[Standards] Server acting on behalf of another

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Sep 9 19:08:02 UTC 2011


I wonder how practical it would be to allow a third-party to send a stanza 
using a "from" domain that is already controlled by an existing server.

I imagine a flow going something like this:

  S1 = official server (owner of domain)
  T1 = third party server (the one sending the stanza)
  S2 = target server (the one receiving the stanza)

  1) T1 handshakes with S2, claiming to be S1 and providing dialback key.
  2) S2 dialbacks to S1, presenting dialback key for verification.
  3) S1 replies with success, vouching for the key provided by T1.
  4) T1 sends stanza to S2 using JID with domain @S1.

The challenge with allowing a third-party to do this is the need for both S1 
and T1 to understand the same dialback key scheme, which may involve sharing 
data or sharing a secret key and algorithm.  Has anyone considered a standard 
approach for this?

One situation I could see this being useful is if you wanted to delegate the 
task of sending a lot of pubsub notification events to a third party server.  
However, there is still one problem with this offloading idea which is that all 
the dialback requests would still blast S1 to hell.

Justin



More information about the Standards mailing list