From cba1dd9f45ace898efb8da5d82a3803c2919fbdf Mon Sep 17 00:00:00 2001
From: Peter Saint-Andre <stpeter@jabber.org>
Date: Mon, 29 Jan 2007 16:27:48 +0000
Subject: [PATCH] 0.6

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@440 4b5297f7-1745-476d-ba37-a9c6900126ab
---
 xep-0178.xml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/xep-0178.xml b/xep-0178.xml
index e3e6b28c..04dc1fe1 100644
--- a/xep-0178.xml
+++ b/xep-0178.xml
@@ -22,6 +22,12 @@
   <shortname>N/A</shortname>
   &stpeter;
   &pgmillard;
+  <revision>
+    <version>0.6</version>
+    <date>2007-01-29</date>
+    <initials>psa</initials>
+    <remark><p>Allowed client to not include an authorization identity if the certificate contains no XMPP address (thus depending on the server to assign the identity).</p></remark>
+  </revision>
   <revision>
     <version>0.5</version>
     <date>2007-01-25</date>
@@ -161,7 +167,7 @@
       ]]></code>
     </li>
     <li>
-      <p>Because client presented a certificate, client SHOULD consider EXTERNAL to be its preferred SASL mechanism. Note: If the client certificate includes only one XMPP address and the user wishes to authorize as the identity that has been authenticated by the TLS layer (i.e., the XMPP address that is contained in the client certificate), then the client SHOULD NOT include an authorization identity (i.e., the XML character data for the <auth/> element SHOULD be "=", indicating an empty response); however, if the client certificate contains either no XMPP address or more than one XMPP address, or if the user wishes to authorize as another identity, then the client MUST include an authorization identity.</p>
+      <p>Because client presented a certificate, client SHOULD consider EXTERNAL to be its preferred SASL mechanism. If the client certificate includes only one XMPP address and the user wishes to authorize as the identity that has been authenticated by the TLS layer (i.e., the XMPP address that is contained in the client certificate), then the client SHOULD NOT include an authorization identity (i.e., the XML character data for the <auth/> element SHOULD be "=", indicating an empty response); if the client certificate contains more than one XMPP address or if the user wishes to authorize as another identity, then the client MUST include an authorization identity; if the client certificate contain no XMPP address, then the client SHOULD include an authorization identity (but MAY include no authorzation identity since the client may not even know its identity, instead having it assigned by the server).</p>
       <code><![CDATA[
 <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>=</auth>
       ]]></code>
@@ -200,7 +206,7 @@
 </failure>
 </stream:stream>
           ]]></code>
-          <p>If JID mapping is successful but the mapped JID does not match the authorization identity provided, then the server MUST return a SASL failure case of &lt;invalid-authzid/&gt; and close the stream.</p>
+          <p>If JID mapping is successful but the mapped JID does not match the authorization identity provided (if any), then the server MUST return a SASL failure case of &lt;invalid-authzid/&gt; and close the stream.</p>
           <code><![CDATA[
 <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
   <invalid-authzid/>
@@ -348,7 +354,7 @@
   <p>This document requires no interaction with the &REGISTRAR;.</p>
 </section1>
 <section1 topic='Acknowledgements' anchor='ack'>
-  <p>Thanks to Dave Cridland, Phillip Hancke, Justin Karneges, Rob Norris, and Matthias Wimmer for their comments.</p>
+  <p>Thanks to Dave Cridland, Phillip Hancke, Joe Hildebrand, Justin Karneges, Rob Norris, and Matthias Wimmer for their comments.</p>
 </section1>
 <section1 topic='Author Note' anchor='authornote'>
   <p>Peter Millard, co-author of the initial version of this specification, died on April 26, 2006. The remaining author appreciates his assistance in defining the best practices described herein.</p>