Clarify text in burner JID protoxep

Sam Whited 2016-11-14 13:37:03 -06:00
parent 36e6792b5a
commit 0f3629bc87
1 changed files with 12 additions and 11 deletions

View File

@ -22,7 +22,7 @@
@ -36,18 +36,18 @@
In many XMPP applications it is desirable to be able to act anonymously to
prevent leaking personally identifiable information (PII) to a third party.
Traditionally this is accomplished using SASL authentication and the
ANONYMOUS mechanism as detailed in &xep0175;, however, ANONYMOUS auth
provides no mechanism for changing identities (requesting a new JID) without
creating a new session, nor does it provide authentication of users.
ANONYMOUS mechanism as detailed in &xep0175;, however, the ANONYMOUS
mechanism is in reality an authorization mechanism and does not provide
authentication of users.
This specification solves these problems by decoupling anonymous identity
management from authentication.
management from authentication (auth) and authorization (authz).
This allows logged in users (authenticated or anonymous at the server
operators disgression) to request a new temporary identifier, a "burner"
JID, which may be used by its owner to construct a new session with the
server that is anonymous to third parties but is (optionally) locally
server that is authorized to communicate anonymously with third parties and
is (optionally) locally authenticated.
<section1 topic='Glossary' anchor='glossary'>
@ -145,19 +145,20 @@
<query xmlns=''>
<identity category='conference' type='text'/>
<identity category='authz' type='ephemeral'/>
<identity type='im' name='MyServer' category='server'/>
<identity type='pep' name='MyServer' category='pubsub'/>
<identity type='ephemeral' category='authz'/>
<feature var=''/>
<feature var=''/>
<feature var=''/>
<section1 topic='Implementation Notes' anchor='impl'>
It may be impractical to store verification information for every burner JID
issued by the system.
To this end servers that implement this specification may choose to encode
To this end servers that implement this specification MAY choose to encode
information into the localpart of issued burner JIDs which can be verified
when a user attempts to authorize a new session to use the burner JID.
If an implementation chooses to do this it is RECOMMENDED that an