1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 10:12:19 -05:00
xeps/xep-0175.xml
Unknown User 6c6b2b12e7 resource binding fix per list discussion
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@3386 4b5297f7-1745-476d-ba37-a9c6900126ab
2009-09-02 20:43:03 +00:00

189 lines
8.9 KiB
XML

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Best Practices for Use of SASL ANONYMOUS</title>
<abstract>This document specifies best practices for use of the SASL ANONYMOUS mechanism in the context of client authentication with an XMPP server.</abstract>
&LEGALNOTICE;
<number>0175</number>
<status>Active</status>
<type>Informational</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>N/A</shortname>
&stpeter;
<revision>
<version>1.2rc2</version>
<date>in progress, last updated 2009-08-31</date>
<initials>psa</initials>
<remark><p>Provided more detailed recommendations regarding usage restrictions for anonymous users; added note about user/anonymous service discovery identity.</p></remark>
</revision>
<revision>
<version>1.1</version>
<date>2007-11-07</date>
<initials>psa</initials>
<remark><p>Recommended that node identifier be a UUID; recommended that trace data not be included.</p></remark>
</revision>
<revision>
<version>1.0</version>
<date>2006-09-20</date>
<initials>psa</initials>
<remark><p>Per a vote of the Jabber Council, advanced status to Active.</p></remark>
</revision>
<revision>
<version>0.1</version>
<date>2006-02-09</date>
<initials>psa</initials>
<remark><p>Initial version; modified flow to remove unecessary challenge.</p></remark>
</revision>
<revision>
<version>0.0.1</version>
<date>2006-01-24</date>
<initials>psa</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
&RFC3920BISNOTE;
<p><cite>RFC 3920</cite> allows the use of any SASL mechanism (see &rfc4422;) in XMPP authentication, including the SASL ANONYMOUS mechanism (see &rfc4505;). This document specifies a recommended protocol flow for such use.</p>
<p>Note: This document is provided for discussion purposes in order to clarify the usage of SASL ANONYMOUS in XMPP systems. It is not meant to supersede the text in <cite>RFC 3920</cite>, <cite>RFC 4422</cite>, or <cite>RFC 4505</cite>. However, the recommendations in this document may be folded into <cite>rfc3920bis</cite>.</p>
</section1>
<section1 topic='Recommendations' anchor='rec'>
<p>An XMPP server implementation SHOULD NOT enable the SASL ANONYMOUS mechanism by default, but instead SHOULD force an administrator to explicitly enable support in any given deployment.</p>
<p>An XMPP server SHOULD assign a temporary, unique bare JID &LOCALBARE; to a client that authenticates with SASL ANONYMOUS. Although the method for ensuring the uniqueness of localpart is a matter of implementation, it is RECOMMENDED for the localpart to be a UUID as specified in &rfc4122;.</p>
<p>After a client authenticates using the SASL ANONYMOUS mechanism, it MUST bind a resource. On public servers where the same JID is reused for multiple anonymous sessions, the server MAY ignore the resource identifier provided by the client (if any) and instead assign a resource identifier that it generates on behalf of the client.</p>
<p>Because an anonymous user is unknown to the server, the server SHOULD appropriately restrict the user's access in order to limit the possibility of malicious behavior, such as denial of service attacks as described in &xep0205;. The following restrictions are encouraged:</p>
<ol start='1'>
<li><p>The user SHOULD NOT be allowed to initiate communication with entities hosted at remote servers.</p></li>
<li><p>The user SHOULD NOT be allowed to establish long-term relationships such as presence subscriptions, &xep0045; registrations, or &xep0060; subscriptions; however, if the server allows this, it MUST cancel such relationships when the user's session ends.</p></li>
<li><p>The user SHOULD NOT be allowed to permanently store information on the server (e.g., via &xep0049;); however, if the server allows this, it MUST remove such information when the user's session ends.</p></li>
<li><p>The user SHOULD NOT be allowed to send large numbers of XMPP stanzas or otherwise use large amounts of system resources (e.g., by binding multiple resource identifiers or creating multiple &xep0065; sessions).</p></li>
