On Fri, Jun 14, 2013 at 10:24 PM, Kurt Zeilenga <[email protected]>wrote:
> > On Jun 14, 2013, at 2:10 PM, Dave Cridland <[email protected]> wrote: > > Obviously if the same name was used in both places, this was the same as > not requesting Proxy Auth. > > > Actually, not necessarily so. > > Note the even where the credentials do contain an authzid, it's in the > mechanism's name space whereas the authzid is in the application's > namespace. For instance, I can login as "kurt" in PLAIN but have a JID of > "[email protected]". (This is a real example.) > I did say that was the case originally, before it was genericised into SASL. I'm actually paraphrasing Mark Crispin here, as it happens. Because of my (a), it's meant that instead of empty meaning "use my authenticaiton identifier", it now means "use the default authorization identifier derived from the authentication identifier", indeed. Dave.
