No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

xep-0077.xml 47KB

  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <!DOCTYPE xep SYSTEM 'xep.dtd' [
  3. <!ENTITY % ents SYSTEM 'xep.ent'>
  4. %ents;
  5. ]>
  6. <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
  7. <xep>
  8. <header>
  9. <title>In-Band Registration</title>
  10. <abstract>This specification defines an XMPP protocol extension for in-band registration with XMPP-based instant messaging servers and other services hosted on an XMPP network (such as groupchat rooms and gateways to non-XMPP IM services). The protocol is extensible via use of data forms, thus enabling services to gather a wide range of information during the registration process. The protocol also supports in-band password changes and cancellation of an existing registration.</abstract>
  12. <number>0077</number>
  13. <status>Final</status>
  14. <type>Standards Track</type>
  15. <sig>Standards</sig>
  16. <dependencies>
  17. <spec>XMPP Core</spec>
  18. </dependencies>
  19. <supersedes/>
  20. <supersededby/>
  21. <shortname>iq-register</shortname>
  22. <schemaloc>
  23. <url></url>
  24. </schemaloc>
  25. &stpeter;
  26. <revision>
  27. <version>2.4</version>
  28. <date>2012-01-25</date>
  29. <initials>psa</initials>
  30. <remark><p>Defined service discovery support.</p></remark>
  31. </revision>
  32. <revision>
  33. <version>2.3</version>
  34. <date>2009-09-15</date>
  35. <initials>psa</initials>
  36. <remark><p>Clarified that fields for "first" and "last" in fact always represent given name and family name, respectively.</p></remark>
  37. </revision>
  38. <revision>
  39. <version>2.2</version>
  40. <date>2006-01-24</date>
  41. <initials>psa</initials>
  42. <remark><p>Further specified integration with data forms, specifically if needed to require additional information when cancelling an existing registration (e.g., username and password) or changing a password (e.g., old password); also clarified server handling of cancelled registrations.</p></remark>
  43. </revision>
  44. <revision>
  45. <version>2.1</version>
  46. <date>2005-07-14</date>
  47. <initials>psa</initials>
  48. <remark><p>Clarified the extensibility rules; removed expiration date; modified schema to document optional inclusion of jabber:x:data and jabber:x:oob information.</p></remark>
  49. </revision>
  50. <revision>
  51. <version>2.0</version>
  52. <date>2004-08-30</date>
  53. <initials>psa</initials>
  54. <remark><p>Per a vote of the Jabber Council, advanced status to Final; also specified that by server is meant an instant messaging server.</p></remark>
  55. </revision>
  56. <revision>
  57. <version>1.6</version>
  58. <date>2004-08-23</date>
  59. <initials>psa</initials>
  60. <remark><p>In order to address Council concerns, clarified precedence order of x:data, iq:register, and x:oob; further specified server handling of initial registration requests from unregistered entities.</p></remark>
  61. </revision>
  62. <revision>
  63. <version>1.5</version>
  64. <date>2004-07-21</date>
  65. <initials>psa</initials>
  66. <remark><p>Specified server handling of requests from unregistered entities.</p></remark>
  67. </revision>
  68. <revision>
  69. <version>1.4</version>
  70. <date>2004-05-10</date>
  71. <initials>psa</initials>
  72. <remark><p>Removed conformance language regarding servers and services (belongs in a protocol suite specification).</p></remark>
  73. </revision>
  74. <revision>
  75. <version>1.3</version>
  76. <date>2004-02-24</date>
  77. <initials>psa</initials>
  78. <remark><p>Added text about redirection to web registration.</p></remark>
  79. </revision>
  80. <revision>
  81. <version>1.2</version>
  82. <date>2003-11-26</date>
  83. <initials>psa</initials>
  84. <remark><p>Documented use of &lt;key/&gt; element; added optional stream feature; added XMPP error handling; specified handling of empty passwords.</p></remark>
  85. </revision>
  86. <revision>
  87. <version>1.1</version>
  88. <date>2003-10-02</date>
  89. <initials>psa</initials>
  90. <remark><p>Moved change password use case from XEP-0078.</p></remark>
  91. </revision>
  92. <revision>
  93. <version>1.0</version>
  94. <date>2003-06-18</date>
  95. <initials>psa</initials>
  96. <remark><p>Per a vote of the Jabber Council, advanced status to Draft.</p></remark>
  97. </revision>
  98. <revision>
  99. <version>0.9</version>
  100. <date>2003-06-18</date>
  101. <initials>psa</initials>
  102. <remark><p>Changes to address Council concerns.</p></remark>
  103. </revision>
  104. <revision>
  105. <version>0.8</version>
  106. <date>2003-06-13</date>
  107. <initials>psa</initials>
  108. <remark><p>Restored the &lt;misc/&gt; and &lt;text/&gt; elements; added the old &lt;key/&gt; element; specified these three elements as obsolete.</p></remark>
  109. </revision>
  110. <revision>
  111. <version>0.7</version>
  112. <date>2003-06-12</date>
  113. <initials>psa</initials>
  114. <remark><p>Added &lt;registered/&gt; element; specified FORM_TYPE for x:data form; clarified that support for the extensibility mechanism is optional; removed the &lt;misc/&gt; and &lt;text/&gt; elements (not necessary given extensibility option); added &lt;nick/&gt;, &lt;first/&gt;, and &lt;last/&gt; elements that were traditionally documented as part of jabber:iq:register.</p></remark>
  115. </revision>
  116. <revision>
  117. <version>0.6</version>
  118. <date>2003-06-06</date>
  119. <initials>psa</initials>
  120. <remark><p>Removed XMPP-style error conditions until formats are stable.</p></remark>
  121. </revision>
  122. <revision>
  123. <version>0.5</version>
  124. <date>2003-05-30</date>
  125. <initials>psa</initials>
  126. <remark><p>Removed "encrypted secret" content, added information about expiration date.</p></remark>
  127. </revision>
  128. <revision>
  129. <version>0.4</version>
  130. <date>2003-05-28</date>
  131. <initials>psa</initials>
  132. <remark><p>Added "encrypted secret" content.</p></remark>
  133. </revision>
  134. <revision>
  135. <version>0.3</version>
  136. <date>2003-05-20</date>
  137. <initials>psa</initials>
  138. <remark><p>Slight editorial revisions.</p></remark>
  139. </revision>
  140. <revision>
  141. <version>0.2</version>
  142. <date>2003-04-29</date>
  143. <initials>psa</initials>
  144. <remark><p>Fixed schema, made minor editorial changes.</p></remark>
  145. </revision>
  146. <revision>
  147. <version>0.1</version>
  148. <date>2003-04-06</date>
  149. <initials>psa</initials>
  150. <remark><p>Initial version.</p></remark>
  151. </revision>
  152. </header>
  153. <section1 topic='Introduction' anchor='intro'>
  154. <p>The Jabber protocols have long included a method for in-band registration with instant messaging servers and associated services. This method makes use of the 'jabber:iq:register' namespace and has been documented variously in Internet-Drafts and elsewhere. Because in-band registration is not required by &rfc2779;, documentation of the 'jabber:iq:register' namespace was removed from &xmppim;. This specification fills the void for canonical documentation.</p>
