From 7e828c4825c20ae82e91f64e4cfef915f4d67bd6 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Thu, 12 Sep 2019 09:59:34 +0200 Subject: [PATCH] XEP-0328 (jid-prep): Update to 0.2 - Do not return error IQ result if the string to validate is not a valid JID. It is indistinguishable if the error is caused by the string to check, or if some other involved JID, like the one in the 'to' attribute, is malformed. - Return the normalized JID in its parts, to make it clear which parts constitute the JID - Do not use text as child of an IQ child element. Using text makes it impossible to inject further child elements as XMPP disallows mixed content. - Add support for base64 encoding. After getting a green light from Lance on collaborating with me on this, this commit also adds me to the author list. --- xep-0328.xml | 284 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 183 insertions(+), 101 deletions(-) diff --git a/xep-0328.xml b/xep-0328.xml index b8ab1682..4a02a2bc 100644 --- a/xep-0328.xml +++ b/xep-0328.xml @@ -6,11 +6,11 @@
- JID Prep - This specification defines a way for an XMPP client to request an XMPP server to prep and normalize a given JID. + JID Preperation and Validation Service + This specification defines a way for an XMPP entity to request another entity to prepare and validate a given JID. &LEGALNOTICE; 0328 - Deferred + Experimental Standards Track Standards @@ -20,13 +20,34 @@ - NOT_YET_ASSIGNED + jid-prep Lance Stout lance@lance.im lance@lance.im + &flow; + + 0.2 + 2019-09-09 + fs + +
    +
  • Do not return error IQ result if the string to validate is + not a valid JID. It is indistinguishable if the error is + caused by the string to check, or if some other involved JID, + like the one in the 'to' attribute, is malformed.
    • +
  • Return the normalized JID in its parts, to make it clear + which parts constitute the JID
    • +
  • Do not use text as child of an IQ child element. Using + text makes it impossible to inject further child elements as + XMPP disallows mixed content.
    • +
  • Add support for base64 encoding.
    • +
  • Always announce the jidprep identity.
    • +
+ + 0.1 2013-05-28 @@ -46,137 +67,198 @@

Initial version.
+ -

In order to properly compare and match JIDs, a normalization and prepping step is required by &rfc6122;. The responsibility for such normalization is split between the server and client, where the server is expected to prep any JID slots that it recognizes, particulary those related to stanza routing and roster items. However, the server can not prep JID slots that it does not understand, and so those are left for the client to process.

-

In some environments (in particular, browser based environments), a client does not have access to the various Unicode and internationalization libraries necessary to properly prep and normalize a JID. For those situations, this protocol defines a way for a client to ask a server to normalize a JID on its behalf.

+ +

To accurately compare and match JIDs, a normalization step is + required by &rfc7622;. This normalization is split into two steps + called 'Preparation' and 'Enforcement' by &rfc8264; and maybe + resource-intensive. The protocol defined herein, called "JID Prep" + can be used to ask XMPP entities to perform such a + normalization. Amongst other use-cases, this protocol can be used + for testing purposes, where a test suite checks the conformance of + an normalization implementation of, e.g., an XMPP server + implementation.

+ +

Furthermore, in some environments, especially ones like IoT where + devices with constraint resources are used, a client may not have + access to the various Unicode and internationalization libraries + necessary to properly normalize a JID. For those situations, this + protocol can be used by a client to ask a server to normalize a JID + on its behalf.

+ + -

If a server supports JID prep queries, it MUST specify the 'urn:xmpp:jidprep:0' feature in its service discovery information features as specified in &xep0030; and the Entity Capabilities profile specified in &xep0115;.

- - -]]> + +

If a server supports JID Prep queries, it MUST specify the + 'urn:xmpp:jidprep:1' feature in its service discovery information + features as specified in &xep0030;.

+ - - ... - - ... - -]]> -

The JID prep service MAY be supported through the use of an external component (&xep0114;); in which case, the component MUST return an identity of "component/jidprep" in addition to the "urn:xmpp:jidprep:0" feature.

