mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-25 18:52:23 -05:00
Addressing burner JID ML feedback
This commit is contained in:
parent
940f640bca
commit
34fc30b2a9
@ -8,8 +8,7 @@
|
|||||||
<header>
|
<header>
|
||||||
<title>Burner JIDs</title>
|
<title>Burner JIDs</title>
|
||||||
<abstract>
|
<abstract>
|
||||||
A mechanism by which users may request arbitrary anonymizing "burner" JIDs
|
A mechanism by which users may request anonymous, ephemeral "burner" JIDs.
|
||||||
for short term use.
|
|
||||||
</abstract>
|
</abstract>
|
||||||
&LEGALNOTICE;
|
&LEGALNOTICE;
|
||||||
<number>xxxx</number>
|
<number>xxxx</number>
|
||||||
@ -19,6 +18,7 @@
|
|||||||
<approver>Council</approver>
|
<approver>Council</approver>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<spec>XMPP Core</spec>
|
<spec>XMPP Core</spec>
|
||||||
|
<spec>RFC 4422</spec>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<supersedes/>
|
<supersedes/>
|
||||||
<supersededby/>
|
<supersededby/>
|
||||||
@ -38,16 +38,16 @@
|
|||||||
Traditionally this is accomplished using SASL authentication and the
|
Traditionally this is accomplished using SASL authentication and the
|
||||||
ANONYMOUS mechanism as detailed in &xep0175;, however, ANONYMOUS auth
|
ANONYMOUS mechanism as detailed in &xep0175;, however, ANONYMOUS auth
|
||||||
provides no mechanism for changing identities (requesting a new JID) without
|
provides no mechanism for changing identities (requesting a new JID) without
|
||||||
creating a new session, and server operators may not wish to allow anonymous
|
creating a new session, nor does it provide authentication of users.
|
||||||
authentication to prevent abuse.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
This specification solves these problems by decoupling anonymous identity
|
This specification solves these problems by decoupling anonymous identity
|
||||||
management from authentication.
|
management from authentication.
|
||||||
This allows logged in users (anonymous or otherwise at the server operators
|
This allows logged in users (authenticated or anonymous at the server
|
||||||
disgression) to request a new temporary identifier, a "burner" JID, which
|
operators disgression) to request a new temporary identifier, a "burner"
|
||||||
may be used by its owner in any context where they would normally use their
|
JID, which may be used by its owner to construct a new session with the
|
||||||
persistent primary JID.
|
server that is anonymous to third parties but is (optionally) locally
|
||||||
|
authenticated.
|
||||||
</p>
|
</p>
|
||||||
</section1>
|
</section1>
|
||||||
<section1 topic='Glossary' anchor='glossary'>
|
<section1 topic='Glossary' anchor='glossary'>
|
||||||
@ -56,15 +56,14 @@
|
|||||||
<dt>Burner JID</dt>
|
<dt>Burner JID</dt>
|
||||||
<dd>
|
<dd>
|
||||||
A temporary JID that is not valid for the purpose of authentication but
|
A temporary JID that is not valid for the purpose of authentication but
|
||||||
which may be used in place of the authentication identity in a
|
which may be authorized by an existing pre-authenticated session.
|
||||||
pre-authenticated session.
|
|
||||||
</dd>
|
</dd>
|
||||||
</di>
|
</di>
|
||||||
<di>
|
<di>
|
||||||
<dt>Ephemeral identity</dt>
|
<dt>Ephemeral identity</dt>
|
||||||
<dd>
|
<dd>
|
||||||
The identity of a user on the server comprising a shared secret and any
|
The identity of a user on the server comprising a burner JID and any
|
||||||
associated burner JIDs or other stored information about the user.
|
other associated data.
|
||||||
</dd>
|
</dd>
|
||||||
</di>
|
</di>
|
||||||
<di>
|
<di>
|
||||||
@ -118,10 +117,21 @@
|
|||||||
type='result'>
|
type='result'>
|
||||||
<identity xmlns='urn:xmpp:burner:0'>
|
<identity xmlns='urn:xmpp:burner:0'>
|
||||||
<jid>
|
<jid>
|
||||||
hfgnINTSA-ciCLz6NhTtCD5Jr0k:1477672278884j@example.net/4db06f06-1ea4-11dc-aca3-000bcd821bfb
|
hfgnINTSA-ciCLz6NhTtCD5Jr0k:1477672278884j@example.net
|
||||||
</jid>
|
</jid>
|
||||||
</identity>
|
</identity>
|
||||||
</iq>]]></example>
|
</iq>]]></example>
|
||||||
|
<p>
|
||||||
|
The burner JID MUST be a bare JID.
|
||||||
|
Burner JIDs are not valid for the purpose of authentication, but may be
|
||||||
|
authorized to perform actions.