  155. </section1>
  156. <section1 topic='Requirements' anchor='reqs'>
  157. <p>In-band registration must make it possible for an entity to register with a host, cancel an existing registration with a host, or change a password with a host. By "host" is meant either of the following:</p>
  158. <ol>
  159. <li>an instant messaging server, such as described in <cite>XMPP IM</cite> and identified by the "server/im" &xep0030; category+type</li>
  160. <li>an add-on service, such as a gateway (see &xep0100;) or a &xep0045; service</li>
  161. </ol>
  162. <p>If needed, extensibility with regard to information gathered should be done using &xep0004;.</p>
  163. </section1>
  164. <section1 topic='Use Cases' anchor='usecases'>
  165. <section2 topic='Entity Registers with a Host' anchor='usecases-register'>
  166. <p>In order to determine which fields are required for registration with a host, an entity SHOULD first send an IQ get to the host. The entity SHOULD NOT attempt to guess at the required fields by first sending an IQ set, since the nature of the required data is subject to service provisioning.</p>
  167. <example caption='Entity Requests Registration Fields from Host'><![CDATA[
  168. <iq type='get' id='reg1' to='shakespeare.lit'>
  169. <query xmlns='jabber:iq:register'/>
  170. </iq>
  171. ]]></example>
  172. <p>If the entity is not already registered and the host supports In-Band Registration, the host MUST inform the entity of the required registration fields. If the host does not support In-Band Registration, it MUST return a &unavailable; error. If the host is redirecting registration requests to some other medium (e.g., a website), it MAY return an &lt;instructions/&gt; element only, as shown in the <link url="#redirect">Redirection</link> section of this document.</p>
  173. <example caption='Host Returns Registration Fields to Entity'><![CDATA[
  174. <iq type='result' id='reg1'>
  175. <query xmlns='jabber:iq:register'>
  176. <instructions>
  177. Choose a username and password for use with this service.
  178. Please also provide your email address.
  179. </instructions>
  180. <username/>
  181. <password/>
  182. <email/>
  183. </query>
  184. </iq>
  185. ]]></example>
  186. <p>If the host determines (based on the 'from' address) that the entity is already registered, the IQ result that it sends in response to the IQ get MUST contain an empty &lt;registered/&gt; element (indicating that the entity is already registered), SHOULD contain the registration information currently on file for the entity (although the &lt;password/&gt; element MAY be empty), and SHOULD contain an &lt;instructions/&gt; element (whose XML character data MAY be modified to reflect the fact that the entity is currently registered).</p>
  187. <p>If the host is an instant messaging server, it SHOULD assume that the requesting entity is unregistered at this stage unless the entity has already authenticated (for details, see the <link url="#usecases-register-server">Registration with a Server</link> section below).</p>
  188. <example caption='Host Informs Entity of Current Registration'><![CDATA[
  189. <iq type='result' id='reg1'>
  190. <query xmlns='jabber:iq:register'>
  191. <registered/>
  192. <username>juliet</username>
  193. <password>R0m30</password>
  194. <email></email>
  195. </query>
  196. </iq>
  197. ]]></example>
  198. <p>If the entity is not already registered, the entity SHOULD provide the required information.</p>
  199. <example caption='Entity Provides Required Information'><![CDATA[
  200. <iq type='set' id='reg2'>
  201. <query xmlns='jabber:iq:register'>
  202. <username>bill</username>
  203. <password>Calliope</password>
  204. <email>bard@shakespeare.lit</email>
  205. </query>
  206. </iq>
  207. ]]></example>
  208. <p>Note: The requesting entity MUST provide information for all of the elements (other than &lt;instructions/&gt;) contained in the IQ result.</p>
  209. <example caption='Host Informs Entity of Successful Registration'><![CDATA[
  210. <iq type='result' id='reg2'/>
  211. ]]></example>
  212. <p>Alternatively, registration may fail. Possible causes of failure include a username conflict (the desired username is already in use by another entity) and the fact that the requesting entity neglected to provide all of the required information.</p>
  213. <example caption='Host Informs Entity of Failed Registration (Username Conflict)'><![CDATA[
  214. <iq type='error' id='reg2'>
  215. <query xmlns='jabber:iq:register'>
  216. <username>bill</username>
  217. <password>m1cro$oft</password>
  218. <email></email>
  219. </query>
  220. <error code='409' type='cancel'>
  221. <conflict xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  222. </error>
  223. </iq>
  224. ]]></example>
  225. <p>If the requesting entity does not provide all of the requested information during registration <note>This includes providing an empty password element or a password element that contains no XML character data, i.e., either &lt;password/&gt; or &lt;password&gt;&lt;/password&gt;.</note> then the server or service MUST return a &notacceptable; error to the requesting entity.</p>
  226. <example caption='Host Informs Entity of Failed Registration (Some Required Information Not Provided)'><![CDATA[
  227. <iq type='error' id='reg2'>
  228. <query xmlns='jabber:iq:register'>
  229. <username>bill</username>
  230. <password>Calliope</password>
  231. </query>
  232. <error code='406' type='modify'>
  233. <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  234. </error>
  235. </iq>
  236. ]]></example>
  237. <p>If the host requires additional information above and beyond the data elements specified in the schema, it SHOULD use Data Forms as described in the <link url='#extensibility'>Extensibility</link> section of this document. (The next three examples show registration of an existing account with a third-party service, not of an entity with a server for the purpose of account registration.)</p>
  238. <example caption='Entity Requests Registration Fields from Host'><![CDATA[
  239. <iq type='get'
  240. from=''
  241. to='contests.shakespeare.lit'
  242. id='reg3'>
  243. <query xmlns='jabber:iq:register'/>
  244. </iq>
  245. ]]></example>
  246. <example caption='Host Returns Registration Form to Entity'><![CDATA[
  247. <iq type='result'
  248. from='contests.shakespeare.lit'
  249. to=''
  250. id='reg3'>
  251. <query xmlns='jabber:iq:register'>
  252. <instructions>
  253. Use the enclosed form to register. If your Jabber client does not
  254. support Data Forms, visit http://www.shakespeare.lit/contests.php
  255. </instructions>
  256. <x xmlns='jabber:x:data' type='form'>
  257. <title>Contest Registration</title>
  258. <instructions>
  259. Please provide the following information
  260. to sign up for our special contests!
