Publish SASL2 and IBR2 as XEP-0388 and XEP-0389

This commit is contained in:
Sam Whited 2017-03-16 14:34:30 -05:00
parent c8aa105552
commit 1b091c3c69
3 changed files with 36 additions and 17 deletions

View File

@ -9,8 +9,8 @@
<title>Extensible SASL Profile</title> <title>Extensible SASL Profile</title>
<abstract>This document describes a replacement for the SASL profile documented in RFC 6120 which allows for greater extensibility.</abstract> <abstract>This document describes a replacement for the SASL profile documented in RFC 6120 which allows for greater extensibility.</abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>XXXX</number> <number>0388</number>
<status>ProtoXEP</status> <status>Experimental</status>
<type>Standards Track</type> <type>Standards Track</type>
<sig>Standards</sig> <sig>Standards</sig>
<dependencies> <dependencies>
@ -20,6 +20,16 @@
<supersededby/> <supersededby/>
<shortname>sasl2</shortname> <shortname>sasl2</shortname>
&dcridland; &dcridland;
<revision>
<version>0.1.0</version>
<date>2017-03-16</date>
<initials>XEP Editor (ssw)</initials>
<remark>
<ul>
<li>Move to experimental.</li>
</ul>
</remark>
</revision>
<revision> <revision>
<version>0.0.1</version> <version>0.0.1</version>
<date>2017-02-07</date> <date>2017-02-07</date>
@ -62,10 +72,10 @@
<p>Clients, upon observing this stream feature, initiate the authentication by the use of the &lt;authenticate/> top-level element, within the same namespace. The nature of this element is to inform the server about properties of the final stream state, as well as initiate authentication itself. To achieve the latter, it has a single mandatory attribute of "mechanism", with a string value of a mechanism name offered by the Server in the stream feature, and an optional child element of &lt;initial-response/>, containing a base64-encoded SASL Initial Response.</p> <p>Clients, upon observing this stream feature, initiate the authentication by the use of the &lt;authenticate/> top-level element, within the same namespace. The nature of this element is to inform the server about properties of the final stream state, as well as initiate authentication itself. To achieve the latter, it has a single mandatory attribute of "mechanism", with a string value of a mechanism name offered by the Server in the stream feature, and an optional child element of &lt;initial-response/>, containing a base64-encoded SASL Initial Response.</p>
<p>On subsequent connections, if a Client has previously cache the stream feature, the Client MAY choose to send it before seeing the stream features - sending it "pipelined" with the Stream Open tag for example.</p> <p>On subsequent connections, if a Client has previously cache the stream feature, the Client MAY choose to send it before seeing the stream features - sending it "pipelined" with the Stream Open tag for example.</p>
<example caption="An authentication request"><![CDATA[ <example caption="An authentication request"><![CDATA[
<authenticate xmlns='urn:xmpp:sasl:0' mechanism="BLURDLYBLOOP"> <authenticate xmlns='urn:xmpp:sasl:0' mechanism="BLURDLYBLOOP">
<initial-response>SW1wcm92ZWQgZW5jYXNwdWxhdGlvbiBvZiBvcHRpb25hbCBTQVNMLUlSIGRhdGE=</initial-response> <initial-response>SW1wcm92ZWQgZW5jYXNwdWxhdGlvbiBvZiBvcHRpb25hbCBTQVNMLUlSIGRhdGE=</initial-response>
</authenticate> </authenticate>
]]> ]]>
</example> </example>
<p>In order to provide support for other desired stream states beyond authentication, additional child elements are used. For example, a hypothetical XEP-0198 session resumption element might be included, and/or Resource Binding requests.</p> <p>In order to provide support for other desired stream states beyond authentication, additional child elements are used. For example, a hypothetical XEP-0198 session resumption element might be included, and/or Resource Binding requests.</p>
<example caption="An authentication request with a (hypothetical) bind request"><![CDATA[ <example caption="An authentication request with a (hypothetical) bind request"><![CDATA[
@ -90,7 +100,7 @@
<response xmlns='urn:xmpp:sasl:0'> <response xmlns='urn:xmpp:sasl:0'>
QmFzZSA2NCBlbmNvZGVkIFNBU0wgcmVzcG9uc2UgZGF0YQ== QmFzZSA2NCBlbmNvZGVkIFNBU0wgcmVzcG9uc2UgZGF0YQ==
</response> </response>
]]> ]]>
</example> </example>
</section2> </section2>
<section2 topic="During Authentication"> <section2 topic="During Authentication">
@ -108,7 +118,7 @@
</success-data> </success-data>
<authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier> <authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier>
</success> </success>
]]></example> ]]></example>
<p>Other extension elements MAY also be contained by the &lt;success/> element.</p> <p>Other extension elements MAY also be contained by the &lt;success/> element.</p>
<example caption="Successful re-authentication and resumption"><![CDATA[ <example caption="Successful re-authentication and resumption"><![CDATA[
<success xmlns='urn:xmpp:sasl:0'> <success xmlns='urn:xmpp:sasl:0'>
@ -118,7 +128,7 @@
<authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier> <authorization-identifier>juliet@montague.example/Balcony/a987dsh9a87sdh</authorization-identifier>
<sm:resumed xmlns='urn:xmpp:sm:3:example' h='345' previd='124'/> <sm:resumed xmlns='urn:xmpp:sm:3:example' h='345' previd='124'/>
</success> </success>
]]></example> ]]></example>
<p>Any security layer negotiated SHALL take effect after the ">" octet of the closing tag (ie, immediately after "&lt;/success>").</p> <p>Any security layer negotiated SHALL take effect after the ">" octet of the closing tag (ie, immediately after "&lt;/success>").</p>
</section3> </section3>
<section3 topic="Failure"> <section3 topic="Failure">
@ -129,7 +139,7 @@
<optional-application-specific xmlns='urn:something:else'/> <optional-application-specific xmlns='urn:something:else'/>
<text>This is a terrible example.</text> <text>This is a terrible example.</text>
</failure> </failure>
]]></example> ]]></example>
</section3> </section3>
<section3 topic="Continue" anchor="continue"> <section3 topic="Continue" anchor="continue">
<p>A &lt;continue/> element is used to indicate that while the SASL exchange was successful, it is insufficient to allow authentication at this time.</p> <p>A &lt;continue/> element is used to indicate that while the SASL exchange was successful, it is insufficient to allow authentication at this time.</p>
@ -147,13 +157,13 @@
<mechanisms> <mechanisms>
<text>This account requires 2FA</text> <text>This account requires 2FA</text>
</continue> </continue>
]]></example> ]]></example>
<p>Clients respond with a &lt;next-authenticate/> element, which has a single mandatory attribute of "mechanism", containing the selected mechanism name, and contains an OPTIONAL base64 encoded initial response.</p> <p>Clients respond with a &lt;next-authenticate/> element, which has a single mandatory attribute of "mechanism", containing the selected mechanism name, and contains an OPTIONAL base64 encoded initial response.</p>
<example caption="Client Continues"><![CDATA[ <example caption="Client Continues"><![CDATA[
<next-authenticate xmlns='urn:xmpp:sasl' mechanism='TOTP-EXAMPLE'> <next-authenticate xmlns='urn:xmpp:sasl' mechanism='TOTP-EXAMPLE'>
MkZBIG9yIHBhc3N3b3JkIGNoYW5nZSBvciBzb21ldGhpbmc= MkZBIG9yIHBhc3N3b3JkIGNoYW5nZSBvciBzb21ldGhpbmc=
</next-authenticate> </next-authenticate>
]]></example> ]]></example>
</section3> </section3>
</section2> </section2>
</section1> </section1>

