<abstract>This document proposes improvements to the definition of resource binding for inclusion in the specification that supersedes RFC 3920.</abstract>
<remark><p>Required client to include from address on every stanza it sends over a stream to which it has bound multiple resources; specified server handling of sessions.</p></remark>
<p><cite>RFC 3920</cite> introduced the concept of binding a resource to an XML stream (this concept superseded part of the older jabber:iq:auth protocol described in &xep0078;). As defined in <cite>RFC 3920</cite>, resource binding enables a client to bind one resource to a stream but does not enable a client to unbind a resource and leaves underspecified what a server and client should do if a client binds more than one resource to a stream. Because the ability to bind multiple resources to a stream is desirable in certain environments (e.g., for devices that are unable to open more than one TCP connection or when a machine runs a daemon process that is used by multiple applications), this document proposes improvements to resource binding in order to address these shortcomings.</p>
<p>Note: The recommendations described herein have been incorporated into <cite>rfc3920bis</cite>.</p>
<section1topic='Unbinding a Resource'anchor='unbind'>
<p>In order to properly manage the resources associated with an XML stream, a client must be able to unbind resources. This shall be completed by sending an IQ-set with a child element of <unbind/> qualified by the 'urn:ietf:params:xml:ns:xmpp-bind' namespace, which in turn has a child element of <resource/> whose XML character data specifies the resource to be unbound:</p>
<examplecaption='Unbind'><![CDATA[
<iqtype='set'id='bind_2'>
<unbindxmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<resource>someresource</resource>
</unbind>
</iq>
]]></example>
<p>If the server does not understand the <unbind/> element, it MUST return an error of &badrequest;. Otherwise, if there is no such resource, the server MUST return an error of ¬found;. When the client unbinds the only resource associated with the stream, the server SHOULD close the stream and terminate the TCP connection.</p>
<p>A server SHOULD advertise its support for the 'urn:ietf:params:xml:ns:xmpp-bind' namespace and the unbind functionality by returning an appropriate stream feature as shown below:</p>
<p>When a client binds multiple resources to the same stream, proper management of 'from' addresses is imperative. In particular, a client MUST specify a 'from' address on every stanza it sends over a stream to which it has bound multiple resources. If a client does not specify a 'from' address on a stanza it sends over a stream to which it has bound multiple resources (or if it specifies as the 'from' address a full JID other than one of the bound resources), the server MUST do one of the following:</p>
<ol>
<li>Stamp the stanza with the resource that the server considers to be the "default resource" for the stream. <note>The default resource SHOULD be the oldest resource bound to the stream, which typically will be the initial resource but which might be a resource bound later if subsequently the initial resource has been unbound.</note></li>
<li>Return the stanza to the client with an <unknown-sender/> stanza error. <note>Currently there is no <unknown-sender/> stanza defined in <cite>RFC 3920</cite>; the author will work to add such an error condition to <cite>rfc3920bis</cite>.</note></li>
</ol>
<p>Which of these a server does is up to the implementation or deployment.</p>
<p>Naturally, the existing rules from <cite>RFC 3920</cite> regarding validation of asserted 'from' addresses still apply.</p>
<p>In instant messaging and presence applications, an XMPP server manages a session on behalf of a connected client. A server MUST create and manage a separate session for each distinct resource, even if there are multiple resources associated with a given XML stream. In particular:</p>
<ol>
<li>A server MUST consider each resource to be a distinct source of presence information, both with regard to presence notifications and with regard to presence probes.</li>
<li>A server MUST manage rosters (see <cite>RFC 3920</cite>) and &xep0016; separately for each resource.</li>
<p>Now the client binds a second resource to the stream.</p>
<examplecaption='Binding a Second Resource'><![CDATA[
<iqtype='set'id='bind-2'>
<bindxmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<resource>balcony</resource>
</bind>
</iq>
<iqtype='result'id='bind-2'>
<bindxmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<jid>juliet@capulet.com/balcony</jid>
</bind>
</iq>
]]></example>
<p>If the server does not allow entities to bind multiple resources to the stream, it MUST return a ¬allowed; error as described in <cite>RFC 3920</cite>.</p>
<p>In handling the last stanza shown above, the server will either return a <unknown-sender/> error or stamped the 'from' address <juliet@capulet.com/core> (but in no case will the server stamp the 'from' address as <juliet@capulet.com/balcony>. Here we assume that the server stamps the 'from' address.</p>
<p>Now the client sends another stanza without a 'from' address, which we assume the server stamps as from the new default resource (note that this is no longer the initial resource):</p>
<p>If properly implemented, the modifications described herein do not introduce any new security concerns above and beyond those defined in <cite>RFC 3920</cite>. However, care must be taken to properly manage 'from' addresses in order to avoid the delivery of stanzas from an unintended resource (which may, for example, leak presence information).</p>
