No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

xep-0401.xml 21KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489
  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <!DOCTYPE xep SYSTEM 'xep.dtd' [
  3. <!ENTITY % ents SYSTEM 'xep.ent'>
  4. %ents;
  5. ]>
  6. <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
  7. <xep>
  8. <header>
  9. <title>Easy User Onboarding</title>
  10. <abstract>This document defines a protocol and URI scheme for user invitation in order to allow a third party to register on a server. The goal of this is to make onboarding for XMPP IM newcomers as easy as possible.</abstract>
  11. &LEGALNOTICE;
  12. <number>0401</number>
  13. <status>Experimental</status>
  14. <type>Standards Track</type>
  15. <sig>Standards</sig>
  16. <approver>Council</approver>
  17. <dependencies>
  18. <spec>XMPP Core</spec>
  19. <spec>XEP-0001</spec>
  20. <spec>XEP-0050</spec>
  21. <spec>XEP-0082</spec>
  22. <spec>XEP-0077</spec>
  23. <spec>XEP-0147</spec>
  24. <spec>XEP-0379</spec>
  25. </dependencies>
  26. <supersedes/>
  27. <supersededby/>
  28. <shortname>N/A</shortname>
  29. <author>
  30. <firstname>Marc</firstname>
  31. <surname>Schink</surname>
  32. </author>
  33. <revision>
  34. <version>0.2.0</version>
  35. <date>2018-02-11</date>
  36. <initials>ms</initials>
  37. <remark>
  38. <p>Used Data Forms for extension of In-Band Registration as required by <strong>XEP-0077</strong> § 4.</p>
  39. <p>Added "defined condition" elements in error stanzas as required by <strong>RFC 6120</strong> § 8.3.2.</p>
  40. <p>Changed type of "invalid-token" error to "modify".</p>
  41. <p>Fix namespacing of Ad-Hoc commands</p>
  42. <p>Bump namespace to invite:1</p>
  43. </remark>
  44. </revision>
  45. <revision>
  46. <version>0.1.0</version>
  47. <date>2018-01-25</date>
  48. <initials>XEP Editor (jwi)</initials>
  49. <remark>Accepted by vote of Council on 2018-01-17.</remark>
  50. </revision>
  51. <revision>
  52. <version>0.0.1</version>
  53. <date>2018-01-10</date>
  54. <initials>ms</initials>
  55. <remark><p>First submission.</p></remark>
  56. </revision>
  57. </header>
  58. <section1 topic='Introduction' anchor='intro'>
  59. <p>Romeo is an active XMPP IM (Instant Messaging) user or the operator of
  60. an XMPP server. He convinces Juliet (who may not have an XMPP account yet)
  61. to install a client but she may still need to choose an XMPP server,
  62. create an account, and add Romeo as a contact.
  63. This specification defines two ways for Romeo to simplify this process for Juliet:</p>
  64. <section2 topic='User Invitation'>
  65. <p>If Romeo is an XMPP user, he can create an out-of-band link (URI)
  66. which allows Juliet to:</p>
  67. <ol>
  68. <li>Download an XMPP client (if needed).</li>
  69. <li>Optionally register an account with Romeo's server (if permitted by
  70. the server rules), or with a public server.</li>
  71. <li>Establish a mutual presence subscription between Romeo and Juliet.</li>
  72. </ol>
  73. <p>The process is designed to automatically skip steps that Juliet already
  74. completed, to make the overall experience as smooth as possible.</p>
  75. </section2>
  76. <section2 topic='Account Creation'>
  77. <p>If Romeo is an administrator of an XMPP server, he can create an
  78. out-of-band link (URI) which allows Juliet to:</p>
  79. <ol>
  80. <li>Download an XMPP client (if needed).</li>
  81. <li>Register an account on Romeo's server with a user name defined by
  82. Romeo and a password not known to Romeo.</li>
  83. <li>Establish a mutual presence subscription between Romeo and Juliet.</li>
  84. </ol>
  85. </section2>
  86. </section1>
  87. <section1 topic='Requirements' anchor='reqs'>
  88. <p>This specification makes use of XMPP URIs. The basic URI scheme for XMPP
  89. is defined in &rfc5122; and extended in &xep0147; and &xep0379;.
  90. Furthermore, this heavily builds upon the blocks provided in
  91. <cite>XEP-0379</cite> for landing page and roster subscription.
  92. </p>
  93. <p>
  94. To create out-of-band invitation links, Romeo's server needs to implement
  95. the &xep0050; commands specified in the following section, and his client
  96. must be able to execute them.
