On 6/26/15 5:26 AM, Matthew Wild wrote:
On 26 June 2015 at 00:51, Peter Saint-Andre - &yet <[email protected]> wrote:
Lance Stout and I had a conversation the other day about what we call "guest
access" to an XMPP application. As example, consider a chat service (text,
video, what have you) that has registered users and the ability for
registered users to invite ad-hoc users to a session or meeting. This kind
of functionality is quite common with applications like video conferencing
(Talky, Jitsi Meet, WebEx, etc.).
If this kind of application is based on XMPP, the invited user needs to gain
access to the network (i.e., authenticate somehow) in order to join the
conference. However, for security and scaling reasons it makes sense to have
these ad-hoc users authenticate at a different place than the registered
users. (Often, but not always, the ad-hoc users might "authenticate" using
the SASL ANONYMOUS mechanism, but other methods are possible such as token
auth.)
Thus we need a way for a client to discover where it can authenticate as an
ad-hoc or guest user. We don't want to use a DNS SRV Service name of
"xmpp-client" because that will point clients to the service endpoint for
registered users. What we came up with was to use a new DNS SRV Service name
of "xmpp-guest", which would point to the service endpoint for guest access.
Has anyone else deployed this kind of pattern? If so, how did you solve the
problem of service endpoint discovery? Would you find it helpful to have a
DNS SRV Service name for this kind of access?
Would a TXT record not be more appropriate?
Not according to IETF folks. There's a real animus against TXT records
for SRV-ish things (and this seems like one of them).
Containing the XMPP host
of a suitable place to authenticate anonymously? A SRV will tell you
where to connect to, but not which XMPP host to use.
Sure, you need to do the SRV two-step.
TXT gives you
both (because you can proceed with the usual SRV lookups for the guest
host, once you know it).
If you're using the same XMPP host for non-guest and guest, I don't
see the need for an extra DNS record. I don't see a use-case for for
non-guest and guest on the same XMPP host but different network hosts
To my mind, it's about separation of concerns - I'd rather not mix my
anonymous users with my registered users.
(just use clustering(TM)).
Given that we're using Prosody, I suppose I'll take up *that* topic in
the Prosody chatroom. ;-)
Finally, if we were to use TXT, then maybe this is a candidate for
inclusion in XEP-0156?
If we were to use TXT, yes.
Peter
--
Peter Saint-Andre
https://andyet.com/
