[Standards-JIG] Inclusion of both, to and from attributes to the stream root element
m at tthias.eu
Thu Sep 28 21:45:37 UTC 2006
Hi Peter, hi list,
you already added to http://www.xmpp.org/xmppbis.html, that it might be
worth considering, that an initiating entity should add both, a to and a
from attrbiute to the initial stream headers.
When I proposed this two years ago I only gave a reason why this is
worth for s2s links.
I want to add now, that it would also be worth that a client is adding a
from attribute to the initial stream headers:
When a server is generating the list of supported authentication schemes
(SASL mechanisms and/or legacy authentication), the set of possible
schemes may depend on the user, that tries to authenticate.
The server currently has no way to offer different users different
authentication schmes (SASL mechanisms).
- If we have a legacy authentication database, that just stores hashes
of user passwords (not suitable for doing DIGEST-MD5); and for newer
users, we store DIGEST-MD5 compatible hashes. The users using old
accounts should not get offered DIGEST-MD5 but only PLAIN; while newer
accounts should get offered DIGEST-MD5 and should prefere that over
- We have some users only having a password, but nothing else. We have
other users just having certificates, but nothing else (e.g. because
they registered for an account by submitting a certification request
for a free JabberID - which would be a nice way to enroll XMPP
certificates), and the third group of users just have a SecurID token,
but neither a certificate nor a password.
For each group of users, the server has to present an other SASL
mechanism. How can the server decide which one to present, if it does
not get a from attribute?
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards