[Standards] Proposal: Signing Forms

Peter Waher Peter.Waher at clayster.com
Wed Apr 16 23:34:28 UTC 2014


I've written a new proposal for a XEP: Signing Forms. It provides a mechanism to sign forms using external credentials.

The main use case is to secure account creation using In-band registration (XEP-0077) so that accounts can be created automatically and securely in open networks by devices in the field, without creating vulnerabilities that can be exploited by malicious users or robots.

Example: A manufacturer of devices can create an account on an XMPP server, where the manufacturer is given an account key and secret. The account allows the manufacturer to create accounts on the server using in-band registration. Perhaps the number is limited. Devices use the account key and secret to sign registration forms, and the server only allows accounts to be created to those that correctly sign the corresponding registration forms. The manufacturer can then monitor how many accounts have been created, and the operator can have control who has created accounts automatically and how many.

Any comments and suggestions are welcome.

Best regards,
Peter Waher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140416/efdde6c8/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140416/efdde6c8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signing-forms.xml
Type: application/xml
Size: 23253 bytes
Desc: signing-forms.xml
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140416/efdde6c8/attachment.xml>

More information about the Standards mailing list