In that case then I think you end up always using the authorization identity since it will always be included for backward compatibility. And if it's there on the receiving end you need to use it because it might be there legitimately. Yes?
Which then begs the question, should this information be in two places? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Philipp Hancke Sent: Wednesday, October 13, 2010 7:06 AM To: XMPP Standards Subject: Re: [Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates) David Richards wrote: > Also, step 10 in section 3, xep-0178 conflicts with 3920bis step 9 in > section 9.2.2. 178 indicates inclusion of authorization identity matching > the from attribute of the server1 to server2 stream element while 3920bis > indicates an empty authorization identity. I think the best strategy (right now) is to include the authorization identity when sending (for backward compability reasons) and to ignore it (and use the stream's 'from') as a receiver.
