[Standards] JID Escaping

Mridul Muralidharan mridul at sun.com
Tue Jul 31 04:36:14 UTC 2007


Mridul Muralidharan wrote:
> Peter Saint-Andre wrote:
>> Mridul Muralidharan wrote:
>>> Peter Saint-Andre wrote:
>>>> Mridul Muralidharan wrote:
>>
>>>>> For the server, this xep is required since its user population could
>>>>> include users which have these prohibited characters in the uid .. and
>>>>> so requires it to identify the backend user (hence need to 
>>>>> standardize)
>>>> Well it's really required only if you have customers who want to port
>>>> existing UserIDs (e.g., email addresses) to JIDs.
>>> Unfortunately, this is a very frequent deployment.
>>
>> Personally I think this is fortunate -- organizations are rolling out
> 
> Unfortunate from point of view of xmpp nodeprep :-)
> It is a necessary feature to support - especially when deployments tend 
> to use single sign on (SSO) for all internal servers.
> 
>> Jabber services to their large installed base of email users. Let's ask
>> ourselves how we can make that easier. Enabling those organizations to
>> map existing userids to JIDs makes sense. Saying "you can't re-use
>> existing userids so some of your users will need to have different
>> addresses or not use Jabber at all" makes no sense.
>>
>> Email allows the following characters that are disallowed in JIDs (by
>> which I mean local-part of email address and node identifier portion of
>> JID):
>>
>> &
>> '
>> /
> 
> There are lot of cases where email gets used 'as-is' also as xmpp node.
> But there are other sso schemes where the other prohibited characters 
> also can get used.
> 
>>
>> So IMHO the focus should be on those characters (the same mapping
>> applies to SIP addresses, which might be re-used in the same way that
>> email addresses are re-used, though I see that as less likely).
>>
>> And again I ask, is that "gatewaying" or the automated construction of a
>> native XMPP address from an existing userid? I don't know that it makes
>> much of a difference really, but to me gatewaying is for exchange of
>> messages between different communication systems, not pure address
>> mapping to re-use userids.
>>
>>> It is not that is only mailid which has this issue - there are also SSO
>>> mechanism of form uid at realm.
>>
>> But is uid at realm going to be re-used as an XMPP node identifier?
> 
> Yes.
> Simple scenario - user\40realm1 at domain approves contact\40realm2 at domain 
> (note - same domain) subscription : for server to 'find out' the backend 
> store for contact at realm2, it will need the whole uid - 'contact' by 
> itself wont do : in a lot of cases, the server would have direct control 

*would not*

> over the backend anyway, and will need to go through sso api which 
> expect the full identifier for the users.
> 
> In the example above, I explicitly called it realm - though usually 
> different realm's get mapped to different domains. It could have been 
> anyother identifier which is global to the SSO system in place.
> 
> 
> Regards,
> Mridul
> 
>>
>> /psa
> 




More information about the Standards mailing list