  261. </instructions>
  262. <field type='hidden' var='FORM_TYPE'>
  263. <value>jabber:iq:register</value>
  264. </field>
  265. <field type='text-single' label='Given Name' var='first'>
  266. <required/>
  267. </field>
  268. <field type='text-single' label='Family Name' var='last'>
  269. <required/>
  270. </field>
  271. <field type='text-single' label='Email Address' var='email'>
  272. <required/>
  273. </field>
  274. <field type='list-single' label='Gender' var='x-gender'>
  275. <option label='Male'><value>M</value></option>
  276. <option label='Female'><value>F</value></option>
  277. </field>
  278. </x>
  279. </query>
  280. </iq>
  281. ]]></example>
  282. <p>The user then SHOULD return the form:</p>
  283. <example caption='User Submits Registration Form'><![CDATA[
  284. <iq type='set'
  285. from=''
  286. to='contests.shakespeare.lit'
  287. id='reg4'>
  288. <query xmlns='jabber:iq:register'>
  289. <x xmlns='jabber:x:data' type='submit'>
  290. <field type='hidden' var='FORM_TYPE'>
  291. <value>jabber:iq:register</value>
  292. </field>
  293. <field type='text-single' label='Given Name' var='first'>
  294. <value>Juliet</value>
  295. </field>
  296. <field type='text-single' label='Family Name' var='last'>
  297. <value>Capulet</value>
  298. </field>
  299. <field type='text-single' label='Email Address' var='email'>
  300. <value></value>
  301. </field>
  302. <field type='list-single' label='Gender' var='x-gender'>
  303. <value>F</value>
  304. </field>
  305. </x>
  306. </query>
  307. </iq>
  308. ]]></example>
  309. <section3 topic='Registration with a Server' anchor='usecases-register-server'>
  310. <p>Special care must be taken when an unregistered entity interacts with a server rather than a service. Normally, a server enables in-band registration so that entities can "bootstrap" their participation in the Jabber network; this bootstrapping happens when an unregistered and unauthenticated entity opens a TCP connection to a server and immediately completes the registration use case with the server, then authenticates using the newly-registered identity. As noted, when a server receives an IQ-get for registration information, it SHOULD assume that the requesting entity is unregistered unless the entity has already authenticated.</p>
  311. <p>Depending on local service provisioning, a server MAY return a &notacceptable; stanza error if an unregistered entity attempts to register too many times before authenticating or if an entity attempts to register a second identity after successfully completing the registration use case; a server MAY also return a &lt;not-authorized/&gt; stream error if the unregistered entity waits too long before authenticating or attempts to complete a task other than authentication after successfully completing the registration use case.</p>
  312. </section3>
  313. </section2>
  314. <section2 topic='Entity Cancels an Existing Registration' anchor='usecases-cancel'>
  315. <p>The 'jabber:iq:register' namespace also makes it possible for an entity to cancel a registration with a host by sending a &lt;remove/&gt; element in an IQ set. The host MUST determine the identity of the requesting entity based on the 'from' address of the IQ get.</p>
  316. <example caption='Entity Requests Cancellation of Existing Registration'><![CDATA[
  317. <iq type='set' from='bill@shakespeare.lit/globe' id='unreg1'>
  318. <query xmlns='jabber:iq:register'>
  319. <remove/>
  320. </query>
  321. </iq>
  322. ]]></example>
  323. <example caption='Host Informs Entity of Successful Cancellation'><![CDATA[
  324. <iq type='result' to='bill@shakespeare.lit/globe' id='unreg1'/>
  325. ]]></example>
  326. <p>There are two scenarios:</p>
  327. <ol>
  328. <li><p>If the entity cancels its registration with its "home" server (i.e., the server at which it has maintained its XMPP account), then the entity SHOULD NOT include a 'from' or 'to' address in the remove request the server SHOULD then return a &lt;not-authorized/&gt; stream error and terminate all active sessions for the entity. The server SHOULD perform the remove based on the bare JID &LOCALBARE; associated with the current session or connection over which it received the remove request. If the server is an instant messaging and presence server that conforms to &xmppim;, the server SHOULD also cancel all existing presence subscriptions related to that entity (as stored in the entity's roster).</p></li>
  329. <li><p>If the entity cancels its registration with a service other than its home server, its home server MUST stamp a 'from' address on the remove request, which in accordance with <cite>XMPP Core</cite> will be the entity's full JID &LOCALFULL;. The service MUST perform the remove based on the bare JID &LOCALBARE; portion of the 'from' address.</p></li>
  330. </ol>
  331. <p>As specified below, several error cases are possible.</p>
  332. <table caption='Unregister Error Cases'>
  333. <tr><th>Condition</th><th>Description</th></tr>
  334. <tr><td>&badrequest;</td><td>The &lt;remove/&gt; element was not the only child element of the &lt;query/&gt; element.</td></tr>
  335. <tr><td>&forbidden;</td><td>The sender does not have sufficient permissions to cancel the registration.</td></tr>
  336. <tr><td>&notallowed;</td><td>No sender is allowed to cancel registrations in-band.</td></tr>
  337. <tr><td>&registration;</td><td>The entity sending the remove request was not previously registered.</td></tr>
  338. <tr><td>&unexpected;</td><td>The host is an instant messaging server and the IQ get does not contain a 'from' address because the entity is not registered with the server.</td></tr>
  339. </table>
  340. <example caption='Host Informs Client of Failed Cancellation (Bad Request)'><![CDATA[
  341. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='unreg1'>
  342. <error code='400' type='modify'>
  343. <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  344. </error>
