[Standards] JID Escaping

Mridul Muralidharan mridul at sun.com
Tue Jul 31 04:23:29 UTC 2007


Peter Saint-Andre wrote:
> Mridul Muralidharan wrote:
>> Peter Saint-Andre wrote:
>>> Mridul Muralidharan wrote:
> 
>>>> For the server, this xep is required since its user population could
>>>> include users which have these prohibited characters in the uid .. and
>>>> so requires it to identify the backend user (hence need to standardize)
>>> Well it's really required only if you have customers who want to port
>>> existing UserIDs (e.g., email addresses) to JIDs.
>> Unfortunately, this is a very frequent deployment.
> 
> Personally I think this is fortunate -- organizations are rolling out

Unfortunate from point of view of xmpp nodeprep :-)
It is a necessary feature to support - especially when deployments tend 
to use single sign on (SSO) for all internal servers.

> Jabber services to their large installed base of email users. Let's ask
> ourselves how we can make that easier. Enabling those organizations to
> map existing userids to JIDs makes sense. Saying "you can't re-use
> existing userids so some of your users will need to have different
> addresses or not use Jabber at all" makes no sense.
> 
> Email allows the following characters that are disallowed in JIDs (by
> which I mean local-part of email address and node identifier portion of
> JID):
> 
> &
> '
> /

There are lot of cases where email gets used 'as-is' also as xmpp node.
But there are other sso schemes where the other prohibited characters 
also can get used.

> 
> So IMHO the focus should be on those characters (the same mapping
> applies to SIP addresses, which might be re-used in the same way that
> email addresses are re-used, though I see that as less likely).
> 
> And again I ask, is that "gatewaying" or the automated construction of a
> native XMPP address from an existing userid? I don't know that it makes
> much of a difference really, but to me gatewaying is for exchange of
> messages between different communication systems, not pure address
> mapping to re-use userids.
> 
>> It is not that is only mailid which has this issue - there are also SSO
>> mechanism of form uid at realm.
> 
> But is uid at realm going to be re-used as an XMPP node identifier?

Yes.
Simple scenario - user\40realm1 at domain approves contact\40realm2 at domain 
(note - same domain) subscription : for server to 'find out' the backend 
store for contact at realm2, it will need the whole uid - 'contact' by 
itself wont do : in a lot of cases, the server would have direct control 
over the backend anyway, and will need to go through sso api which 
expect the full identifier for the users.

In the example above, I explicitly called it realm - though usually 
different realm's get mapped to different domains. It could have been 
anyother identifier which is global to the SSO system in place.


Regards,
Mridul

> 
> /psa




More information about the Standards mailing list