[Standards] UPDATED: XEP-0215 (External Service Discovery)

Evgeniy Khramtsov xramtsov at gmail.com
Sun Feb 21 12:57:22 UTC 2010


XMPP Extensions Editor wrote:
> Version 0.5 of XEP-0215 (External Service Discovery) has been released.
>
> Abstract: This document specifies an XMPP protocol extension for discovering services external to the XMPP network.
>
> Changelog: Added ability to request credentials from a particular service; incremented the protocol version number to reflect the new feature. (psa)
>
> Diff: http://xmpp.org/extensions/diff/
>
> URL: http://xmpp.org/extensions/xep-0215.html
>   

A suggestion: we need to provide a fallback in the case when a server 
doesn't support shared credentials: in that case a client MUST use long 
term authentication using its jid/password. This is usefull when there 
is single TURN server serving both XMPP and SIP domains or when there is 
no way to exchange shared secrets between XMPP and TURN server. In those 
cases TURN server may share authentication backend (SQL or whatever) 
with XMPP server.

What do you think?

PS. I personally prefer short term credentials because it doesn't 
require implementing additional protection from dictionary attacks on 
TURN server and protects from using TURN server out of existing XMPP 
connection.

-- 
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.




More information about the Standards mailing list