</ol>
<p>Although <cite>RFC 4505</cite> allows the initiating entity (client) to provide so-called "trace data" when authenticating via SASL ANONYMOUS, it is NOT RECOMMENDED for the client to include trace data as the XML character data of the &lt;auth/&gt; element (instead, the &lt;auth/&gt; element SHOULD be empty). However, if trace data is included, the server MUST NOT use it for any purpose other than tracing (e.g., in server logs).</p>
</section1>
<section1 topic='Protocol Flow' anchor='flow'>
<p>The RECOMMENDED protocol flow following TLS negotiation (refer to <cite>RFC 3920</cite>) is as follows:</p>
<ol>
<li>
<p>Client initiates stream to server.</p>
<example caption="Stream initiation"><![CDATA[
<stream:stream
xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client'
to='example.com'
version='1.0'>
]]></example>
</li>
<li>
<p>Server replies with stream header.</p>
<example caption="Stream header reply"><![CDATA[
<stream:stream
xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client'
id='c2s_234'
from='example.com'
version='1.0'>
]]></example>
</li>
<li>
<p>Server advertises stream features.</p>
<example caption="Stream features advertisement"><![CDATA[
<stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5<mechanism>
<mechanism>ANONYMOUS<mechanism>
</mechanisms>
</stream:features>
]]></example>
</li>
<li>
<p>Client requests SASL ANONYMOUS mechanism.</p>
<example caption="Requesting SASL ANONYMOUS"><![CDATA[
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'/>
]]></example>
</li>
<li>
<p>Server sends &lt;success/&gt;.</p>
<example caption="Sending success"><![CDATA[
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
]]></example>
</li>
<li>
<p>Client opens new stream.</p>
<example caption="Initiating a new stream"><![CDATA[
<stream:stream
xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client'
to='example.com'
version='1.0'>
]]></example>
</li>
<li>
<p>Server tells client that resource binding is required.</p>
<example caption="Stream header reply with features"><![CDATA[
<stream:stream
xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client'
id='c2s_345'
from='example.com'
version='1.0'>
<stream:features>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/>
</stream:features>
]]></example>
</li>
<li>
<p>Client requests that server create a resource for it.</p>
<example caption="Requesting resource creation"><![CDATA[
<iq type='set' id='bind_1'>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/>
</iq>
]]></example>
</li>
<li>
<p>Server replies with full JID.</p>
<example caption="Server informs client of full JID"><![CDATA[
<iq type='result' id='bind_1'>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<jid>59BEC12A-9BAB-452B-88F8-D1563F09E549@example.com/2384F02A7E01</jid>
</bind>
</iq>
]]></example>
</li>
</ol>
</section1>
<section1 topic='Service Discovery' anchor='disco'>
<p>A server MUST reply to a &xep0030; information ("disco#info") request sent to the bare JID &LOCALBARE; of the user with an identity of "account/anonymous", as shown in the following example.</p>
<example caption="Server informs client of full JID"><![CDATA[
<iq from='59BEC12A-9BAB-452B-88F8-D1563F09E549@example.com'
id='kj37vd95'
to='requester@example.com/foo'
type='result'>
<query xmlns='http://jabber.org/protocol/disco#info'>
<identity category='account' type='anonymous'>
<feature var='http://jabber.org/protocol/disco#info'/>
<feature var='http://jabber.org/protocol/disco#items'/>
</query>
</iq>
]]></example>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>The security considerations discussed in <cite>RFC 3920</cite> and <cite>RFC 4505</cite> apply to the use of SASL ANONYMOUS in XMPP; specific suggestions regarding usage restrictions for anonymous users are provided under the <link url='#rec'>Recommendations</link> section of this document.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>This document requires no interaction with &IANA;.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>This document requires no interaction with the &REGISTRAR;.</p>
</section1>
</xep>