[Standards] Kerberos to JID mapping

Mridul mridul at sun.com
Wed Mar 7 21:50:45 UTC 2007

JID Escaping (http://www.xmpp.org/extensions/xep-0106.html) allows the 
use of '/', '\', etc in the node of a jid.
For example, we use this for supporting mailid as the user id for users 
in some customer deployments.


Greg Hudson wrote:
> At MIT we have an XMPP namespace which corresponds closely to our
> Kerberos namespace.  We are currently exploring the details of the
> mapping function from Kerberos authn IDs to XMPP authzids.
> A Kerberos principal usually looks like ghudson at ATHENA.MIT.EDU, in
> which case the mapping function is pretty obvious.  But a principal
> can also look like ghudson/root at ATHENA.MIT.EDU or
> host/someserver.mit.edu at ATHENA.MIT.EDU.  JID nodes cannot contain
> slash characters, so a direct mapping is not an option for these
> multi-component principals.
> My best understanding is that this mapping is totally a matter of
> local policy, and any mapping is as good as any other (as long as it's
> internally consistent and lives within the character set restrictions
> of a JID node).  But if there are any standards covering this issue,
> I'd love to know ahead of time, so that we don't have to make a
> transition later.  Is my understanding correct?
> Thanks.

More information about the Standards mailing list