  345. </iq>
  346. ]]></example>
  347. <example caption='Host Informs Client of Failed Cancellation (Forbidden)'><![CDATA[
  348. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='unreg1'>
  349. <error code='401' type='cancel'>
  350. <forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  351. </error>
  352. </iq>
  353. ]]></example>
  354. <example caption='Server Informs Client of Failed Cancellation (Not Allowed)'><![CDATA[
  355. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='unreg1'>
  356. <error code='405' type='cancel'>
  357. <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  358. </error>
  359. </iq>
  360. ]]></example>
  361. <p>A given deployment MAY choose to require additional information (such as the old password or previously-gathered personal information) before cancelling the registration. In order to do so, the server or service SHOULD return a Data Form in the error stanza:</p>
  362. <example caption='Server Returns Cancellation Form With Error'><![CDATA[
  363. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='unreg1'>
  364. <query xmlns='jabber:iq:register'>
  365. <x xmlns='jabber:x:data' type='form'>
  366. <title>Cancel Registration</title>
  367. <instructions>Use this form to cancel your registration.</instructions>
  368. <field type='hidden' var='FORM_TYPE'>
  369. <value>jabber:iq:register:cancel</value>
  370. </field>
  371. <field type='text-single' label='Username' var='username'>
  372. <required/>
  373. </field>
  374. <field type='text-private' label='Password' var='password'>
  375. <required/>
  376. </field>
  377. <field type='text-single' label='Mother&apos;s Maiden Name' var='x-mmn'>
  378. <required/>
  379. </field>
  380. </x>
  381. </query>
  382. <error code='405' type='cancel'>
  383. <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  384. </error>
  385. </iq>
  386. ]]></example>
  387. <p>The user then SHOULD return the form:</p>
  388. <example caption='User Returns Cancellation Form'><![CDATA[
  389. <iq type='set' from='bill@shakespeare.lit/globe' to='shakespeare.lit' id='unreg2'>
  390. <query xmlns='jabber:iq:register'>
  391. <x xmlns='jabber:x:data' type='submit'>
  392. <field type='hidden' var='FORM_TYPE'>
  393. <value>jabber:iq:register:cancel</value>
  394. </field>
  395. <field type='text-single' var='username'>
  396. <value>bill@shakespeare.lit</value>
  397. </field>
  398. <field type='text-private' var='password'>
  399. <value>theglobe</value>
  400. </field>
  401. <field type='text-single' var='x-mmn'>
  402. <value>Throckmorton</value>
  403. </field>
  404. </x>
  405. </query>
  406. </iq>
  407. ]]></example>
  408. </section2>
  409. <section2 topic='User Changes Password' anchor='usecases-changepw'>
  410. <p>The 'jabber:iq:register' namespace enables a user to change his or her password with a server or service. Once registered, the user can change passwords by sending an XML stanza of the following form:</p>
  411. <example caption='Password Change'><![CDATA[
  412. <iq type='set' to='shakespeare.lit' id='change1'>
  413. <query xmlns='jabber:iq:register'>
  414. <username>bill</username>
  415. <password>newpass</password>
  416. </query>
  417. </iq>
  418. ]]></example>
  419. <p>Because the password change request contains the password in plain text, a client SHOULD NOT send such a request unless the underlying stream is encrypted (using SSL or TLS) and the client has verified that the server certificate is signed by a trusted certificate authority. A given deployment MAY choose to disable password changes if the stream is not properly encrypted, to disable in-band password changes, or to require additional information (such as the old password or previously-gathered personal information) before changing the password.</p>
  420. <p>If the user provides an empty password element or a password element that contains no XML character data (i.e., either &lt;password/&gt; or &lt;password&gt;&lt;/password&gt;), the server or service MUST NOT change the password to a null value, but instead MUST maintain the existing password.</p>
  421. <example caption='Host Informs Client of Successful Password Change'><![CDATA[
  422. <iq type='result' id='change1'/>
  423. ]]></example>
  424. <p>Several error conditions are possible:</p>
  425. <table caption='Password Change Error Cases'>
  426. <tr><th>Condition</th><th>Description</th></tr>
  427. <tr><td>&badrequest;</td><td>The password change request does not contain complete information (e.g., the service requires inclusion of the &lt;username/&gt; element).</td></tr>
  428. <tr><td>&notauthorized;</td><td>The server or service does not consider the channel safe enough to enable a password change.</td></tr>
  429. <tr><td>&notallowed;</td><td>The server or service does not allow password changes.</td></tr>
  430. <tr><td>&unexpected;</td><td>The host is an instant messaging server and the IQ set does not contain a 'from' address because the entity is not registered with the server.</td></tr>
  431. </table>
  432. <p>The server or service SHOULD NOT return the original XML sent in IQ error stanzas related to password changes.</p>
  433. <example caption='Host Informs Client of Failed Password Change (Bad Request)'><![CDATA[
  434. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='change1'>
  435. <error code='400' type='modify'>
  436. <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  437. </error>
  438. </iq>
  439. ]]></example>
  440. <example caption='Host Informs Client of Failed Password Change (Not Authorized)'><![CDATA[
  441. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='change1'>
  442. <error code='401' type='modify'>
  443. <not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  444. </error>
  445. </iq>
  446. ]]></example>
  447. <example caption='Server Informs Client of Failed Password Change (Not Allowed)'><![CDATA[
  448. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='change1'>
