[Standards] Proposed XMPP Extension: Token-based reconnection

Michal Piotrowski michal.piotrowski at erlang-solutions.com
Fri Feb 12 10:34:17 UTC 2016

Hi Florian,

Your extension looks very convenient. As I understand the token can be
used only once and only in context of stream resumption. What if the
stream resumption fails? Should the client authenticate by regular
SASL method like SCRAM-SHA-1 or would it be possible to use the token
to authenticate (without resuming the session)?

Best regards
Michal Piotrowski
michal.piotrowski at erlang-solutions.com

On 12 February 2016 at 11:08, Florian Schmaus <flo at geekplace.eu> wrote:
> On 06.02.2016 12:22, Florian Schmaus wrote:
>> On 05.02.2016 20:04, Lance Stout wrote:
>>> Integrating this sort of token authentication with XEP-0198 would be the
>>> bigger win, because then SASL could be skipped entirely along with the
>>> initial stream setup (like how we can use BOSH with pre-binding). The
>>> stream management ID could easily be a JWT or equivalent token that would
>>> be sufficient for authentication. The missing piece would be allowing
>>> the <resumed/> element to include a new ID value (I'm not sure why it
>>> currently returns the 'previous' ID without allowing a new ID).
>> Exactly. I always thought a fast reconnect (fr) mechanism based on
>> stream management should work something like this:
>> ...
>> What do you think? I'm willing to XEPify this, if the approach is
>> considered useful.
> Here is my suggestion how such a XEP could look like:
> http://geekplace.eu/xeps/xep-qsr/xep-qsr.html
> As always: This is an early draft, the source code can be found at
> https://github.com/flowdalic/xeps, feedback and patches welcome. :)
> - Florian
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________

More information about the Standards mailing list