[Standards-JIG] UPDATED: XEP-0178 (Best Practices for Use of SASL EXTERNAL)
Mridul.Muralidharan at Sun.COM
Tue Nov 28 10:17:34 UTC 2006
Justin Karneges wrote:
> On Monday 27 November 2006 9:36 pm, XMPP Extensions Editor wrote:
>> Version 0.4 of XEP-0178 (Best Practices for Use of SASL EXTERNAL) has been
> Possibly not related to this update, but I don't understand why Section 2,
> Step 10 says: "The client SHOULD NOT include an authorization identity since
> client-to-server authorization in XMPP is handled during resource binding."
> That doesn't sound right at all. Authorization is handled in SASL, not
> resource binding.
I dont see what else the client can present ... other than what has
been asserted in the cert already.
The authentication will be as a jid specific to the 'to' in the inbound.
In resource binding stage, if bind is attempted to any other barejid -
error : just like currently if you authenticate as userA and try to bind
> Authzid is used by other SASL mechanisms, there's no
> reason EXTERNAL would be different.
> This also cleans up Step 11 a little bit. Case 1 would be modified to accept
> any JID listed in the cert, and Case 2 could be removed (I don't see a reason
> to drag the stream's 'to' attribute into play here).
More information about the Standards