  449. <error code='405' type='cancel'>
  450. <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  451. </error>
  452. </iq>
  453. ]]></example>
  454. <p>In order to require additional information before changing the password, the server or service SHOULD return a Data Form in the error stanza:</p>
  455. <example caption='Server Returns Password Change Form With Error'><![CDATA[
  456. <iq type='error' from='shakespeare.lit' to='bill@shakespeare.lit/globe' id='change1'>
  457. <query xmlns='jabber:iq:register'>
  458. <x xmlns='jabber:x:data' type='form'>
  459. <title>Password Change</title>
  460. <instructions>Use this form to change your password.</instructions>
  461. <field type='hidden' var='FORM_TYPE'>
  462. <value>jabber:iq:register:changepassword</value>
  463. </field>
  464. <field type='text-single' label='Username' var='username'>
  465. <required/>
  466. </field>
  467. <field type='text-private' label='Old Password' var='old_password'>
  468. <required/>
  469. </field>
  470. <field type='text-private' label='New Password' var='password'>
  471. <required/>
  472. </field>
  473. <field type='text-single' label='Mother&apos;s Maiden Name' var='x-mmn'>
  474. <required/>
  475. </field>
  476. </x>
  477. </query>
  478. <error code='401' type='modify'>
  479. <not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  480. </error>
  481. </iq>
  482. ]]></example>
  483. <p>The user then SHOULD return the form:</p>
  484. <example caption='User Returns Password Change Form'><![CDATA[
  485. <iq type='set' from='bill@shakespeare.lit/globe' to='shakespeare.lit' id='change2'>
  486. <query xmlns='jabber:iq:register'>
  487. <x xmlns='jabber:x:data' type='submit'>
  488. <field type='hidden' var='FORM_TYPE'>
  489. <value>jabber:iq:register:changepassword</value>
  490. </field>
  491. <field type='text-single' var='username'>
  492. <value>bill@shakespeare.lit</value>
  493. </field>
  494. <field type='text-private' var='old_password'>
  495. <value>theglobe</value>
  496. </field>
  497. <field type='text-private' var='password'>
  498. <value>groundlings</value>
  499. </field>
  500. <field type='text-single' var='x-mmn'>
  501. <value>Throckmorton</value>
  502. </field>
  503. </x>
  504. </query>
  505. </iq>
  506. ]]></example>
  507. </section2>
  508. </section1>
  509. <section1 topic='Extensibility' anchor='extensibility'>
  510. <p>The fields defined for the 'jabber:iq:register' namespace are strictly limited to those specified in the schema. If a host needs to gather additional information, <cite>XEP-0004: Data Forms</cite> ("x:data") SHOULD be used according to the following rules:</p>
  511. <ol>
  512. <li>A host MUST NOT add new fields to the 'jabber:iq:register' namespace; instead, extensibility SHOULD be pursued via the <cite>Data Forms</cite> protocol as specified herein.</li>
  513. <li>The x:data form shall be contained as a child element of the &lt;query xmlns='jabber:iq:register'/&gt; element (it cannot be a child of the &IQ; stanza and comply with &rfc6120;).</li>
  514. <li>The x:data form SHOULD contain x:data fields that correspond to all of the iq:register fields (e.g., username and password).</li>
  515. <li>The x:data form SHOULD use a hidden FORM_TYPE field for the purpose of standardizing field names within the form, as defined in &xep0068;.</li>
  516. <li>The x:data form shall take precedence over the iq:register fields; if the submitting entity supports the <cite>Data Forms</cite> protocol, it SHOULD submit the data form rather than the predefined 'jabber:iq:register' fields, and MUST NOT submit both the data form and the predefined fields (see the <link url='#precedence'>Precedence Order</link> section of this document).</li>
  517. </ol>
  518. <p>Support for extensibility via <cite>Data Forms</cite> is RECOMMENDED but is not required for compliance with this document.</p>
  519. </section1>
  520. <section1 topic='Redirection' anchor='redirect'>
  521. <p>A given deployment MAY wish to redirect users to another medium (e.g., a website) for registration, rather than allowing in-band registration. The recommended approach is to include only the &lt;instructions/&gt; element rather than the required fields or a data form in the IQ result, as well as a URL encoded using &xep0066; (see the <link url="#precedence">Precedence Order</link> section below for further details).</p>
  522. <example caption='Host Redirects Entity to Web Registration'><![CDATA[
  523. <iq type='result'
  524. from='contests.shakespeare.lit'
  525. to=''
  526. id='reg3'>
  527. <query xmlns='jabber:iq:register'>
  528. <instructions>
  529. To register, visit http://www.shakespeare.lit/contests.php
  530. </instructions>
  531. <x xmlns='jabber:x:oob'>
  532. <url>http://www.shakespeare.lit/contests.php</url>
  533. </x>
  534. </query>
  535. </iq>
  536. ]]></example>
  537. </section1>
  538. <section1 topic='Precedence Order' anchor='precedence'>
  539. <p>Given the foregoing discussion, it is evident that an entity could receive any combination of iq:register, x:data, and x:oob namespaces from a service in response to a request for information. The precedence order is as follows:</p>
  540. <ol start='1'>
  541. <li>x:data</li>
  542. <li>iq:register</li>
  543. <li>x:oob</li>
  544. </ol>
  545. <p>(Naturally, if the receiving application does not understand any of the foregoing namespaces, it MUST ignore the data qualified by that namespace.)</p>
  546. <p>Thus it is possible that the host may return any of the following combinations, in which case the submitting application MUST proceed as defined in the table below (it is assumed that "iq:register fields" means instructions plus fields, whereas "iq:register instructions" means the &lt;instructions/&gt; element only):</p>
  547. <table caption='Recommended Processing of Namespace Combinations'>
  548. <tr>
  549. <th>Included Data</th>
  550. <th>Recommended Processing</th>
