[Standards] UPDATED: XEP-0215 (External Service Discovery)
xramtsov at gmail.com
Sun Feb 21 12:57:22 UTC 2010
XMPP Extensions Editor wrote:
> Version 0.5 of XEP-0215 (External Service Discovery) has been released.
> Abstract: This document specifies an XMPP protocol extension for discovering services external to the XMPP network.
> Changelog: Added ability to request credentials from a particular service; incremented the protocol version number to reflect the new feature. (psa)
> Diff: http://xmpp.org/extensions/diff/
> URL: http://xmpp.org/extensions/xep-0215.html
A suggestion: we need to provide a fallback in the case when a server
doesn't support shared credentials: in that case a client MUST use long
term authentication using its jid/password. This is usefull when there
is single TURN server serving both XMPP and SIP domains or when there is
no way to exchange shared secrets between XMPP and TURN server. In those
cases TURN server may share authentication backend (SQL or whatever)
with XMPP server.
What do you think?
PS. I personally prefer short term credentials because it doesn't
require implementing additional protection from dictionary attacks on
TURN server and protects from using TURN server out of existing XMPP
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.
More information about the Standards