  97. </p>
  98. <p>
  99. Furthermore, Romeo's server SHOULD provide a HTTPS service hosting the
  100. landing page.
  101. </p>
  102. </section1>
  103. <section1 topic='Discovery' anchor='discover'>
  104. <p>Romeo can query his server for the availability of "User Invitation" and
  105. "Account Creation" commands:</p>
  106. <example caption="Discover available ad-hoc commands"><![CDATA[
  107. <iq type='get' from='romeo@example.com' to='example.com' id='disco'>
  108. <query xmlns='http://jabber.org/protocol/disco#items'
  109. node='http://jabber.org/protocol/commands'/>
  110. </iq>
  111. ]]></example>
  112. <p>TODO: use appropriate node namespace.</p>
  113. <example caption="Discovery result for available ad-hoc commands"><![CDATA[
  114. <iq type='result' to='romeo@example.com' from='example.com' id='disco'>
  115. <query xmlns='http://jabber.org/protocol/disco#items'
  116. node='http://jabber.org/protocol/commands'>
  117. <item jid='example.com'
  118. node='urn:xmpp:invite#invite'
  119. name='Invite user'/>
  120. <item jid='example.com'
  121. node='urn:xmpp:invite#create-account'
  122. name='Create account'/>
  123. </query>
  124. </iq>
  125. ]]></example>
  126. <p>When performing the account creation, Juliet's client needs to ensure
  127. that the server supports the extended IBR protocol with a &lt;preauth&gt;
  128. token: TODO</p>
  129. </section1>
  130. <section1 topic='Glossary' anchor='glossary'>
  131. <p>OPTIONAL.</p>
  132. </section1>
  133. <section1 topic='Use Cases' anchor='usecases'>
  134. <section2 topic='Creating a User Invitation' anchor='create-invitation'>
  135. <p>A user can execute the 'invite' command to obtain a new invitation link
  136. with a unique invitation token.</p>
  137. <example caption="Exceute user invitation command"><![CDATA[
  138. <iq type='set' from='romeo@example.com' to='example.com' id='exec1'>
  139. <command xmlns='http://jabber.org/protocol/commands'
  140. node='urn:xmpp:invite#invite'
  141. action='execute'/>
  142. </iq>
  143. ]]></example>
  144. <example caption="User invitation finished"><![CDATA[
  145. <iq type='result' to='romeo@example.com' from='example.com' id='exec2'>
  146. <command xmlns='http://jabber.org/protocol/commands'
  147. node='urn:xmpp:invite#invite'
  148. status='completed'>
  149. <x xmlns='jabber:x:data' type='result'>
  150. <item>
  151. <field var='uri'>
  152. <value>xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=y</value>
  153. </field>
  154. <field var='landing-url'>
  155. <value>https://example.com/invite/#TOKEN</value>
  156. </field>
  157. <field var='expire'>
  158. <value>2017-11-06T02:56:15Z</value>
  159. </field>
  160. </item>
  161. </x>
  162. </command>
  163. </iq>
  164. ]]></example>
  165. <p>The token should be unique, sufficiently
  166. long and generated by a strong random number generator.</p>
  167. <p>A server MUST provide the <strong>uri</strong> field which contains an
  168. XMPP URI of the following format:</p>
  169. <code>xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=y</code>
  170. <p>The <strong>ibr</strong> query component in the XMPP URI indicates that
  171. the invitee is allowed to create an account on Romeo's server, using the
  172. 'preauth' token.
  173. If the server does not support or allow in-band registration for invited
  174. users, the server MUST omit the <strong>ibr</strong> query component.</p>
  175. <p>Additionally, the server SHOULD provide the <strong>landing-url</strong>
  176. field which contains an HTTPS URL of a web-based landing page as described
  177. in &xep0379; § 3.3. The URL format may differ from the example shown here
  178. depending on where the landing page is hosted.</p>
  179. <p>If the server omits the <strong>landing-page</strong> field, Romeo's
  180. client SHOULD generate an appropriate landing page URL hosted by the
  181. client developer or a trusted third party.</p>
  182. <p>A server MAY provide a field which provides the expiration date of the
  183. generated token. The expiration date MUST conform to the DateTime profile
  184. specified in &xep0082;. If the field is not provided, the token does not
  185. expire.</p>
  186. <p>Romeo's client should provide adequate means to export the
  187. <strong>landing-page</strong> URL, possibly accompanied with a short
  188. description and the <strong>expire</strong> information, so that Romeo can
  189. share it with Juliet by other means than XMPP, like e-mail or a QR code.</p>
  190. </section2>
  191. <section2 topic='Landing Page' anchor='landing-page'>
  192. <p>The landing page that the generated URL points to should correspond to
  193. the format described in <cite>XEP-0379</cite> §3.3, and it needs to
  194. convey the following information:</p>
  195. <ul>
  196. <li>A short text that this is an XMPP invitation from Romeo.</li>
  197. <li>A client recommendation (based on the detected web browser/OS) with download links.</li>
  198. <li>A prominent button that activates the encoded <strong>xmpp:</strong> link.</li>
  199. </ul>
  200. <p>If the landing page is hosted by Romeo's server, the server MAY display
  201. additional information based on the supplied TOKEN value, like the name
  202. of the inviter or validity information.</p>
  203. </section2>
  204. <section2 topic='Redeeming a User Invitation' anchor='redeem-invitation'>
  205. <p>If Juliet does not have an XMPP client installed, she will not be able
  206. to open the <strong>xmpp:</strong> link from the invitation page.
