[Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)

David Richards drichards at coversant.com
Wed Oct 13 14:47:57 UTC 2010


In that case then I think you end up always using the authorization identity since it will always be included for backward compatibility.  And if it's there on the receiving end you need to use it because it might be there legitimately.  Yes?

Which then begs the question, should this information be in two places?

-----Original Message-----
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On Behalf Of Philipp Hancke
Sent: Wednesday, October 13, 2010 7:06 AM
To: XMPP Standards
Subject: Re: [Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)

David Richards wrote:
> Also, step  10 in section 3, xep-0178 conflicts with 3920bis step 9 in section 9.2.2.  178 indicates inclusion of authorization identity matching the from attribute of the server1 to server2 stream element while 3920bis indicates an empty authorization identity.

I think the best strategy (right now) is to include the authorization identity when sending (for backward compability reasons) and to ignore it (and use the stream's 'from') as a receiver.




More information about the Standards mailing list