&xep0114; defines a protocol that enables a server component to connect to an XMPP server. However, there are a number of perceived limitations with that protocol:

• It does not support Transport Layer Security (TLS; see &rfc5246;) for channel encryption.
• It does not support the Simple Authentication and Security Layer (SASL; see &rfc4422;) for authentication.
• It does not enable a component to bind multiple hostnames to one stream (as, for example, a client can bind multiple resource identifiers).
• It multiplies namespaces beyond necessity, adding the "jabber:component:accept" and "jabber:component:connect" namespaces to "jabber:client" and "jabber:server".

This document specifies a standards-track protocol that addresses the basic requirements for component connections. In the future, additional documents may specify more advanced features on top of the protocol defined herein.

This document addresses the following requirements:

1. Support Transport Layer Security for channel encryption.
2. Support the Simple Authentication and Security Layer for authentication.
3. Enable a component to bind multiple hostnames to one stream.
4. Use one of the existing default namespaces for XML streams between components and servers.

XML streams are established between a component and a server exactly as they are between a client and a server as specified in &xmppcore;, with the following exceptions:

1. The 'from' address of the initial stream header SHOULD be the "default" hostname of the component.
2. The JID asserted by the end entity (in this case a component) during STARTTLS negotiation and SASL negotiation MUST be of the form <domain> in conformance with the definition of a domain identifier from XMPP Core.
3. If a "simple user name" is included in accordance with the chosen SASL mechanism, it MUST be of the form <domain> in conformance with the definition of a domain identifier from XMPP Core.

The protocol defined in XEP-0114 depended on use of the 'to' address in the stream header to specify the hostname of the component. By contrast, client-to-server connections use stream establishment is followed by binding of a resource to the stream (in fact multiple resources can be bound to the stream). This protocol emulates client-to-server connections by using a hostname binding process that is similar to the resource binding process specified in XMPP Core.

If a server offers component binding over a stream, it MUST advertise a feature of "urn:xmpp:component:0".

In order to bind a hostname, the component sends a bind request to the server.

If the hostname can be bound, the server MUST return an IQ-result specifying the exact hostname that was bound.

If the hostname cannot be bound, the server MUST return an IQ-error, which SHOULD be &badrequest;, &conflict;, ¬allowed;, or &constraint;, just as with client resource binding as specified in RFC 3920.

Note: Although the JID asserted during STARTTLS and SASL negotiation MUST be of the form <domain> (i.e., an XMPP domain identifier), the <hostname/> element MAY be of the form <domain/resource>. This form can be used for application-specific functionality (e.g., load balancing), but such functionality is out of scope for this specification.

A component can send a subsequent bind request to bind another hostname (a server MUST support binding of multiple hostnames).

If the server cannot process the bind request (e.g., because the component has already bound the desired hostname), the server MUST return an IQ-error (e.g., &conflict;).

A component can also unbind a resource that has already been bound (a server MUST support unbinding).

If the hostname can be unbound, the server MUST return an IQ-result.

This protocol improves upon the earlier component protocol defined in XEP-0114 by specifying the use of Transport Layer Security (TLS) for channel encryption and the Simple Authentication and Security Layer (SASL) for authentication. Because this protocol re-uses the XML stream establishment processes defined in XMPP Core, the security considerations from RFC 3920 and RFC 6120 apply to this protocol as well.

This document requires no interaction with &IANA;.