mirror of https://github.com/moparisthebest/xeps
Publish SASL2 and IBR2 as XEP-0388 and XEP-0389
Sam Whited
parent
c8aa105552
commit
1b091c3c69
|
|
@ -9,8 +9,8 @@
|
|||
<title>Extensible SASL Profile</title>
|
||||
<abstract>This document describes a replacement for the SASL profile documented in RFC 6120 which allows for greater extensibility.</abstract>
|
||||
&LEGALNOTICE;
|
||||
<number>XXXX</number>
|
||||
<status>ProtoXEP</status>
|
||||
<number>0388</number>
|
||||
<status>Experimental</status>
|
||||
<type>Standards Track</type>
|
||||
<sig>Standards</sig>
|
||||
<dependencies>
|
||||
|
|
@ -20,6 +20,16 @@
|
|||
<supersededby/>
|
||||
<shortname>sasl2</shortname>
|
||||
&dcridland;
|
||||
<revision>
|
||||
<version>0.1.0</version>
|
||||
<date>2017-03-16</date>
|
||||
<initials>XEP Editor (ssw)</initials>
|
||||
<remark>
|
||||
<ul>
|
||||
<li>Move to experimental.</li>
|
||||
</ul>
|
||||
</remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>0.0.1</version>
|
||||
<date>2017-02-07</date>
|
||||
|
|
@ -62,10 +72,10 @@
|
|||
<p>Clients, upon observing this stream feature, initiate the authentication by the use of the <authenticate/> top-level element, within the same namespace. The nature of this element is to inform the server about properties of the final stream state, as well as initiate authentication itself. To achieve the latter, it has a single mandatory attribute of "mechanism", with a string value of a mechanism name offered by the Server in the stream feature, and an optional child element of <initial-response/>, containing a base64-encoded SASL Initial Response.</p>
|
||||
<p>On subsequent connections, if a Client has previously cache the stream feature, the Client MAY choose to send it before seeing the stream features - sending it "pipelined" with the Stream Open tag for example.</p>
|
||||
<example caption="An authentication request"><![CDATA[
|
||||
<authenticate xmlns='urn:xmpp:sasl:0' mechanism="BLURDLYBLOOP">
|
||||
<initial-response>SW1wcm92ZWQgZW5jYXNwdWxhdGlvbiBvZiBvcHRpb25hbCBTQVNMLUlSIGRhdGE=</initial-response>
|
||||
</authenticate>
|
||||
]]>
|
||||
<authenticate xmlns='urn:xmpp:sasl:0' mechanism="BLURDLYBLOOP">
|
||||
<initial-response>SW1wcm92ZWQgZW5jYXNwdWxhdGlvbiBvZiBvcHRpb25hbCBTQVNMLUlSIGRhdGE=</initial-response>
|
||||
</authenticate>
|
||||
]]>
|
||||
</example>
|
||||
<p>In order to provide support for other desired stream states beyond authentication, additional child elements are used. For example, a hypothetical XEP-0198 session resumption element might be included, and/or Resource Binding requests.</p>
|
||||
<example caption="An authentication request with a (hypothetical) bind request"><![CDATA[
|
||||
|
|
@ -90,7 +100,7 @@
|
|||
<response xmlns='urn:xmpp:sasl:0'>
|
||||
QmFzZSA2NCBlbmNvZGVkIFNBU0wgcmVzcG9uc2UgZGF0YQ==
|
||||
</response>
|
||||
]]>
|
||||
]]>
|
||||
</example>
|
||||
</section2>
|
||||
<section2 topic="During Authentication">
|
||||
|
|
@ -108,7 +118,7 @@
|
|||
</success-data>
|
||||
<authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier>
|
||||
</success>
|
||||
]]></example>
|
||||
]]></example>
|
||||
<p>Other extension elements MAY also be contained by the <success/> element.</p>
|
||||
<example caption="Successful re-authentication and resumption"><![CDATA[
|
||||
<success xmlns='urn:xmpp:sasl:0'>
|
||||
|
|
@ -118,7 +128,7 @@
|
|||
<authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier>
|
||||
<sm:resumed xmlns='urn:xmpp:sm:3:example' h='345' previd='124'/>
|
||||
</success>
|
||||
]]></example>
|
||||
]]></example>
|
||||
<p>Any security layer negotiated SHALL take effect after the ">" octet of the closing tag (ie, immediately after "</success>").</p>
|
||||
</section3>
|
||||
