[Standards] Re: [Standards-JIG] Notes on JEP-0178: Best Practices for Use of SASL EXTERNAL - client part of the JEP

Matthias Wimmer m at tthias.eu
Fri Jan 26 19:34:59 UTC 2007

Hi Mridul!

Mridul schrieb:
> In this case of no xmpp-oid, the authorization id will be "node derived 
> from cn in cert"@"domain from 'to' in stream"  when no authorization id 
> is specified by client for sasl external ?

Not necessarily, AFAIK this is just an implementation detail of XMPP 
servers, that are currently available. (And a non-standardized 
assumption most current XMPP clients have.)

RFC 4422 (SASL), 3.4.1:

    If the authorization identity string is absent, the client is
    requesting to act as the identity the server associates with the
    client's credentials.  An empty string is equivalent to an absent
    authorization identity.

Therefore it is okay, that a server assigns a JID to a user, that does 
not match <authentication id>@<realm>. The client will get told about 
the JID it has when binding the resource.

Tot kijk

Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

More information about the Standards mailing list