1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 10:12:19 -05:00
This commit is contained in:
Peter Saint-Andre 2014-02-10 19:08:20 -07:00
parent 31dd9872fb
commit 2450128912

View File

@ -27,10 +27,11 @@
&ianpaterson;
&stpeter;
&lance;
&winfried;
<revision>
<version>1.4rc1</version>
<date>2013-11-08</date>
<initials>ls</initials>
<version>1.4rc2</version>
<date>2014-02-10</date>
<initials>ls/wt</initials>
<remark><p>Incorporated patches from community review.</p></remark>
</revision>
<revision>
@ -156,7 +157,7 @@ Content-Length: 483
</section1>
<section1 topic="Authentication and Resource Binding" anchor='preconditions-sasl'>
<p>A success case for authentication and resource binding using the XMPP protocols is shown below. For detailed specification of these protocols (including error cases), refer to &rfc6120;</p>
<p>A success case for authentication and resource binding using the XMPP protocols is shown below. For detailed specification of these protocols (including error cases), refer to &rfc6120;. The server MAY offer the SASL-EXTERNAL method, for example when BOSH is used in conjunction with HTTP authentication or TLS authentication on the HTTP level.</p>
<example caption="SASL authentication step 1">
<![CDATA[POST /webclient HTTP/1.1
Host: httpcm.example.com
@ -221,6 +222,7 @@ Content-Length: 149
<li>The BOSH &lt;body/&gt; element SHOULD include the 'xml:lang' attribute.</li>
<li>The BOSH &lt;body/&gt; element SHOULD be empty (i.e., not contain an XML stanza). However, if the client includes an XML stanza in the body, the connection manager SHOULD ignore it. <note>It is known that some connection manager implementations accept an XML stanza in the body of the restart request and send that stanza to the server when the stream is restarted; however there is no guarantee that a connection manager will send the stanza so a client cannot rely on this behavior.</note></li>
</ul>
<p>When SASL-EXTERNAL is used in combination with BOSH the BOSH &lt;body/&gt; element SHOULD include the 'from' attribute upon stream restart. This because constrained clients can not always know what credentials were used to authenticate on the HTTP level. The server MUST try to associate the provided 'from' with the credentials that were provided on the other level.</p>
<p>The following example illustrates the format for a restart request.</p>
<example caption="Restart request">
<![CDATA[POST /webclient HTTP/1.1