<p>Various changes, made in parallel with working client and server implementation experience, and SASL2 updates.</p>
<p>More tightly define the integration with XEP-0388 and several session feature XEPs: XEP-0198, XEP-0280, XEP-0352.</p>
<p>Replace the custom latest-id element with the new metadata element from XEP-0313, which also provides richer information.</p>
<p>Drop unread tracking, as this is a deep topic not directly related to resource binding. Instead the details of integration with other extensions have been better defined and demonstrated, to allow such functionality when it is fully defined and exists.</p>
<p>Adjust proposed namespace on aesthetic grounds and consistency with SASL2's approach. As this protocol may become part of the new preferred connection flow for a long time to come, it makes no sense to include the redundant and potentially confusing '2' when there is no conflict without it. Similarly, the '.0' has been dropped from the XEP's title, as it isn't really a version number.</p>
<p>Allow the client some influence over the resulting resource identifier, and define a standard format for these combined identifiers.</p>
<p>Specify that servers should terminate old sessions from a client when it binds a new resource.</p>
<p>Every session on XMPP generally has a unique routable identifier, known as a "resource". Many details and rules about resources in XMPP can be found in &rfc6120;. This core RFC also describes how to "bind" a resource identifier to a session. This is a key part of session establishment for practically all XMPP clients. This specification describes an alternative protocol for resource binding than the one described in RFC 6120, based on &xep0388;.</p>
<p>As XMPP has grown more feature-rich over time, more steps have been introduced that clients are likely to perform at startup, e.g. resource binding, archive synchronisation, enabling Carbons. Some of these introduce race conditions - e.g. if a client synchronises the archive before enabling Carbons, it can miss stanzas sent between these events, or if it enables Carbons before synchronising the archive it can receive duplicate messages. It may also cause duplicate messages by combining archive synchronisation and receipt of offline messages, or by receipt of messages addressed to the full JID between resource binding and archive synchronisation. Therefore, this document provides a mechanism for atomically performing these operations to avoid these race conditions. It also allows the server to provide information to a client that is generally useful about the state of the user's account.</p>
<li>Reduce round-trips and race conditions by providing a single atomic session establishment operation, with support for common session features such as &xep0280;, &xep0313; and &xep0198;. It should also be extensible to additional protocols as needed.</li>
<li>Integrate with SASL2 (XEP-0388) for further round-trip reduction and simpler session establishment.</li>
<p>If a server supports Bind 2, it MUST advertise this within the SASL2 <inline/> element in the stream features, with a feature named 'bind' in the namespace 'urn:xmpp:bind:0'.</p>
<p>Clients do not advertise support for Bind 2.</p>
<p>Bind 2 supports inline negotiation of certain features specific to a session. The features supported by the server for such inline negotiation MUST be included in an <inline/> child element within the bind feature element. Each feature is listed as a <feature/> child element with a 'var' attribute indicating the extension's defined service discovery feature name or namespace.</p>
<p>Bind 2 is never supported without SASL2, and so servers without support for SASL2 MUST NOT advertise the feature. Servers supporting SASL2 and Bind 2 may continue to offer legacy resource binding to clients.</p>
<section2topic='Performing the bind'anchor='bind-request'>
<p>To request resource binding, the client MUST include a <bind/> element, qualified by the 'urn:xmpp:bind:0' namespace, in its SASL2 <authenticate/> request.</p>
<p>The <bind/> element MAY contain the following child elements:</p>
<ul>
<li><tag/>: This element contains a short text string that typically identifies the software the user is using, mostly useful for diagnostic purposes for users, operators and developers. This tag may be visible to other entities on the XMPP network (see <linkurl='#security'>Security Considerations</link>).</li>
</ul>
<p>Additionally, the <bind/> element MAY contain one or more child elements in other namespaces, representing features that the client requests to be automatically enabled for its new session.</p>
<examplecaption='Client provides a resource bind request'><![CDATA[
<p>If the client included a <bind/> element in its SASL2 <authenticate/> then the server MUST process the bind request after authentication is successful (including any necessary subsequent SASL2 tasks), but before sending the <success/> response. Following the usual rules of SASL2, the bind request MUST NOT be processed (i.e. it should be ignored) if the authentication is not successful.</p>