  551. <th>Notes</th>
  552. </tr>
  553. <tr>
  554. <td>iq:register fields</td>
  555. <td>Submit the completed iq:register fields.</td>
  556. <td>This is the normal processing model for "legacy" services and clients.</td>
  557. </tr>
  558. <tr>
  559. <td>x:data form + iq:register fields</td>
  560. <td>Submit the completed x:data form if understood, otherwise submit the completed iq:register fields; however, an application MUST NOT submit both.</td>
  561. <td>The iq:register fields would be included for "legacy" clients; this combination SHOULD NOT be used if the x:data form includes required fields (e.g., a public key) that are not equivalent to defined iq:register fields (the next combination SHOULD be used instead).</td>
  562. </tr>
  563. <tr>
  564. <td>x:data form + iq:register instructions</td>
  565. <td>Submit the completed x:data form if understood, otherwise present the iq:register instructions to the user.</td>
  566. <td>This combination SHOULD be used if the x:data form includes required fields (e.g., a public key) that are not equivalent to defined iq:register fields and an alternate URL is not available.</td>
  567. </tr>
  568. <tr>
  569. <td>x:data form + x:oob URL</td>
  570. <td>Submit the completed x:data form if understood, otherwise present the provided URL as an alternative.</td>
  571. <td>This combination MAY be returned by a host, but a host SHOULD return the next combination instead in order to support the full range of legacy clients.</td>
  572. </tr>
  573. <tr>
  574. <td>x:data form + iq:register instructions + x:oob URL</td>
  575. <td>Submit the completed x:data form if understood, otherwise present the iq:register instructions and provided URL as an alternative.</td>
  576. <td>This combination SHOULD be used if the x:data form includes required fields (e.g., a public key) that are not equivalent to defined iq:register fields and an alternate URL is available.</td>
  577. </tr>
  578. <tr>
  579. <td>iq:register instructions + x:oob URL</td>
  580. <td>Present the iq:register instructions and provided URL as a redirect.</td>
  581. <td>This combination MAY be returned by a host that wishes to redirect registration to a URL.</td>
  582. </tr>
  583. <tr>
  584. <td>iq:register fields + x:oob URL</td>
  585. <td>Submit the completed iq:register fields but optionally present the provided URL as an alternative.</td>
  586. <td>This combination is NOT RECOMMENDED.</td>
  587. </tr>
  588. </table>
  589. </section1>
  590. <section1 topic='Key Element' anchor='key'>
  591. <p><em>This element is obsolete, but is documented here for historical completeness.</em></p>
  592. <p>The &lt;key/&gt; element was used as a "transaction key" in certain IQ interactions in order to verify the identity of the sender. In particular, it was used by servers (but generally not services) during in-band registration, since normally a user does not yet have a 'from' address before registering. The flow is as follows:</p>
  593. <ol>
  594. <li>Client sends IQ-get request to server.</li>
  595. <li>Server returns required elements to client, including &lt;key/&gt; element containing a random string (often a SHA-1 hash).</li>
  596. <li>Client sends registration information to server, including &lt;key/&gt; element with the same value provided by the server.</li>
  597. <li>Server checks key information and processes registration request; if key is missing or the key value does not match the transaction key provided, the server returns an error.</li>
  598. </ol>
  599. <p>The &lt;key/&gt; element was also used during registration removal.</p>
  600. </section1>
  601. <section1 topic='Stream Feature' anchor='streamfeature'>
  602. <p><cite>RFC 6120</cite> defines methods for advertising feature support during stream negotiation. For the sake of efficiency, it may be desirable for a server to advertise support for in-band registration as a stream feature. The namespace for reporting support within &lt;stream:features/&gt; is "". Upon receiving a stream header qualified by the 'jabber:client' namespace, a server returns a stream header to the client and MAY announce support for in-band registration by including the relevant stream feature:</p>
  603. <example caption='Advertising registration as a stream feature'><![CDATA[
  604. <stream:features>
  605. <register xmlns=''/>
  606. </stream:features>
  607. ]]></example>
  608. <p>A server SHOULD NOT advertise in-band registration to another server (i.e., if the initial stream header was qualified by the 'jabber:server' namespace).</p>
  609. </section1>
  610. <section1 topic='Error Handling' anchor='errors'>
  611. <p>As defined herein, the 'jabber:iq:register' namespace supports both the old (HTTP-style) error codes and the extensible error classes and conditions specified in XMPP Core. A compliant server or service implementation MUST support both old-style and new-style error handling. A compliant client implementation SHOULD support both. For mappings of HTTP-style errors to XMPP-style conditions, refer to &xep0086;.</p>
  612. </section1>
  613. <section1 topic='Determining Support' anchor='disco'>
  614. <p>If an entity supports the protocol defined herein, it SHOULD report that by including a Service Discovery feature of "jabber:iq:register" in response to disco#info requests.</p>
  615. <example caption="Service discovery information request"><![CDATA[
  616. <iq from='marlowe.lit'
  617. id='jzg2d175'
  618. to='shakespeare.lit'
  619. type='get'>
  620. <query xmlns=''/>
  621. </iq>
  622. ]]></example>
  623. <example caption="Service discovery information response"><![CDATA[
  624. <iq from='shakespeare.lit'
  625. id='jzg2d175'
  626. to='marlowe.lit'
  627. type='result'>
  628. <query xmlns=''>
  629. <feature var='jabber:iq:register'/>
  630. </query>
  631. </iq>
  632. ]]></example>
