On Sep 21, 2011, at 8:53 AM, Dave Cridland wrote: > Registration does indeed pose a problem - I see three strategies for dealing > with it:
I think registration is divorce-able from management of existing accounts, and should be divorced. I suspect there is little actual demand from deployers for In-XMPP registration. Most folks are likely to use some sort of out-of-band method to provision users… even public XMPP services are likely to use web-based provision. I rather we worry more about user management of their existing account. -- Kurt > > a) We avoid the issue entirely. This is probably the sensible option - it's > conceptually distinct from other areas of account management in any case. > > b) We use stream features or pre-auth IQ. Neither are, to my mind, terribly > palatable. > > c) We use anonymous authentication to the server (or its delegated account > management service) and then use fairly ordinary <iq/>s. This seems to fit > neatly into the design of XMPP. > > For both account management and registration, using the ad-hoc framework > seems most sensible - it would allow us maximum flexibility as well as > near-instant deployment. > > If this seems like a good starting point, then I'm perfectly happy to write > this up, and equally happy if someone else wants to. > > Dave. > -- > Dave Cridland - mailto:[email protected] - xmpp:[email protected] > - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ > - http://dave.cridland.net/ > Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
