On Fri, Jan 4, 2013 at 11:14 PM, Peter Saint-Andre <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > XEP-0077 is silent about how to handle registration with a server when > the request contains a 'to' address. Consider the following example of > an admin (or automated administrative process) creating a new user: > > <iq type='set' from='[email protected]/foo' to='[email protected]' > id='bar'> > <query xmlns='jabber:iq:register'> > <username>user24601</username> > <password>Isabeau</password> > </query> > </iq> > > Yes, we have a flow for account creation in XEP-0133, but it would be > good if at the least XEP-0077 were not silent about how to handle user > registrations containing 'to' addresses.
For initial registration the to doesn't make sense, does it? For subsequent password changes, an admin changing a user's password might be reasonable, but 133's possible the better solution there. So should 77 just say "Don't do this"? /K
