-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/15/09 11:29 AM, Kevin Smith wrote:
> On Mon, Sep 14, 2009 at 5:29 PM, Jack Moffitt <j...@collecta.com> wrote:
>> I'm fine with those amendments, Dave.
>
> I'm comfortable with them too (at least from my reading), and mostly
> for the reasons Dave gives.
Incorporating all the feedback provided so far, I have updated XEP-0175
to version 1.2rc3. I have added a new section on "Deployment Types" and
have significantly modified the section on "Recommendations". The text
in my working copy now reads as follows:
***
2. Deployment Types
XMPP server implementations can be deployed in a variety of settings.
Although it is difficult to provide recommendations for every kind of
XMPP deployment, this document attempts to strike a balance between more
and less controlled settings by defining three different deployment types:
* Public deployments, such as well-known instant messaging (IM)
services on the open Internet.
* Private deployments, such as enterprise IM services, technical
support departments, and helplines.
* Specialized deployments that typically will be accessed in a
controlled fashion, such as gaming services, members-only websites, and
applications that are not used directly by human users.
3. Recommendations
An XMPP server implementation SHOULD NOT enable the SASL ANONYMOUS
mechanism by default, but instead SHOULD force the administrator of a
given service to explicitly enable support in the context of that
deployment.
When a client authenticates using SASL ANONYMOUS, an XMPP server SHOULD
assign a temporary, unique bare JID <localp...@domain.tld> to the
client. Although the method for ensuring the uniqueness of the localpart
is a matter of implementation, it is RECOMMENDED for the localpart to be
a UUID as specified in RFC 4122 [4].
Although RFC 4505 allows the client to provide so-called "trace data"
when authenticating via SASL ANONYMOUS, it is NOT RECOMMENDED for the
client to include trace data as the XML character data of the <auth/>
element (instead, the <auth/> element SHOULD be empty). However, if
trace data is included, the server MUST NOT use it for any purpose other
than tracing (e.g., not use it as the resource identifier of the
anonymous user's full JID).
Because an anonymous user is unknown to the server, the server SHOULD
appropriately restrict the user's access in order to limit the
possibility of malicious behavior (such as denial of service attacks as
described in Best Practices to Discourage Denial of Service Attacks
[5]), especially on public deployments. The following restrictions are
encouraged on public deployments. Administrators of private deployments
and specialized deployments are advised to take these restrictions into
account when configuring their services, but can reasonably relax these
restrictions if they have appropriate access controls in place or their
deployment requirements cannot be met using the more restrictive profile
applied in public deployments.
1. During resource binding, the server MAY ignore the resource
identifier provided by the client (if any) and instead assign a resource
identifier that it generates on behalf of the client.
2. The server SHOULD NOT allow the client to initiate communication
with entities hosted at remote servers.
3. The server MAY allow the client to establish relationships with
local services and users; such relationships might include presence
subscriptions and roster additions (see XMPP IM [6]), Multi-User Chat
[7] registrations, and Publish-Subscribe [8] subscriptions. (Note that
allowing presence subscriptions and roster additions can create a
sub-optimal user experience for the added contacts.) However, if the
server permits such relationships, it MUST cancel them when the client's
session ends.
4. The server MAY allow the client to store information on the server
for the purpsoe of providing an optimal user experience (e.g., storage
of client preferences using Private XML Storage [9]). However, if the
server allows this, it SHOULD remove such information when the client's
session ends.
5. The server SHOULD NOT allow the client to send large numbers of
XMPP stanzas or otherwise use large amounts of system resources (e.g.,
by binding multiple resource identifiers or creating multiple SOCKS5
Bytestreams [10] sessions).
***
You can view the updated document here:
http://xmpp.org/extensions/tmp/xep-0175-1.2.html
The SVN diff from 1.1 is here:
http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0175.xml?r1=1349&r2=3443
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqv32YACgkQNL8k5A2w/vyOmQCdG55QFo9jtv1x3agvz2dc5Ot0
DvUAnRu9Snp1FovWPR6Kczy4XpUbjdBe
=yxZ8
-----END PGP SIGNATURE-----
