[Standards] Proposed XMPP Extension: Extensible In-Band Registration

Goffi goffi at goffi.org
Mon Feb 13 13:28:50 UTC 2017


Le dimanche 12 février 2017, 08:32:08 CET Sam Whited a écrit :
> On Sun, Feb 12, 2017 at 8:23 AM, XMPP Extensions Editor <editor at xmpp.org> 
wrote:
> > Title: Extensible In-Band Registration
> 
> I wanted to go ahead and start getting community feedback on this
> approach, and on the following items.
> 
> Still todo (possibly?):
> 
> * Consider adding account deletion?
>   Presumably this would be in an IQ after the stream was started? Or
> maybe we want to ensure they re-auth so this should be after the auth
> stage of the connection handshake, meaning clients that wanted to show
> a "delete my account" button would have to re-login with the account
> deletion feature enabled. This might actually be a good option; it
> just "feels clean" to force you to end your session or create a new
> one for deletion, or it may just be confusing.
> 
> * Add some form of error (not just cancelation)?
>   The lack of consistency in stream feature errors is annoying. Can we
> just reuse SASL error semantics or something? Maybe we need a generic
> "stream featues errors that are not stream errors" in future.
> 
> * Define a proof-of-work challenge type
>   Is this actually necessary? What sort of trendy POW functions are
> people using these days? Hashcash? Will anything be able to easily
> support this if it's added?
> 
> * Define an OOB data challenge type
>   In 0077 this is required for backwards compatibility with things
> that don't support data forms; I'm not sure if we want to do that here
> (requiring something to be able to go out of band just in case XMPP
> isn't fully supported feels poor). Maybe we just require that data
> forms be supported and have OOB be a mechanism that stands on its own,
> not as a fallback.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________



Hello,

nice to see this after summit discussions.

a few remarks:

- IBB can be used with restricted IPs (e.g.: localhost) for automatic account 
creation from a tool. In our case, it's important to have it to allow account 
creation from our web interface, so this use case must be taken into account 
if we plan to deprecate XEP-0077

- Account deletion is not that straightforward that it may seem. We do 
(actually we used to) propose this from our client, but we propose to delete 
archives, or blog posts (XEP-0277 microblogs in PEP node), and it may be 
necessary to delete uploaded files too, or other things. Account deletion 
would be really nice to propose, but it need to be well thought in my humble 
opinion.

- proof of work would be really nice, with a fallback mechanism.


Regards
Goffi


More information about the Standards mailing list