[Standards] Re: SASL Plain - AuthID - Bare JID or User Name?

Chris Mullins chris.mullins at coversant.net
Thu Feb 8 19:14:00 UTC 2007

I would tend to day no - only because of the complexity of what a
username can be and how the back-end data store may want it. 

I can't think of any cases right now where they wouldn't match, but I
have a feeling that such cases do exist. 

Chris Mullins

-----Original Message-----
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On
Behalf Of Gaston Dombiak
Sent: Thursday, February 08, 2007 10:44 AM
To: standards at xmpp.org
Subject: [Standards] Re: SASL Plain - AuthID - Bare JID or User Name?

Hey Chris,

I'm now modifying Wildfire to handle usernames or bare JIDs. However, I
have a question. Should the server validate that the domain of the bare
matches the domain of the XMPP server? Or is the JID's domain unrelated
the XMPP domain and is treated as another REALM related to something


  -- Gato

> We just ran into a problem doing Authentication with WildFire using
> the Open Source SoapBox Framework and SASL Plain.
> The SoapBox Framework is using a bare JID ("user at server") as the
> authid that's passed across the link. The Jive server is expecting
> only a user name ("user").
> The RFC doesn't really say either way, and I figure this is a good
> chance to get it clarified.
> (The SoapBox Framework now can do both, but I would sure prefer just
> one or the other)
> --
> Chris Mullins

More information about the Standards mailing list