  207. For this case, the landing page needs to indicate that a client must be
  208. installed first, and that the link will not work as intended without.
  209. The automatic installation of an appropriate IM client when a user
  210. clicks on an <strong>xmpp:</strong> is outside of the scope of this
  211. document.</p>
  212. <p>With an XMPP client installed, Juliet can open the
  213. <strong>xmpp:</strong> link and have the client process it
  214. appropriately, as follows:</p>
  215. <section3 topic='Pre-Configured Account' anchor='redeem-preconfigured'>
  216. <p>If Juliet's client is already configured with an account, the default
  217. action for the presented
  218. <strong>xmpp:inviter@example.com?roster;...</strong> URI is to add the
  219. inviter to Juliet's roster. This should be performed as described in
  220. §3.4 of <cite>XEP-0379</cite>, by sending a presence subscription
  221. request containing the 'preauth' token.</p>
  222. <p>If Juliet already has Romeo in her roster, her client should open the
  223. appropriate chat interface instead.</p>
  224. </section3>
  225. <section3 topic='No Configured Account' anchor='redeem-no-account'>
  226. <p>If Juliet's client does not have an XMPP account configured, she
  227. needs to login or register an account first. Therefore, the client
  228. should provide an interface with the following options:</p>
  229. <ul>
  230. <li>Login with an existing XMPP account.</li>
  231. <li>Register an account with Romeo's server (if the URI contains a
  232. <strong>ibr=y</strong> parameter).</li>
  233. <li>Register an account with a public or client-endorsed server.</li>
  234. </ul>
  235. <p>If the <strong>xmpp:</strong> URI provided by Romeo contains the
  236. <strong>ibr=y</strong> parameter, it indicates that the server
  237. supports the <link url="#preauth-ibr">Pre-Authenticated In-Band
  238. Registration</link> defined in this document. If Juliet chooses this
  239. approach, the server will ensure that after the registration, Romeo is
  240. added to her roster with a full presence subscription.</p> <p>If
  241. Juliet chooses to login or register with a different server, her
  242. client must complete the respective process and issue a subscription
  243. request as described in §3.4 of <cite>XEP-0379</cite>.</p>
  244. </section3>
  245. </section2>
  246. <section2 topic='Initiating Account Creation' anchor='account-creation'>
  247. <p>If Romeo is the administrator of an XMPP server, he might want to
  248. ensure that Juliet obtains an account on this server, with a username
  249. defined either by Romeo or by Juliet, and in a way that does not require
  250. the out-of-band communication of user passwords.</p>
  251. <p>TODO: description of overall process steps, design motivation.</p>
  252. <example caption="Exceute account creation command"><![CDATA[
  253. <iq type='set' from='romeo@example.com' to='example.com' id='exec1'>
  254. <command xmlns='http://jabber.org/protocol/commands'
  255. node='urn:xmpp:invite#create-account'
  256. action='execute'/>
  257. </iq>
  258. ]]></example>
  259. <example caption="Service returns form for account creation"><![CDATA[
  260. <iq type='result' to='romeo@example.com' from='example.com' id='exec1'>
  261. <command xmlns='http://jabber.org/protocol/commands'
  262. sessionid='config:20020923T213616Z-700'
  263. node='urn:xmpp:invite#create-account'
  264. status='executing'>
  265. <actions execute='complete'>
  266. <complete/>
  267. </actions>
  268. <x xmlns='jabber:x:data' type='form'>
  269. <field var='username' label='Username' type='text-single'/>
  270. <field var='roster-subscription' label='Roster subscription' type='boolean'/>
  271. </x>
  272. </command>
  273. </iq>
  274. ]]></example>
  275. <p>A server MAY require a username to be specified for account creation.