View File

@ -17,8 +17,8 @@
recovery. recovery.
</abstract> </abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>xxxx</number> <number>0389</number>
<status>ProtoXEP</status> <status>Experimental</status>
<type>Standards Track</type> <type>Standards Track</type>
<sig>Standards</sig> <sig>Standards</sig>
<approver>Council</approver> <approver>Council</approver>
@ -31,6 +31,16 @@
<supersededby/> <supersededby/>
<shortname>ibr2</shortname> <shortname>ibr2</shortname>
&sam; &sam;
<revision>
<version>0.1.0</version>
<date>2017-03-16</date>
<initials>XEP Editor (ssw)</initials>
<remark>
<ul>
<li>Move to experimental.</li>
</ul>
</remark>
</revision>
<revision> <revision>
<version>0.0.2</version> <version>0.0.2</version>
<date>2017-02-15</date> <date>2017-02-15</date>
@ -370,7 +380,4 @@
&NSVER; &NSVER;
</section2> </section2>
</section1> </section1>
<section1 topic='XML Schema' anchor='schema'>
<p>TODO before advancing to Draft.</p>
</section1>
</xep> </xep>

View File

@ -1443,3 +1443,5 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates</link></span> <note>
<!ENTITY xep0385 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0385.html'>Stateless Inline Media Sharing (XEP-0385)</link></span> <note>XEP-0385: Stateless Inline Media Sharing (SIMS) &lt;<link url='https://xmpp.org/extensions/xep-0385.html'>https://xmpp.org/extensions/xep-0385.html</link>&gt;.</note>" > <!ENTITY xep0385 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0385.html'>Stateless Inline Media Sharing (XEP-0385)</link></span> <note>XEP-0385: Stateless Inline Media Sharing (SIMS) &lt;<link url='https://xmpp.org/extensions/xep-0385.html'>https://xmpp.org/extensions/xep-0385.html</link>&gt;.</note>" >
<!ENTITY xep0386 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0386.html'>Bind 2.0 (XEP-0386)</link></span> <note>XEP-0386: Bind 2.0 &lt;<link url='https://xmpp.org/extensions/xep-0386.html'>https://xmpp.org/extensions/xep-0386.html</link>&gt;.</note>" > <!ENTITY xep0386 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0386.html'>Bind 2.0 (XEP-0386)</link></span> <note>XEP-0386: Bind 2.0 &lt;<link url='https://xmpp.org/extensions/xep-0386.html'>https://xmpp.org/extensions/xep-0386.html</link>&gt;.</note>" >
<!ENTITY xep0387 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0387.html'>XMPP Compliance Suites 2017 (XEP-0387)</link></span> <note>XEP-0387: XMPP Compliance Suites 2017 &lt;<link url='https://xmpp.org/extensions/xep-0387.html'>https://xmpp.org/extensions/xep-0387.html</link>&gt;.</note>" > <!ENTITY xep0387 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0387.html'>XMPP Compliance Suites 2017 (XEP-0387)</link></span> <note>XEP-0387: XMPP Compliance Suites 2017 &lt;<link url='https://xmpp.org/extensions/xep-0387.html'>https://xmpp.org/extensions/xep-0387.html</link>&gt;.</note>" >
<!ENTITY xep0388 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0388.html'>Extensible SASL Profile (XEP-0388)</link></span> <note>XEP-0388: Extensible SASL Profile &lt;<link url='https://xmpp.org/extensions/xep-0388.html'>https://xmpp.org/extensions/xep-0388.html</link>&gt;.</note>" >
<!ENTITY xep0389 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0389.html'>Extensible In-Band Registration (XEP-0389)</link></span> <note>XEP-0389: Extensible In-Band Registration &lt;<link url='https://xmpp.org/extensions/xep-0389.html'>https://xmpp.org/extensions/xep-0389.html</link>&gt;.</note>" >