<pclass='box'>Note: If the client included a <resume/> element in its SASL2 negotiation, that MUST be processed first by the server. If that resumption is successful, the server MUST skip resource binding (a resumed session already has a resource bound) and MUST entirely ignore the <bind/> request. If resumption of the previous stream fails, the server MUST include the XEP-0198 failure in the response, and then MUST proceed to process the bind request to establish a new session for the client.</p>
<p>Upon processing the bind request, the server MUST perform several operations, including:</p>
<p>Upon successful binding of a resource, the server SHOULD terminate any earlier sessions from the same client (identified by the <user-agent> 'id' attribute in its SASL2 authentication request).</p>
<p>If the client provided a <tag/> element in its bind request, the text content of that element SHOULD be included as-is in the final resource identifier, subject to the necessary validation for resource identifiers. This tag can help with client identification and debugging. The RECOMMENDED format is to include the client tag as a prefix of the server-generated identifier, separated by a single '/' character: <tt>[client tag]/[server generated identifier]</tt>. For example, <tt>AwesomeXMPP/rQ7Lwut0CcxW6</tt>.</p>
<p>Servers MAY choose to assign stable resource identifiers to clients, i.e. ensuring the same client will receive the same resource identifier for every bind request it makes. If a server or deployment provides resource identifier stability, the generated identifier SHOULD remain stable for every bind request with the same <tag/> and SASL2 <user-agent> id. The SASL2 <user-agent> id itself MUST NOT be exposed by the server in the generated resource identifier.</p>
</section3>
<p>After processing the bind request as described above, the server MUST respond with the SASL <success/> element, including the client's full JID in the <authorization-identity/> element, and a <bound/> element qualified by the 'urn:xmpp:bind:0' namespace, as in the following example:</p>
<p>The server SHOULD include a <metadata/> element as defined by XEP-0313, describing the state of the user's message archive at the precise time of resource binding. This helps the client determine what queries it may need to perform to synchronise messages.</p>
<p>Interactions with certain other extensions are hereby defined in this document:</p>
<li>If the client included a XEP-0198 <enable/> element in the requested features, Stream Management should be enabled at this point. The <bound/> response MUST contain the resulting XEP-0198 <enabled/> (or <failed/>) element. For full business rules, syntax and examples, see XEP-0198.</li>
<li>If the client included a XEP-0280 <enable/> element in the requested features, Message Carbons MUST be enabled at this point. As this operation MUST succeed, no response is necessary.</li>
<li>If the client included a XEP-0352 <active/> or <inactive/> element, the session must begin in that state.</li>
<p>The <bound/> response MUST also contain any defined responses to other enabled features, if any, though details of these are beyond the scope of this specification.</p>
<p>This specification mostly combines existing protocols together. Security considerations defined in those XEPs should be heeded as normal.</p>
<p>The additional facility provided here to provide information on the user's archive is provided post-authentication and is only providing the user's data to the user.</p>
<p>Implementations must adhere to the security considerations defined in XEP-0388 regarding the inclusion of SASL2 requests and inline feature negotiation in TLS 0-RTT ("early data") extensions. That is, they MUST NOT be sent or processed, except when appropriate mitigations are in place (which are beyond the scope of this document, but may be defined by others).</p>
<p>As it forms part of the resource identifier and therefore the full JID of the session, the 'tag' value provided by the client (if any), may be visible to other XMPP entities on the network that the client communicates with or that have access to the user's presence. The simple name of the client can provide value to users, operators and developers diagnosing issues, and it generally will not reveal more information than would be already available through service discovery. Unless they are operating in fully trusted environments, clients MUST NOT use identifiers that might reveal private information about a user or their system (such as hostnames).</p>
<p>Thanks to Daniel Gultsch, Philipp Hörist, Thilo Molitor and Andrzej Wójcik for their valuable support with feedback, suggestions and implementations.</p>