[Standards] [PATCH 4/4] XEP-0206: add SASL-EXTERNAL

Mon, 27 Jan 2014 07:23:12 -0800 

Add the use of SASL-EXTERNAL with BOSH to the authentication section.

Signed-off-by: Winfried Tilanus <winfr...@tilanus.com>
---
 extensions/xep-0206.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/extensions/xep-0206.xml b/extensions/xep-0206.xml
index 98a6571..bf736fb 100644
--- a/extensions/xep-0206.xml
+++ b/extensions/xep-0206.xml
@@ -156,7 +156,7 @@ Content-Length: 483
 </section1>
 
 <section1 topic="Authentication and Resource Binding" 
anchor='preconditions-sasl'>
-  <p>A success case for authentication and resource binding using the XMPP 
protocols is shown below. For detailed specification of these protocols 
(including error cases), refer to &rfc6120;</p>
+  <p>A success case for authentication and resource binding using the XMPP 
protocols is shown below. For detailed specification of these protocols 
(including error cases), refer to &rfc6120;. The server MAY offer the 
SASL-EXTERNAL method, for example when BOSH is used in conjunction with HTTP 
authentication or TLS authentication on the HTTP level.</p>
   <example caption="SASL authentication step 1">
 <![CDATA[POST /webclient HTTP/1.1
 Host: httpcm.example.com
@@ -221,6 +221,8 @@ Content-Length: 149
     <li>The BOSH &lt;body/&gt; element SHOULD include the 'xml:lang' 
attribute.</li>
     <li>The BOSH &lt;body/&gt; element SHOULD be empty (i.e., not contain an 
XML stanza). However, if the client includes an XML stanza in the body, the 
connection manager SHOULD ignore it. <note>It is known that some connection 
manager implementations accept an XML stanza in the body of the restart request 
and send that stanza to the server when the stream is restarted; however there 
is no guarantee that a connection manager will send the stanza so a client 
cannot rely on this behavior.</note></li>
   </ul>
+  <p>When SASL-EXTERNAL is used in combination with BOSH the BOSH 
&lt;body/&gt; element SHOULD include the 'from' attribute upon stream restart. 
This
+because constrained clients can not always know what credentials were used to 
authenticate on the HTTP level. The server MUST try to associate the provided 
'from' with the credentials that were provided on the other level.</p>
   <p>The following example illustrates the format for a restart request.</p>
   <example caption="Restart request">
 <![CDATA[POST /webclient HTTP/1.1
-- 
1.8.5.2

Reply via email to