[Standards-JIG] Inclusion of both, to and from attributes to the stream root element

Matthias Wimmer m at tthias.eu
Thu Sep 28 21:45:37 UTC 2006


Hi Peter, hi list,


you already added to http://www.xmpp.org/xmppbis.html, that it might be
worth considering, that an initiating entity should add both, a to and a
from attrbiute to the initial stream headers.

When I proposed this two years ago I only gave a reason why this is
worth for s2s links.

I want to add now, that it would also be worth that a client is adding a
from attribute to the initial stream headers:

When a server is generating the list of supported authentication schemes
(SASL mechanisms and/or legacy authentication), the set of possible
schemes may depend on the user, that tries to authenticate.
The server currently has no way to offer different users different
authentication schmes (SASL mechanisms).

Examples:
- If we have a legacy authentication database, that just stores hashes
  of user passwords (not suitable for doing DIGEST-MD5); and for newer
  users, we store DIGEST-MD5 compatible hashes. The users using old
  accounts should not get offered DIGEST-MD5 but only PLAIN; while newer
  accounts should get offered DIGEST-MD5 and should prefere that over
  PLAIN.
- We have some users only having a password, but nothing else. We have
  other users just having certificates, but nothing else (e.g. because
  they registered for an account by submitting a certification request
  for a free JabberID - which would be a nice way to enroll XMPP
  certificates), and the third group of users just have a SecurID token,
  but neither a certificate nor a password.
  For each group of users, the server has to present an other SASL
  mechanism. How can the server decide which one to present, if it does
  not get a from attribute?


Tot kijk
    Matthias

-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060928/c8ce70b8/attachment.bin>


More information about the Standards mailing list