- ... - + ]]> + + -

In order to request prepping for a JID, the client sends an &IQ; stanza of type "get" to the server, containing a <jid/> element qualified by the 'urn:xmpp:jidprep:0' namespace and whose XML character data is the JID in question:

- - ROMeo@montague.lit/orchard - -]]> -

The server MUST return either an IQ-result or an IQ-error. When returning an IQ-result, the server sends an &IQ; staza of type='result' containing a <jid/> element qualifed by the 'urn:xmpp:jidprep:0' namespace and whose XML character data MUST be the prepped and normalized version of the requested JID:

- - romeo@montague.lit/orchard - -]]> -

If an IQ-error is returned, then it SHOULD specify an error condition of <jid-malformed/> if the given JID could not be processed to a normalized form:

- - romeo@@montague.lit/orchard - - - - -]]> + +

To request preparation and enforcement, and thus normalization + and validation, of a string to a JID, the client sends a JID Prep + request to the service. This request is an &IQ; of type 'get', + containing a <jid-validate-request/> element qualified by the + 'urn:xmpp:jidprep:1' namespace. This element contains a + <maybe-jid/> child element whose textual content is the string + to normalize to and validate as JID.

+ + + + Σ@example.com/resource + +]]> + +

If the given string can be enforced to a valid JID, then a + <jid-validate-result/> with a <valid-jid/> child + element is returned. This child element contains the normalized + JID parts. The valid-jid element MUST contain <domainpart/> + and may contain <localpart/> and/or <resourcepart/> + elements. If the JID does not contain a local- or resourcepart, + then the corresponding element is omitted. Those elements contain the + normalized, i.e., PRECIS enforced, strings of the own JID + parts.

+ + + + + σ + example.com + resource + + +]]> + +

If the service is given an invalid JID, a + <jid-validate-result/> IQ result response with an + <invalid-jid/> elmeent is returned.

+ + + + henryⅣ@example.com + +]]> + + + + + Invalid codepoint 'Ⅳ' in localpart. + + +]]> + + + + +

To be able to feed arbitrary strings into the validator, not + being limited by XML 1.0, the protocol supports an optional Base64 + encoding of the string to validate. The requestor first encodes the + string to UTF-8, then encodes the UTF-8 byte-sequence using Base64 + (&rfc4648; § 4) and + places the result into an <base64-maybe-jid/> element. This + element is a put under the <jid-validate-base64-request/> IQ + child element qualified by the 'urn:xmpp:jidprep:1' namespace.

+ +

The IQ respones of the service are identical to the ones of the + non-Base64 case.

+ +

If supported, service announces 'urn:xmpp:jidprep:base64:1' + feature.

+ + + + zqNAZXhhbXBsZS5jb20vcmVzb3VyY2U= + +]]> + + + -

If a client has the ability to perform the prepping and normalization process itself, it SHOULD NOT make a JID prep request to the server.

-

Upon a successful response, the client SHOULD cache the result, mapping the original JID to the normalized version.

-

In order to reduce the number of queries made by clients, the server MUST enforce normalization rules for any JID slots understood by the server (e.g. the to and from attributes, roster item JIDs, etc).This requirement is intended to be subsumed by the requirements introduced in &rfc6122bis;

+ +

If a client has the ability to perform the normalization process + itself, it SHOULD NOT make use of the protocol defined herein.

+ +

Upon a successful response, it is RECOMMENDED that the client + caches the result, mapping the original JID to the normalized + version.

+ + -

As the process for normalizing a JID can be resource intensive, there is a possibility for denial of service attacks. A server MAY rate limit the number of requests to prevent such attacks. Likewise, the server MAY only respond to requests from users that are local to the server.

+ +

As the process for normalizing and validating a JID can be + resource intensive, there is a possibility for denial of service + attacks. A server MAY rate limit the number of requests to prevent + such attacks. Likewise, the server MAY restrict access to the + service torequests from users that are local to the server or + otherwhise trusted.

+ +

This document requires no interaction with &IANA;.

 + + -

The ®ISTRAR; includes 'urn:xmpp:jidprep:0' in its registry of protocol namespaces (see &NAMESPACES;).

+ +

The ®ISTRAR; includes 'urn:xmpp:jidprep:1' in its registry of protocol namespaces (see &NAMESPACES;).

+
    -
  • urn:xmpp:jidprep:0
    • +
  • urn:xmpp:jidprep:1
+ + &NSVER; - -

The ®ISTRAR; includes a category of "component" in its registry of Service Discovery identities (see &DISCOCATEGORIES;); as a result of this document, the Registrar includes a type of "jidprep" to that category.

-

The registry submission is as follows:

- - component - - jidprep - - A server component that offers a JID prepping - and normalization service to constrained clients. - - XEP-0328 - - -]]> - + + - - +

TODO: Add once the XEP leaves the experimental state.

- - - The protocol documented by this schema is defined in - XEP-xxxx: http://www.xmpp.org/extensions/xep-xxxx.html - - - - - - - - - - -]]> +