[Standards] Proposed XMPP Extension: Account Management

Jehan Pagès jehan.marmottard at gmail.com
Thu Sep 1 19:35:24 UTC 2011


On Wed, Aug 31, 2011 at 2:55 AM, XMPP Extensions Editor <editor at xmpp.org> wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
> Title: Account Management
> Abstract: This specification provides a collection of stream features meant to manage one's account, in particular for account registration, deletion and change of password.

I just noticed that I forgot something important! Depending on the
storage mechanism, some information might have to be sent beforehand,
for the client to be able to compute data to send.
In particular in SCRAM, for the client to be able to compute the
storedKey and serverKey, the server must first provide the salt and
the iteration count.

The syntax could be something like this:

<proceed xmlns='urn:xmpp:account:0'>
  <instructions>Try a long password, which is not a dictionnary word,
    using at least one uppercase, one lowercase, one number and one
special character.</instructions>
  <storage iteration="4096" salt="QSXCR+Q6sek8bf92">SCRAM-SHA-256</storage>
  <storage iteration="4096" salt="OENB+r876hfd/6ER">SCRAM-SHA-1</storage>

Basically it is up to the definition of every storage mechanism to
list if data has to be provided before-hand, and which data.

And note that this also illustrates a very good use (amongst other I
listed in the XEP and probably even others I don't think of) of this
extension with the <required/> and <recommanded/>  option on
<modification/> which could be put to good use when the server wishes
to increase the iteration count (use case planned by RFC-5802), or
modify the salt.
Sorry for forgetting this part!
Also if anyone has any remark, that's also why it is published! :-)


> URL: http://www.xmpp.org/extensions/inbox/account-management.html
> The XMPP Council will decide in the next two weeks whether to accept this proposal as an official XEP.

More information about the Standards mailing list