-
edhelas
there is not MAM on mux.xmpp.org yet ?
-
edhelas
another question, why a pubsub service disco#info returns pubsub-service and a conference service disco#fino return conference-text
-
Dave Cridland
edhelas, I've no idea. I don't think in most cases the disco identities were ever that well thought through.
-
Dave Cridland
edhelas, I mean, I've no idea what advantage there is in making MIX give out conference/text as well, or if there's a risk involved.
-
Dave Cridland
edhelas, But I have to say I like disco#fino. We should make one of those.
-
edhelas
:p
-
edhelas
no but I'd expect to have all the services declared as services
-
Dave Cridland
conference/service for MUC and MIX? That probably makes some sense. Or would have had we done things that way.
-
edhelas
then I can more easily differenciate what are info coming from services and from muc
-
edhelas
same for pubsub actually
-
Dave Cridland
WHat do you do with the identity though?
-
edhelas
it's basically to store things in the db, and to trigger some more disco#items request sometimes
-
Guus
Could SASL mechanisms other than ANONYMOUS be used to establish anonymous logins? Akin to one-time passwords, perhaps?
-
MattJ
Of course
-
Guus
Is there a generic concept there? Any mechanism that succeeds, but doesn't result in an authzid, something like that?
-
MattJ
I'm not sure what you mean. Are you talking about re-using PLAIN? or custom mechanisms?
-
MattJ
I find EXTERNAL useful, for example I use it with BOSH/websockets for cookie auth
-
Guus
something like OAUTHBEARER with a token - could be EXTERNAL too, I guess.
-
Guus
I'm wondering about limited time access kind of tokens.
-
Dave Cridland
SCRAM could result in an anonymous login, mind. Any SASL mechanism results in an authzid - ANONYMOUS is just special in not having an authcid.
-
Guus
Dave, we miss you in open_chat 🙂
-
SamWhited
SCRAM has a concept of anonymous logins? How does that work?
-
jonasw
Dave Cridland, what’s the authcid? I fail to find the definition in SASL or SCRAM either
-
jonasw
is that defined in the using protocol?
-
jonasw
(I remember having seen it before)
-
jonasw
(but it’s not in RFC 6120 eihter)✎ -
jonasw
(but it’s not in RFC 6120 either) ✏
-
Dave Cridland
SamWhited, SCRAM has no concept itself. But if one assumes that an anonymous user is simply one with a possibly ephemeral authzid that has some special property, then there's no reason you can't get one of those by authenticating with SCRAM.
-
Dave Cridland
jonasw, AUTHentiCation IDentifier. Or loosely, what the mechanism uses as the username. There's always been some question of whether PKIX's authcid is the certificate or not, which is why I say "loosely" - it gets a bit philosophical after a while.
-
jonasw
ahhh
-
jonasw
right
-
Dave Cridland
jonasw, Whereas the authzid is - for us - always a JID.
-
jonasw
authzid is what you’re authorized to used after you’ve been authenticated, r ight
-
jonasw
so what one would do is to use an ephemeral authcid (or a special one which indicates anonymous thing) and then SCRAM or PLAIN with a one-time token✎ -
jonasw
so what one would do is to use an ephemeral authcid (or a special one which indicates anonymous thing) and then SCRAM or PLAIN with a one-time token as password ✏
-
jonasw
one would then still have to specify how the client knows which bare JID it gets, if it wants to bind. but that could be in ephemeral authcid if there’s a way to communicate that out-of-band
-
Dave Cridland
jonasw, The client is told its jid during bind, mind. It doesn't use it until afterward.
-
Dave Cridland
jonasw, In SASL2, though, it gets told the authzid explicitly in the <success/>.
-
Dave Cridland
jonasw, Also, for amusement, this is how anonymous FTP works.
-
jonasw
oh right, the client doesn’t even need to know the bare JID, I forgot that
-
jonasw
Dave Cridland, ha, history repeats itself :)
-
Zash
Is there nice tooling for exploring graphs?