[jdev] Figuring out what a client thinks its JID is

Aaron Kryptokos aaronkryptokos6 at aaronwl.com
Mon Apr 5 17:01:33 CDT 2010 

Nathan Fritz wrote:
> By not using the same node as the authentication user, you're going
> against two SHOULD suggestions in the RFC

I can't find anything in RFC 3920 about this case.  Can you help me find 
these two recommendations?

> I would recommend against doing this on a public
> service where you expect any IM client.

The authentication and authorization system already exists, so my hands 
are mostly tied.  I'm open to any reasonable implementation that will 
make this work.  The one design restriction imposed on me is that the 
authenticating client must some sort of way provide the authentication 
username as part of the process; mapping from the node to auth 
credentials is not acceptable.

If it's true that the RFC discourages this practice, then I think the 
RFC may need to be revised.  For people who are running simple 
stand-alone Jabber servers, this sort of thing doesn't matter.  But for 
organizations like mine that are trying to embrace XMPP by adding an 
XMPP interface to existing infrastructure, this is a major issue.  GTalk 
has a variation of the same problem, except with domain instead of 
username.  I think the real long-term solution here is that the RFC 
needs to firmly instruct clients to not make assumptions about their 
JIDs, and instead accept (or reject) what they are given at resource 
binding.

> You
> are, again, in violation of the spec by delivering stanzas where the
> bare jid does not match their bound name, and you could cause
> unintended consequences on the client (crashes or strange behavior) by
> simply pinging them in this way.

I can't find any prohibition like this in RFC 3920 or the draft.  Can 
you point out a specific passage that prohibits this sort of probing?

> I really don't see either of these options being viable as the client
> is simply broken if it doesn't respond to it's bound fulljid and you
> risk greater consequences if you try to "adjust" at the protocol
> level.

My main goal is for a short-term, practical improvement in functionality 
for as many users as possible.

As an alternative, I'm thinking about perhaps having the user do 
something special to indicate that 'JID masquerading' should be 
performed, such as placing a special character in their username.

Another option is to try to detect specific versions that are broken 
using XEP-0092: Software Version, and apply the workaround for just 
those.  This would get correct operations to the largest groups of 
users, and prevent breaking people whose clients were in fact operating 
correctly.

More information about the JDev mailing list