[jdev] In-band registration requiring e-mail address
Norman Rasmussen
norman at rasmussen.co.za
Wed Jan 11 06:25:43 CST 2006
On 1/10/06, Peter Saint-Andre <stpeter at jabber.org> wrote:
> Clients are supposed to do an IQ-get first to see what the required
> fields are, then send back all the required fields.
Copy & Paste from other conversation:
> Similarly, in-band registration (jabber:iq:register) uses IQ stanzas.
> When it is used to establish an account, it would definitely be
> completed before SASL because you can't auth if you don't have an
> account (leaving aside SASL ANONYMOUS for now).
If iq:register doesn't become 100% out-of-band, I assume that in the
future clients will be expected to do SASL ANONYMOUS before doing
iq:register. i.e. you shouldn't send and receive stanza's until the
stream is 'authenticated' in some way (including sasl anon).
Although re: JEP-0077, Section 10. I can imagine that in the future
you can't register unless you have an TLS enabled connection.
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JDev
mailing list