  276. In this case, the server MUST add the &lt;required/&gt; element to the
  277. username field.
  278. The username MUST be a valid localpart as defined in &rfc6122; §2.3.</p>
  279. <example caption="Account creation with specified username"><![CDATA[
  280. <iq type='set' from='romeo@example.com' to='example.com' id='exec2'>
  281. <command xmlns='http://jabber.org/protocol/commands'
  282. sessionid='config:20020923T213616Z-700'
  283. node='urn:xmpp:invite#create-account'>
  284. <x xmlns='jabber:x:data' type='submit'>
  285. <field var='username'>
  286. <value>juliet</value>
  287. </field>
  288. </x>
  289. </command>
  290. </iq>
  291. ]]></example>
  292. <example caption="Account creation finished"><![CDATA[
  293. <iq type='result' to='romeo@example.com' from='example.com' id='exec2'>
  294. <command xmlns='http://jabber.org/protocol/commands'
  295. sessionid='config:20020923T213616Z-700'
  296. node='urn:xmpp:invite#create-account'
  297. status='completed'>
  298. <x xmlns='jabber:x:data' type='result'>
  299. <item>
  300. <field var='uri'>
  301. <value>xmpp:juliet@example.com?register;preauth=TOKEN</value>
  302. </field>
  303. <field var='landing-url'>
  304. <value>https://example.com/invite/#TOKEN</value>
  305. </field>
  306. <field var='expire'>
  307. <value>2017-11-06T02:56:15Z</value>
  308. </field>
  309. </item>
  310. </x>
  311. </command>
  312. </iq>
  313. ]]></example>
  314. <p>The server's response for account creation is the same as for user
  315. invitation except for the format of the <strong>uri</strong> field which
  316. contains an XMPP URI of the following format:</p>
  317. <code>xmpp:juliet@example.com?register;preauth=TOKEN</code>
  318. <p>If no username was specified during the account creation process, the
  319. local part of the JID in the XMPP URI is omitted by the server which
  320. results in the following format:</p>
  321. <code>xmpp:example.com?register;preauth=TOKEN</code>
  322. <p>TODO: note about sensitivity of TOKEN</p>
  323. </section2>
  324. <section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'>
  325. <p>In order to allow invited users to register on a server, the
  326. registration processs as defined in &xep0077; needs to be extended. The
  327. invited user's client MUST add a &lt;preauth&gt; element in the 'TODO'
  328. namespace to the 'jabber:iq:register' query in order to inform the
  329. server that it wants to perform Pre-Authenticated IBR:</p>
  330. <example caption="Retrieving registration fields"><![CDATA[
  331. <iq type='get' id='reg1' to='example.com'>
  332. <query xmlns='jabber:iq:register'>
  333. <preauth xmlns='urn:xmpp:invite:1'/>
  334. </query>
  335. </iq>
  336. ]]></example>
  337. <p>If the server supports and is ready to perform Pre-Authenticated IBR,
  338. it MUST add a &lt;token&gt; element to the response (TODO: 'token' or
  339. 'preauth'?):</p>
  340. <example caption="Receiving registration form"><![CDATA[
  341. <iq type='result' to='romeo@example.com' from='example.com' id='reg1'>
  342. <query xmlns='jabber:iq:register'>
  343. <x xmlns='jabber:x:data' type='form'>
  344. <field type='hidden' var='FORM_TYPE'>
  345. <value>urn:xmpp:invite:1</value>
  346. </field>
  347. <field type='text-single' label='Username' var='username'>
  348. <required/>
  349. </field>
  350. <field type='text-private' label='Password' var='password'>
  351. <required/>
  352. </field>
  353. <field type='text-single' label='Invite token' var='token'>
  354. <required/>
  355. </field>
  356. </x>
  357. </query>
  358. </iq>
  359. ]]></example>
  360. <example caption='Receiving registration form with error (invalid token)'><![CDATA[
  361. <iq type='error' from='example.com' id='reg1'>
  362. <query xmlns='jabber:iq:register'>
  363. <x xmlns='jabber:x:data' type='form'>
  364. <field type='hidden' var='FORM_TYPE'>
  365. <value>urn:xmpp:invite:1</value>
  366. </field>
  367. <field type='text-single' var='username'>
  368. <value>juliet<value/>
  369. </field>
  370. <field type='text-private' var='password'>
  371. <value>m1cro$oft<value/>
  372. </field>
  373. <field type='text-single' var='token'>
  374. <value>BADTOKEN<value/>
  375. </field>
  376. </x>
  377. </query>
  378. <error type='modify'>
  379. <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  380. <invalid-token xmlns='urn:xmpp:invite:1'/>
  381. </error>
  382. </iq>
  383. ]]></example>