  633. <p>Although connecting clients typically determine support during stream negotiation via the stream feature, the service discovery feature is helpful for server-to-server connections as well as for clients that are already connected (e.g., to determine if password changes are possible in-band).</p>
  634. </section1>
  635. <section1 topic='Security Considerations' anchor='security'>
  636. <p>In-band registration is usually not included in other messaging protocols (for example, SMTP does not include a method for registering with an email server), often for reasons of security. The registration methods defined herein are known to be insecure and SHOULD NOT be used unless the channel between the registrant and the entity that accepts registration has been secured. For these reasons, the deployment of in-band registration is a policy matter and a given deployment MAY choose to disable in-band registration and password changes. Furthermore, this document should be deprecated as soon as a successor protocol is defined and implemented.</p>
  637. </section1>
  638. <section1 topic='IANA Considerations' anchor='iana'>
  639. <p>This document requires no interaction with &IANA;.</p>
  640. </section1>
  641. <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
  642. <section2 topic='Protocol Namespaces' anchor='registrar-ns'>
  643. <p>The &REGISTRAR; includes the 'jabber:iq:register' namespace in its registry of protocol namespaces.</p>
  644. </section2>
  645. <section2 topic='Stream Features' anchor='registrar-stream'>
  646. <p>The XMPP Registrar includes the '' namespace in its registry of stream feature namespaces.</p>
  647. </section2>
  648. <section2 topic='URI Query Types' anchor='registrar-querytypes'>
  649. <p>As authorized by &xep0147;, the XMPP Registrar maintains a registry of queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;).</p>
  650. <p>As described below, the registered querytypes for registration management are "register" and "unregister".</p>
  651. <section3 topic='register' anchor='registrar-querytypes-register'>
  652. <p>The 'jabber:iq:register' namespace include a mechanism for creating a registration. The registered querytype for doing so is "register".</p>
  653. <example caption='Register Action: IRI/URI'><![CDATA[
  654. xmpp:marlowe.shakespeare.lit?register
  655. ]]></example>
  656. <p>Because registration is a two-step process, the application MUST then send an IQ-get to the entity in order to retrieve the required registration fields:</p>
  657. <example caption='Retrieving Registration Fields'><![CDATA[
  658. <iq to='marlowe.shakespeare.lit' type='get'>
  659. <query xmlns='jabber:iq:register'/>
  660. </iq>
  661. ]]></example>
  662. <example caption='Receiving Registration Fields'><![CDATA[
  663. <iq from='marlowe.shakespeare.lit' type='result'>
  664. <query xmlns='jabber:iq:register'>
  665. <username/>
  666. <password/>
  667. </query>
  668. </iq>
  669. ]]></example>
  670. <p>The application MUST then present an appropriate interface that enables the user to complete the registration form. Once the user provides the information, the application MUST send an IQ-set to the entity.</p>
  671. <example caption='Sending Registration Information'><![CDATA[
  672. <iq to='marlowe.shakespeare.lit' type='set'>
  673. <query xmlns='jabber:iq:register'>
  674. <username>juliet</username>
  675. <password>R0m30</password>
  676. </query>
  677. </iq>
  678. ]]></example>
  679. <p>The following submission registers the "register" querytype.</p>
  680. <code><![CDATA[
  681. <querytype>
  682. <name>register</name>
  683. <proto>jabber:iq:register</proto>
  684. <desc>enables registering with a server or service</desc>
  685. <doc>XEP-0077</doc>
  686. </querytype>
  687. ]]></code>
  688. </section3>
  689. <section3 topic='unregister' anchor='registrar-querytypes-unregister'>
  690. <p>The 'jabber:iq:register' namespace include a mechanism for cancelling an existing registration. The registered querytype for doing so is "unregister".</p>
  691. <example caption='Unregister Action: IRI/URI'><![CDATA[
  692. xmpp:marlowe.shakespeare.lit?unregister
  693. ]]></example>
  694. <example caption='Unregister Action: Resulting Stanza'><![CDATA[
  695. <iq to='marlowe.shakespeare.lit' type='set'>
  696. <query xmlns='jabber:iq:register'>
  697. <remove/>
  698. </query>
  699. </iq>
  700. ]]></example>
  701. <p>The following submission registers the "unregister" querytype.</p>
  702. <code><![CDATA[
  703. <querytype>
  704. <name>unregister</name>
  705. <proto>jabber:iq:register</proto>
  706. <desc>enables cancellation of a registration with a server or service</desc>
  707. <doc>XEP-0077</doc>
  708. </querytype>
  709. ]]></code>
  710. </section3>
  711. </section2>
  712. <section2 topic='Field Standardization' anchor='registrar-formtypes'>
  713. <p>There is one FORM_TYPE and set of associated field types and names for field standardization in relation to each major use case for the 'jabber:iq:register' namespace: registration, cancellation of registration, and change of password. The initial submissions for these FORM_TYPES are provided below (additional fields may be provided in future submissions).</p>
  714. <section3 topic='Registration' anchor='registrar-formtypes-register'>
  715. <code><![CDATA[
  716. <form_type>
  717. <name>jabber:iq:register</name>
  718. <doc>XEP-0077</doc>
  719. <desc>Standardization of fields related to registration use case.</desc>
  720. <field
  721. var='username'
  722. type='text-single'
  723. label='Account name associated with the user'/>
  724. <field
  725. var='nick'
  726. type='text-single'
  727. label='Familiar name of the user'/>
  728. <field
  729. var='password'
  730. type='text-private'
  731. label='Password or secret for the user'/>
  732. <field
  733. var='name'
  734. type='text-single'
  735. label='Full name of the user'/>
  736. <field
  737. var='first'
  738. type='text-single'
  739. label='Given name of the user'/>
  740. <field
  741. var='last'
  742. type='text-single'
