Am 09.09.2011 21:08, schrieb Justin Karneges:
I wonder how practical it would be to allow a third-party to send a stanza
using a "from" domain that is already controlled by an existing server.
I imagine a flow going something like this:
S1 = official server (owner of domain)
T1 = third party server (the one sending the stanza)
S2 = target server (the one receiving the stanza)
1) T1 handshakes with S2, claiming to be S1 and providing dialback key.
2) S2 dialbacks to S1, presenting dialback key for verification.
3) S1 replies with success, vouching for the key provided by T1.
4) T1 sends stanza to S2 using JID with domain @S1.
The challenge with allowing a third-party to do this is the need for both S1
and T1 to understand the same dialback key scheme, which may involve sharing
data or sharing a secret key and algorithm. Has anyone considered a standard
approach for this?
One situation I could see this being useful is if you wanted to delegate the
task of sending a lot of pubsub notification events to a third party server.
However, there is still one problem with this offloading idea which is that all
the dialback requests would still blast S1 to hell.
You can't allow another server to behave like one from a foreign domain
he can't offer an authorization for. And standardizing how servers are
clustered doesn't make sense because that is highly dependant on the
configuration and internal work flows (e.g. how data is shared between
servers).
Regards,
Alexander