<section3 topic="Failure">
|
||||
|
|
@ -129,7 +139,7 @@
|
|||
<optional-application-specific xmlns='urn:something:else'/>
|
||||
<text>This is a terrible example.</text>
|
||||
</failure>
|
||||
]]></example>
|
||||
]]></example>
|
||||
</section3>
|
||||
<section3 topic="Continue" anchor="continue">
|
||||
<p>A <continue/> element is used to indicate that while the SASL exchange was successful, it is insufficient to allow authentication at this time.</p>
|
||||
|
|
@ -147,13 +157,13 @@
|
|||
<mechanisms>
|
||||
<text>This account requires 2FA</text>
|
||||
</continue>
|
||||
]]></example>
|
||||
]]></example>
|
||||
<p>Clients respond with a <next-authenticate/> element, which has a single mandatory attribute of "mechanism", containing the selected mechanism name, and contains an OPTIONAL base64 encoded initial response.</p>
|
||||
<example caption="Client Continues"><![CDATA[
|
||||
<next-authenticate xmlns='urn:xmpp:sasl' mechanism='TOTP-EXAMPLE'>
|
||||
MkZBIG9yIHBhc3N3b3JkIGNoYW5nZSBvciBzb21ldGhpbmc=
|
||||
</next-authenticate>
|
||||
]]></example>
|
||||
]]></example>
|
||||
</section3>
|
||||
</section2>
|
||||
</section1>
|
||||
|
|
@ -17,8 +17,8 @@
|
|||
recovery.
|
||||
</abstract>
|
||||
&LEGALNOTICE;
|
||||
<number>xxxx</number>
|
||||
<status>ProtoXEP</status>
|
||||
<number>0389</number>
|
||||
<status>Experimental</status>
|
||||
<type>Standards Track</type>
|
||||
<sig>Standards</sig>
|
||||
<approver>Council</approver>
|
||||
|
|
@ -31,6 +31,16 @@
|
|||
<supersededby/>
|
||||
<shortname>ibr2</shortname>
|
||||
&sam;
|
||||
<revision>
|
||||
<version>0.1.0</version>
|
||||
<date>2017-03-16</date>
|
||||
<initials>XEP Editor (ssw)</initials>
|
||||
<remark>
|
||||
<ul>
|
||||
<li>Move to experimental.</li>
|
||||
</ul>
|
||||
</remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>0.0.2</version>
|
||||
<date>2017-02-15</date>
|
||||
|
|
@ -370,7 +380,4 @@
|
|||
&NSVER;
|
||||
</section2>
|
||||
</section1>
|
||||
<section1 topic='XML Schema' anchor='schema'>
|
||||
<p>TODO before advancing to Draft.</p>
|
||||
</section1>
|
||||
</xep>
|
||||
2
xep.ent
2
xep.ent
|
|
@ -1443,3 +1443,5 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates</link></span> <note>
|
|||
<!ENTITY xep0385 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0385.html'>Stateless Inline Media Sharing (XEP-0385)</link></span> <note>XEP-0385: Stateless Inline Media Sharing (SIMS) <<link url='https://xmpp.org/extensions/xep-0385.html'>https://xmpp.org/extensions/xep-0385.html</link>>.</note>" >
|
||||
<!ENTITY xep0386 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0386.html'>Bind 2.0 (XEP-0386)</link></span> <note>XEP-0386: Bind 2.0 <<link url='https://xmpp.org/extensions/xep-0386.html'>https://xmpp.org/extensions/xep-0386.html</link>>.</note>" >
|
||||
<!ENTITY xep0387 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0387.html'>XMPP Compliance Suites 2017 (XEP-0387)</link></span> <note>XEP-0387: XMPP Compliance Suites 2017 <<link url='https://xmpp.org/extensions/xep-0387.html'>https://xmpp.org/extensions/xep-0387.html</link>>.</note>" >
|
||||
<!ENTITY xep0388 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0388.html'>Extensible SASL Profile (XEP-0388)</link></span> <note>XEP-0388: Extensible SASL Profile <<link url='https://xmpp.org/extensions/xep-0388.html'>https://xmpp.org/extensions/xep-0388.html</link>>.</note>" >
|
||||
<!ENTITY xep0389 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0389.html'>Extensible In-Band Registration (XEP-0389)</link></span> <note>XEP-0389: Extensible In-Band Registration <<link url='https://xmpp.org/extensions/xep-0389.html'>https://xmpp.org/extensions/xep-0389.html</link>>.</note>" >
|
||||
|
|
|
|||
Loading…
Reference in New Issue