  743. label='Family name of the user'/>
  744. <field
  745. var='email'
  746. type='text-single'
  747. label='Email address of the user'/>
  748. <field
  749. var='address'
  750. type='text-single'
  751. label='Street portion of a physical or mailing address'/>
  752. <field
  753. var='city'
  754. type='text-single'
  755. label='Locality portion of a physical or mailing address'/>
  756. <field
  757. var='state'
  758. type='text-single'
  759. label='Region portion of a physical or mailing address'/>
  760. <field
  761. var='zip'
  762. type='text-single'
  763. label='Postal code portion of a physical or mailing address'/>
  764. <field
  765. var='phone'
  766. type='text-single'
  767. label='Telephone number of the user'/>
  768. <field
  769. var='url'
  770. type='text-single'
  771. label='URL to web page describing the user'/>
  772. <field
  773. var='date'
  774. type='text-single'
  775. label='Some date (e.g., birth date, hire date, sign-up date)'/>
  776. <field
  777. var='misc'
  778. type='text-single'
  779. label='Free-form text field (obsolete)'/>
  780. <field
  781. var='text'
  782. type='text-single'
  783. label='Free-form text field (obsolete)'/>
  784. <field
  785. var='key'
  786. type='text-single'
  787. label='Session key for transaction (obsolete)'/>
  788. </form_type>
  789. ]]></code>
  790. </section3>
  791. <section3 topic='Cancellation' anchor='registrar-formtypes-cancel'>
  792. <code><![CDATA[
  793. <form_type>
  794. <name>jabber:iq:register:cancel</name>
  795. <doc>XEP-0077</doc>
  796. <desc>Standardization of fields related to cancellation use case.</desc>
  797. <field
  798. var='password'
  799. type='text-private'
  800. label='Password or secret for the user'/>
  801. <field
  802. var='username'
  803. type='text-single'
  804. label='Account name associated with the user'/>
  805. </form_type>
  806. ]]></code>
  807. </section3>
  808. <section3 topic='Change Password' anchor='registrar-formtypes-changepassword'>
  809. <code><![CDATA[
  810. <form_type>
  811. <name>jabber:iq:register:changepassword</name>
  812. <doc>XEP-0077</doc>
  813. <desc>Standardization of fields related to change password use case.</desc>
  814. <field
  815. var='old_password'
  816. type='text-private'
  817. label='Old password for the user'/>
  818. <field
  819. var='password'
  820. type='text-private'
  821. label='Desired password for the user'/>
  822. <field
  823. var='username'
  824. type='text-single'
  825. label='Account name associated with the user'/>
  826. </form_type>
  827. ]]></code>
  828. </section3>
  829. </section2>
  830. </section1>
  831. <section1 topic='XML Schemas' anchor='schemas'>
  832. <section2 topic='jabber:iq:register' anchor='schemas-register'>
  833. <code><![CDATA[
  834. <?xml version='1.0' encoding='UTF-8'?>
  835. <xs:schema
  836. xmlns:xs=''
  837. targetNamespace='jabber:iq:register'
  838. xmlns='jabber:iq:register'
  839. elementFormDefault='qualified'>
  840. <xs:import
  841. namespace='jabber:x:data'
  842. schemaLocation=''/>
  843. <xs:import
  844. namespace='jabber:x:oob'
  845. schemaLocation=''/>
  846. <xs:annotation>
  847. <xs:documentation>
  848. The protocol documented by this schema is defined in
  849. XEP-0077:
  850. </xs:documentation>
  851. </xs:annotation>
  852. <xs:element name='query'>
  853. <xs:complexType>
  854. <xs:sequence xmlns:xdata='jabber:x:data'
  855. xmlns:xoob='jabber:x:oob'>
  856. <xs:choice minOccurs='0'>
  857. <xs:sequence minOccurs='0'>
  858. <xs:element name='registered' type='empty' minOccurs='0'/>
  859. <xs:element name='instructions' type='xs:string' minOccurs='0'/>
  860. <xs:element name='username' type='xs:string' minOccurs='0'/>
  861. <xs:element name='nick' type='xs:string' minOccurs='0'/>
  862. <xs:element name='password' type='xs:string' minOccurs='0'/>
  863. <xs:element name='name' type='xs:string' minOccurs='0'/>
  864. <xs:element name='first' type='xs:string' minOccurs='0'/>
  865. <xs:element name='last' type='xs:string' minOccurs='0'/>
  866. <xs:element name='email' type='xs:string' minOccurs='0'/>
  867. <xs:element name='address' type='xs:string' minOccurs='0'/>
  868. <xs:element name='city' type='xs:string' minOccurs='0'/>
  869. <xs:element name='state' type='xs:string' minOccurs='0'/>
  870. <xs:element name='zip' type='xs:string' minOccurs='0'/>
  871. <xs:element name='phone' type='xs:string' minOccurs='0'/>
  872. <xs:element name='url' type='xs:string' minOccurs='0'/>
  873. <xs:element name='date' type='xs:string' minOccurs='0'/>
  874. <xs:element name='misc' type='xs:string' minOccurs='0'/>
  875. <xs:element name='text' type='xs:string' minOccurs='0'/>
  876. <xs:element name='key' type='xs:string' minOccurs='0'/>
  877. </xs:sequence>
  878. <xs:element name='remove' type='empty' minOccurs='0'/>
  879. </xs:choice>
  880. <xs:element ref='xdata:x' minOccurs='0'/>
  881. <xs:element ref='xoob:x' minOccurs='0'/>
  882. </xs:sequence>
  883. </xs:complexType>
  884. </xs:element>
  885. <xs:simpleType name='empty'>
  886. <xs:restriction base='xs:string'>
  887. <xs:enumeration value=''/>
  888. </xs:restriction>
  889. </xs:simpleType>
  890. </xs:schema>
  891. ]]></code>
  892. </section2>
  893. <section2 topic='Stream Feature' anchor='schemas-streams'>
  894. <code><![CDATA[
  895. <?xml version='1.0' encoding='UTF-8'?>
  896. <xs:schema
  897. xmlns:xs=''
  898. targetNamespace=''
  899. xmlns=''
  900. elementFormDefault='qualified'>
  901. <xs:annotation>
  902. <xs:documentation>
  903. The protocol documented by this schema is defined in
  904. XEP-0077:
  905. </xs:documentation>
  906. </xs:annotation>
  907. <xs:element name='register' type='empty'/>
  908. <xs:simpleType name='empty'>
  909. <xs:restriction base='xs:string'>
  910. <xs:enumeration value=''/>
  911. </xs:restriction>
  912. </xs:simpleType>
  913. </xs:schema>
  914. ]]></code>
  915. </section2>
  916. </section1>
  917. </xep>