On Wed, 19 Mar 2025 at 17:12, Matthew Wild <[email protected]> wrote: > On Wed, 19 Mar 2025 at 15:53, Andrzej Telezynski > <[email protected]> wrote: > > > > Hello, > > > > I am confused about those two elements: `authorization-identity` and > `authorization-identifier`. > > Are they equivalent? They seem to be used in the same context. > > Ha, lots of fun. I think the correct one is > <authorization-identifier/>. It's in XEP-0388 which is the official > definition of the urn:xmpp:sasl:2 namespace. I confirmed it's also > what Prosody is using, and lots of client implementations were > developed against Prosody. > > The SASL RFC (https://www.rfc-editor.org/rfc/rfc4422 ) uses the term > "authorization identity" (the term "authorization identifier" does not > appear), so I guess that's how the "wrong" term slipped in by mistake, > and probably got copied into the later XEPs. > > Whoops. Sorry.
> > Grepping the XEPS repo shows both are used: > > > > $ grep -rl authorization-identity > > ./xep-0484.xml > > ./inbox/xep-fast.xml > > ./inbox/sasl2.xml > > ./xep-0386.xml > > > > $ grep -rl authorization-identifier > > ./xep-0480.xml > > ./inbox/xep-downgrade-prevention.xml > > ./inbox/xep-scram-upgrade.xml > > ./inbox/sasl2.xml > > ./xep-0198.xml > > ./xep-0388.xml > > ./xep-0474.xml > > > > What confuses me is that they both are used in the same context, f. ex.: > > > > "XEP-0386: Bind 2" has `authorization-identity` in successful Bind > response: > > https://xmpp.org/extensions/xep-0386.html#example-4 > > > > <success xmlns='urn:xmpp:sasl:2'> > > <authorization-identity>[email protected]/AwesomeXMPP.4232f4d4 > </authorization-identity> > > <bound xmlns='urn:xmpp:bind:0'> > > <metadata xmlns='urn:xmpp:mam:2'> > > <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' /> > > <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' /> > > </metadata> > > </bound> > > </success> > > > > But "XEP-0388: Extensible SASL Profile" uses `authorization-identifier` > > https://xmpp.org/extensions/xep-0388.html#example-7 > > > > <success xmlns='urn:xmpp:sasl:2'> > > <!-- Base64 of: 'v=msVHs/BzIOHDqXeVH7EmmDu9id8=' --> > > <additional-data> > > dj1tc1ZIcy9CeklPSERxWGVWSDdFbW1EdTlpZDg9 > > </additional-data> > > <authorization-identifier>[email protected]</authorization-identifier> > > </success> > > > > Is it valid to use `authorization-identifier` in all those cases? > > > > What about other XEPS that use `authorization-identity` f. ex. > > "XEP-0484: Fast Authentication Streamlining Tokens" ? > > https://xmpp.org/extensions/xep-0484.html#example-3 > > > > It seems that clients need to expect both variants anyway. > > It's a mistake in the XEPs, they shouldn't be contradicting each > other. XEP-0388 defines the urn:xmpp:sasl:2 namespace and it defines > only <authorization-identifier/>. > > The only XEPs containing 'authorization-identity' are XEP-0386 and > XEP-0484, and I worked on both of those, so apologies! I'll make sure > they get fixed. > > Maybe if we ever bump the sasl:2 namespace we can change the element > name to match the SASL RFC's original terminology though :) > > Yeah, it's not ideal, but I think we're stuck with it. Strictly speaking, I think I'm sort of right in as much as an identifier is a name, whereas the identity is something more abstract. RFC 4422 does use the term "authorization identity string", which is what "authorization-identifier" is. <authorization-identity-string/> is really getting a little too verbose - be glad it wasn't <authz-id-string/>, which would match the ABNF. > Regards, > Matthew > _______________________________________________ > Standards mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
