[Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)
fippo at goodadvice.pages.de
Wed Oct 13 12:05:43 UTC 2010
David Richards wrote:
> Also, step 10 in section 3, xep-0178 conflicts with 3920bis step 9 in section 9.2.2. 178 indicates inclusion of authorization identity matching the from attribute of the server1 to server2 stream element while 3920bis indicates an empty authorization identity.
I think the best strategy (right now) is to include the authorization
identity when sending (for backward compability reasons) and to ignore
it (and use the stream's 'from') as a receiver.
More information about the Standards