[Standards] Kerberos to JID mapping

Greg Hudson ghudson at MIT.EDU
Wed Mar 7 20:00:34 UTC 2007

At MIT we have an XMPP namespace which corresponds closely to our
Kerberos namespace.  We are currently exploring the details of the
mapping function from Kerberos authn IDs to XMPP authzids.

A Kerberos principal usually looks like ghudson at ATHENA.MIT.EDU, in
which case the mapping function is pretty obvious.  But a principal
can also look like ghudson/root at ATHENA.MIT.EDU or
host/someserver.mit.edu at ATHENA.MIT.EDU.  JID nodes cannot contain
slash characters, so a direct mapping is not an option for these
multi-component principals.

My best understanding is that this mapping is totally a matter of
local policy, and any mapping is as good as any other (as long as it's
internally consistent and lives within the character set restrictions
of a JID node).  But if there are any standards covering this issue,
I'd love to know ahead of time, so that we don't have to make a
transition later.  Is my understanding correct?


More information about the Standards mailing list