[Standards] XEP-0178 1.1rc3
fippo at goodadvice.pages.de
Thu Apr 14 21:30:21 UTC 2011
Peter Saint-Andre wrote:
> I *think* that this discussion thread leads to the following text in
> Section 3, but please double-check it.
> 10. Server1 considers EXTERNAL to be its preferred SASL mechanism. For
> server-to-server authentication the<auth/> element MUST NOT include an
> authorization identity (thus Server1 includes an empty response of "="
> as shown in RFC 6120).
> <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>=</auth>
> Interoperability Note: Previous versions of this specification relied on
> the authorization identity being present on the receiving server. Even
> though this is no longer required, the connecting server should include
> it for backward compability.
MUST NOT include but should include for backward compability?
Include it always and blame it on me (even though I don't have the old
logs from 2006).
I am not sure if backward compability really matters, the last time I
checked I offered EXTERNAL to three servers... jabber.org,
dave.cridland.net and some host running prosody.
> 11. Server2 determines if hostname is valid.
> a. If the 'from' attribute of stream header sent by Server1 can be
> matched against one of the identifiers provided in the certificate
> following the matching rules from RFC 6125, Server2 returns success.
> <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
> Implementation Note: If Server2 needs to assign an authorization
> identity during SASL negotiation, it SHOULD use the value of the 'from'
> attribute of the stream header sent by Server1.
More information about the Standards