Peter Saint-Andre wrote:
On 7/30/09 11:12 AM, Alexey Melnikov wrote:Peter Saint-Andre wrote:
[...]
SECTION 5.1The "n" attribute specifies a username. Is it up to the using protocol define exactly what a username is? I am thinking of hosting providers that might host multiple domains for a given service, such that the the username is not a "local-part" but could include a domain name (XMPP is but one example; others might include IMAP).My copy already says: This attribute specifies the name of the user whose password is used for authentication (a.k.a. "authentication identity" <xref target='RFC4422'/>). And according to RFC 4422, each mechanism defines how authentication identity looks like. For SCRAM it is a "simple username" (i.e. <localpart>[@<domain>]), for Kerberos it is a Kerberos principal, etc.My concern is that "the name of the user" could be construed to mean "localpart", which is commonly called the "username" portion of an address.
Can you recommend a better text?
This applies to authorization identities in XMPP. Authorization identity format is protocol specific.For the "n" attribute, "the server SHOULD prepare it using the "SASLPrep" profile". Under what circumstances is it appropriate for the server to not prepare the value according to SASLPrep?This is a cut&paste from the DIGEST-MD5 update I was working on. If I remember correctly there was some objection to making this a MUST. To this day many implementors don't implement SASLPrep, so I think this is a reasonable compromise.Again, my concern is that some other preparation rule might be appropriate (e.g., in XMPP localpart@xxxxxxxxxx is prepared according to two separate rules because there is one rule for localpart and another rule for domain).