[jdev] Multiple domain negotiations with SASL?

[Janne Savukoski]

On 4/17/07, Matthias Wimmer <m at tthias.eu> wrote:
> HI Janne!
>
> Janne Savukoski schrieb:
> > I'm sorry if this is some frustraginly frequently asked question, but
> > as I'm seeing Google requesting db-results for several domains under a
> > single TCP-session, it got me thinking if it's supported (by
> > xmpp-servers in general) to do multiple SASL-negotiations similarly?
>
> You are allowed to do SASL authentication if <mechanisms
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> has been advertized by the
> server.
>
> After SASL authentication has been done, the stream gets reestablished
> by sending a stream header and new stream features.
>
> All servers I know will not include the above stream feature again if
> authentication has already been done. Therefore with current
> implementations you are not able to do multiple SASL-negotiations on the
> same connection.

Hi Matthias!

And thanks! This cleared it up.

Also, the introduction of other domain connections happens at a later
stage of the conversation (when such a connection is needed) and not
right at the beginning when the stream initiation takes place. I was
just thinking if it would be allowed as I guess the stanza exchange
could be applied (/adapted) for such a case. But, already the TLS
binding feels to me as a major obstacle as it'd be a little
inefficient to negotiate multiple TLS layers on top of each other..

So, I guess the dialback has then some scalability advantages over
SASL. Naturally, supporting multiple domain connections over a single
TCP session lets you cut down the number of sessions to a fraction.

-janne