justin-keyword-jabber.093179 at affinix.com
Tue Nov 28 06:53:06 UTC 2006
On Monday 27 November 2006 9:36 pm, XMPP Extensions Editor wrote:
> Version 0.4 of XEP-0178 (Best Practices for Use of SASL EXTERNAL) has been
Possibly not related to this update, but I don't understand why Section 2,
Step 10 says: "The client SHOULD NOT include an authorization identity since
client-to-server authorization in XMPP is handled during resource binding."
That doesn't sound right at all. Authorization is handled in SASL, not
resource binding. Authzid is used by other SASL mechanisms, there's no
reason EXTERNAL would be different.
This also cleans up Step 11 a little bit. Case 1 would be modified to accept
any JID listed in the cert, and Case 2 could be removed (I don't see a reason
to drag the stream's 'to' attribute into play here).
More information about the Standards