  384. <example caption='Receiving registration form with error (token expired)'><![CDATA[
  385. <iq type='error' from='example.com' id='reg1'>
  386. <query xmlns='jabber:iq:register'>
  387. <x xmlns='jabber:x:data' type='form'>
  388. <field type='hidden' var='FORM_TYPE'>
  389. <value>urn:xmpp:invite:1</value>
  390. </field>
  391. <field type='text-single' var='username'>
  392. <value>juliet<value/>
  393. </field>
  394. <field type='text-private' var='password'>
  395. <value>m1cro$oft<value/>
  396. </field>
  397. <field type='text-single' var='token'>
  398. <value>OLDTOKEN<value/>
  399. </field>
  400. </x>
  401. </query>
  402. <error type='cancel'>
  403. <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  404. <token-expired xmlns='urn:xmpp:invite:1'/>
  405. </error>
  406. </iq>
  407. ]]></example>
  408. <p>After the invitee has successfully registered on the inviter's server
  409. and roster subscription is enabled for account creation, the server MUST
  410. use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the
  411. inviter about the invitee's new account without the need to reconnect.</p>
  412. <example caption="Push roster item of invitee to inviter"><![CDATA[
  413. <iq type='set' from='romeo@example.com' id='push'>
  414. <query xmlns='jabber:iq:roster'>
  415. <item subscription='both' jid='juliet@example.com'/>
  416. </query>
  417. </iq>
  418. ]]></example>
  419. </section2>
  420. </section1>
  421. <section1 topic='Business Rules' anchor='rules'>
  422. <section2 topic='Fallback to Client-Side PARS'>
  423. <p>If the inviter's server does not support user invitation, the client
  424. application SHOULD silently fall back to &xep0379; for a good user
  425. experience.</p>
  426. </section2>
  427. <section2 topic='Account Creation'>
  428. <p>If a username was specified during the account creation process, the
  429. server SHOULD NOT create an account on the server until the invitee
  430. actually registers it with the corresponding token.
  431. The server MUST reserve the username at least until the corresponding
  432. token expires.</p>
  433. </section2>
  434. </section1>
  435. <section1 topic='Implementation Notes' anchor='impl'>
  436. <section2 topic='XMPP Server Suggestion for Invitees'>
  437. <p>If the invitee opens an invitation URI with <strong>ibr=y</strong> and
  438. chooses to create a new account, the client SHOULD pre-fill the
  439. inviter JID's domain part as the new account's domain. The client MAY
  440. provide a mechanism to enter or choose a different server, though.</p>
  441. </section2>
  442. </section1>
  443. <section1 topic='Accessibility Considerations' anchor='access'>
  444. <p>OPTIONAL.</p>
  445. </section1>
  446. <section1 topic='Internationalization Considerations' anchor='i18n'>
  447. <p>OPTIONAL.</p>
  448. </section1>
  449. <section1 topic='Security Considerations' anchor='security'>
  450. <p>See security considerations in &xep0379;.</p>
  451. </section1>
  452. <section1 topic='IANA Considerations' anchor='iana'>
  453. <p>This document requires no interaction with &IANA;.</p>
  454. </section1>
  455. <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
  456. <p>As authorized by &xep0147;, the XMPP Registrar maintains a registry of
  457. queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;).</p>
  458. <p>The key-value parameter <strong>preauth</strong> is added to the
  459. <strong>register</strong> query action as defined in &xep0077;</p>
  460. <code><![CDATA[
  461. <querytype>
  462. <name>register</name>
  463. ...
  464. <key>
  465. <name>preauth</name>
  466. <desc>the token used to allow one-time in-band registration on the inviter's server</desc>
  467. </key>
  468. </querytype>
  469. ]]></code>
  470. <p>In addition to the <strong>preauth</strong> key-value parameter define
  471. in &xep0379;, the <strong>ibr</strong> parameter is added to the
  472. <strong>roster</strong> query action.</p>
  473. <code><![CDATA[
  474. <querytype>
  475. <name>roster</name>
  476. ...
  477. <key>
  478. <name>ibr</name>
  479. <value>y</value>
  480. <desc>the parameter to indicate that the token allows the invitee to create an account on the inviter's server via in-band registration</desc>
  481. </key>
  482. </querytype>
  483. ]]></code>
  484. </section1>
  485. <section1 topic='XML Schema' anchor='schema'>
  486. <p>REQUIRED for protocol specifications.</p>
  487. </section1>
  488. </xep>