|
||||||
|
To use the burner JID the client then attempts to establish a new session
|
||||||
|
with the server using the account that requested the burner JID as the
|
||||||
|
authentication identity and the burner JID as the authorization identity as
|
||||||
|
defined in &rfc4422; §2. If the server does not support SASL, or does
|
||||||
|
not support any SASL mechanisms that support authorization identities,
|
||||||
|
burner JIDs cannot be used.
|
||||||
|
</p>
|
||||||
</section1>
|
</section1>
|
||||||
<section1 topic='Determining Support' anchor='support'>
|
<section1 topic='Determining Support' anchor='support'>
|
||||||
<p>
|
<p>
|
||||||
@ -147,13 +157,18 @@
|
|||||||
<p>
|
<p>
|
||||||
It may be impractical to store verification information for every burner JID
|
It may be impractical to store verification information for every burner JID
|
||||||
issued by the system.
|
issued by the system.
|
||||||
To this end it is RECOMMENDED that the localpart of a burner JID be an
|
To this end servers that implement this specification may choose to encode
|
||||||
HMAC-SHA-256 which includes the users JID or another unique identifier, an
|
information into the localpart of issued burner JIDs which can be verified
|
||||||
expiration or issued time for the burner JID if appropriate, TLS channel
|
when a user attempts to authorize a new session to use the burner JID.
|
||||||
binding information, session information, or any other data the server
|
If an implementation chooses to do this it is RECOMMENDED that an
|
||||||
wishes to verify.
|
&nistfips198-1; be used.
|
||||||
|
This HMAC MAY include the JID of the associated authentication identity, an
|
||||||
|
expiration or issued time for the burner JID, session information, TLS
|
||||||
|
channel binding data, or any other information the server wishes to verify.
|
||||||
The format of this key or its input values is left as an implementation
|
The format of this key or its input values is left as an implementation
|
||||||
decision.
|
decision.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
As with persistent JIDs, the client MUST NOT assign any meaning to the
|
As with persistent JIDs, the client MUST NOT assign any meaning to the
|
||||||
localpart or resourcepart of a burner JID.
|
localpart or resourcepart of a burner JID.
|
||||||
</p>
|
</p>
|
||||||
@ -161,12 +176,8 @@
|
|||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<p>
|
<p>
|
||||||
To prevent burner JIDs from being abused for spamming, implementations
|
To prevent burner JIDs from being abused for spamming, implementations
|
||||||
SHOULD rate limit all burner JIDs in use by a given authentication identity
|
SHOULD rate limit all burner JIDs in use by an authentication identity as a
|
||||||
as a single unit.
|
single unit.
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
When a users session ends it is RECOMMENDED that any ephemeral identities
|
|
||||||
associated with their session be purged.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
If TLS channel binding information is encoded in the burner JID it is
|
If TLS channel binding information is encoded in the burner JID it is
|
||||||
@ -177,6 +188,11 @@
|
|||||||
resumption does not include enough context to successfully verify the
|
resumption does not include enough context to successfully verify the
|
||||||
binding.
|
binding.
|
||||||
</p>
|
</p>
|
||||||
|
<p>
|
||||||
|
Implementations that choose to encode information in the localpart of burner
|
||||||
|
JIDs should take care when choosing a hash function.
|
||||||
|
For current recommendations see &xep0300;.
|
||||||
|
</p>
|
||||||
</section1>
|
</section1>
|
||||||
<section1 topic='IANA Considerations' anchor='iana'>
|
<section1 topic='IANA Considerations' anchor='iana'>
|
||||||
<p>This docment requires no interaction with the &IANA;.</p>
|
<p>This docment requires no interaction with the &IANA;.</p>
|
||||||
@ -197,7 +213,7 @@
|
|||||||
<type>
|
<type>
|
||||||
<name>ephemeral</name>
|
<name>ephemeral</name>
|
||||||
<desc>
|
<desc>
|
||||||
An authorization service that provides ephemeral "burner" identities.
|
An authorization service that provides ephemeral identities.
|
||||||
</desc>
|
</desc>
|
||||||
<doc>XEP-XXXX</doc>
|
<doc>XEP-XXXX</doc>
|
||||||
</type>
|
</type>
|
||||||
@ -226,4 +242,7 @@
|
|||||||
<section1 topic='XML Schema' anchor='schema'>
|
<section1 topic='XML Schema' anchor='schema'>
|
||||||
<p>TODO.</p>
|
<p>TODO.</p>
|
||||||
</section1>
|
</section1>
|
||||||
|
<section1 topic='Acknowledgements' anchor='ack'>
|
||||||
|
<p>The author wishes to thank Philipp Hancke for his feedback.</p>
|
||||||
|
</section1>
|
||||||
</xep>
|
</xep>
|
||||||
|
Loading…
Reference in New Issue
Block a user