Nathan Fritz wrote:
By not using the same node as the authentication user, you're going against two SHOULD suggestions in the RFC
I can't find anything in RFC 3920 about this case. Can you help me find these two recommendations?
I would recommend against doing this on a public service where you expect any IM client.
The authentication and authorization system already exists, so my hands are mostly tied. I'm open to any reasonable implementation that will make this work. The one design restriction imposed on me is that the authenticating client must some sort of way provide the authentication username as part of the process; mapping from the node to auth credentials is not acceptable.
If it's true that the RFC discourages this practice, then I think the RFC may need to be revised. For people who are running simple stand-alone Jabber servers, this sort of thing doesn't matter. But for organizations like mine that are trying to embrace XMPP by adding an XMPP interface to existing infrastructure, this is a major issue. GTalk has a variation of the same problem, except with domain instead of username. I think the real long-term solution here is that the RFC needs to firmly instruct clients to not make assumptions about their JIDs, and instead accept (or reject) what they are given at resource binding.
You are, again, in violation of the spec by delivering stanzas where the bare jid does not match their bound name, and you could cause unintended consequences on the client (crashes or strange behavior) by simply pinging them in this way.
I can't find any prohibition like this in RFC 3920 or the draft. Can you point out a specific passage that prohibits this sort of probing?
I really don't see either of these options being viable as the client is simply broken if it doesn't respond to it's bound fulljid and you risk greater consequences if you try to "adjust" at the protocol level.
My main goal is for a short-term, practical improvement in functionality for as many users as possible.
As an alternative, I'm thinking about perhaps having the user do something special to indicate that 'JID masquerading' should be performed, such as placing a special character in their username.
Another option is to try to detect specific versions that are broken using XEP-0092: Software Version, and apply the workaround for just those. This would get correct operations to the largest groups of users, and prevent breaking people whose clients were in fact operating correctly.
_______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
