XSF Discussion - 2018-06-15


  1. edhelas

    there is not MAM on mux.xmpp.org yet ?

  2. edhelas

    another question, why a pubsub service disco#info returns pubsub-service and a conference service disco#fino return conference-text

  3. Dave Cridland

    edhelas, I've no idea. I don't think in most cases the disco identities were ever that well thought through.

  4. Dave Cridland

    edhelas, I mean, I've no idea what advantage there is in making MIX give out conference/text as well, or if there's a risk involved.

  5. Dave Cridland

    edhelas, But I have to say I like disco#fino. We should make one of those.

  6. edhelas

    :p

  7. edhelas

    no but I'd expect to have all the services declared as services

  8. Dave Cridland

    conference/service for MUC and MIX? That probably makes some sense. Or would have had we done things that way.

  9. edhelas

    then I can more easily differenciate what are info coming from services and from muc

  10. edhelas

    same for pubsub actually

  11. Dave Cridland

    WHat do you do with the identity though?

  12. edhelas

    it's basically to store things in the db, and to trigger some more disco#items request sometimes

  13. Guus

    Could SASL mechanisms other than ANONYMOUS be used to establish anonymous logins? Akin to one-time passwords, perhaps?

  14. MattJ

    Of course

  15. Guus

    Is there a generic concept there? Any mechanism that succeeds, but doesn't result in an authzid, something like that?

  16. MattJ

    I'm not sure what you mean. Are you talking about re-using PLAIN? or custom mechanisms?

  17. MattJ

    I find EXTERNAL useful, for example I use it with BOSH/websockets for cookie auth

  18. Guus

    something like OAUTHBEARER with a token - could be EXTERNAL too, I guess.

  19. Guus

    I'm wondering about limited time access kind of tokens.

  20. Dave Cridland

    SCRAM could result in an anonymous login, mind. Any SASL mechanism results in an authzid - ANONYMOUS is just special in not having an authcid.

  21. Guus

    Dave, we miss you in open_chat 🙂

  22. SamWhited

    SCRAM has a concept of anonymous logins? How does that work?

  23. jonasw

    Dave Cridland, what’s the authcid? I fail to find the definition in SASL or SCRAM either

  24. jonasw

    is that defined in the using protocol?

  25. jonasw

    (I remember having seen it before)

  26. jonasw

    (but it’s not in RFC 6120 eihter)

  27. jonasw

    (but it’s not in RFC 6120 either)

  28. Dave Cridland

    SamWhited, SCRAM has no concept itself. But if one assumes that an anonymous user is simply one with a possibly ephemeral authzid that has some special property, then there's no reason you can't get one of those by authenticating with SCRAM.

  29. Dave Cridland

    jonasw, AUTHentiCation IDentifier. Or loosely, what the mechanism uses as the username. There's always been some question of whether PKIX's authcid is the certificate or not, which is why I say "loosely" - it gets a bit philosophical after a while.

  30. jonasw

    ahhh

  31. jonasw

    right

  32. Dave Cridland

    jonasw, Whereas the authzid is - for us - always a JID.

  33. jonasw

    authzid is what you’re authorized to used after you’ve been authenticated, r ight

  34. jonasw

    so what one would do is to use an ephemeral authcid (or a special one which indicates anonymous thing) and then SCRAM or PLAIN with a one-time token

  35. jonasw

    so what one would do is to use an ephemeral authcid (or a special one which indicates anonymous thing) and then SCRAM or PLAIN with a one-time token as password

  36. jonasw

    one would then still have to specify how the client knows which bare JID it gets, if it wants to bind. but that could be in ephemeral authcid if there’s a way to communicate that out-of-band

  37. Dave Cridland

    jonasw, The client is told its jid during bind, mind. It doesn't use it until afterward.

  38. Dave Cridland

    jonasw, In SASL2, though, it gets told the authzid explicitly in the <success/>.

  39. Dave Cridland

    jonasw, Also, for amusement, this is how anonymous FTP works.

  40. jonasw

    oh right, the client doesn’t even need to know the bare JID, I forgot that

  41. jonasw

    Dave Cridland, ha, history repeats itself :)

  42. Zash

    Is there nice tooling for exploring graphs?