The stream element MUST possess both a streams namespace declaration and a default namespace declaration as "namespace declaration" is defined in the XML namespaces specification Bray, T. If the initiating entity includes the 'version' attribute set to a value of at least "1. If one or more security features e. The error child MUST be sent by a compliant entity usually a server rather than a client if it perceives that a stream-level error has occurred. If included, it SHOULD be used only to provide descriptive or diagnostic information that supplements the meaning of a defined condition or application-specific condition.
As noted, an application MAY provide application-specific stream error information by including a properly-namespaced child in the error element. This section contains two simplified examples of a stream-based "session" of a client on a server where the "C" lines are sent from the client to the server, and the "S" lines are sent from the server to the client ; these examples are included for the purpose of illustrating the concepts introduced thus far.
XMPP includes a method for securing the stream from tampering and eavesdropping. An administrator of a given domain MAY require the use of TLS for client-to-server communications, server-to-server communications, or both. The [ASN. Object Identifier "id-on-xmppAddr" described above is defined as follows:.
When an initiating entity secures a stream with a receiving entity using TLS, the steps involved are as follows:. The following example shows the data flow for a client securing a stream using STARTTLS note: the alternate steps shown below are provided to illustrate the protocol for failure cases; they are not exhaustive and would not necessarily be triggered by the data sent in the example. Step 8: Server responds by sending a stream header to client along with any available stream features:.
The following example shows the data flow for two servers securing a stream using STARTTLS note: the alternate steps shown below are provided to illustrate the protocol for failure cases; they are not exhaustive and would not necessarily be triggered by the data sent in the example. Step 8: Server2 responds by sending a stream header to Server1 along with any available stream features:. When an initiating entity authenticates with a receiving entity using SASL, the steps involved are as follows:.
The following example shows the data flow for a client authenticating with a server using SASL, normally after successful TLS negotiation note: the alternate steps shown below are provided to illustrate the protocol for failure cases; they are not exhaustive and would not necessarily be triggered by the data sent in the example. Step Server responds by sending a stream header to client along with any additional features or an empty features element :.
The following example shows the data flow for a server authenticating with another server using SASL, normally after successful TLS negotiation note: the alternate steps shown below are provided to illustrate the protocol for failure cases; they are not exhaustive and would not necessarily be triggered by the data sent in the example.
Step Server2 responds by sending a stream header to Server1 along with any additional features or an empty features element :. Upon receiving a success indication within the SASL negotiation, the client MUST send a new stream header to the server, to which the server MUST respond with a stream header as well as a list of available stream features.
Upon being so informed that resource binding is required, the client MUST bind a resource to the stream by sending to the server an IQ stanza of type "set" see IQ Semantics IQ Semantics containing data qualified by the 'urn:ietf:params:xml:ns:xmpp-bind' namespace. A server that supports resource binding MUST be able to generate a resource identifier on behalf of a client.
When a client supplies a resource identifier, the following stanza error conditions are possible see Stanza Errors Stanza Errors :. The Jabber protocols from which XMPP was adapted include a "server dialback" method for protecting against domain spoofing, thus making it more difficult to spoof XML stanzas. Server dialback is not a security mechanism, and results in weak verification of server identities only see Server-to-Server Communications Server-to-Server Communications regarding this method's security characteristics.
Documentation of dialback is included mainly for the sake of backward-compatibility with existing implementations and deployments. The server dialback method is made possible by the existence of the Domain Name System DNS , since one server can normally discover the authoritative server for a given domain. Server dialback is uni-directional, and results in weak verification of identities for one stream in one direction. Because server dialback is not an authentication mechanism, mutual authentication is not possible via dialback.
Therefore, server dialback MUST be completed in each direction in order to enable bi-directional communications between two domains. The method for generating and verifying the keys used in server dialback MUST take into account the hostnames being used, the stream ID generated by the receiving server, and a secret known by the authoritative server's network.
Any error that occurs during dialback negotiation MUST be considered a stream error, resulting in termination of the stream and of the underlying TCP connection. The possible error conditions are specified in the protocol description below. The inclusion of the xmlns:db namespace declaration with the name shown indicates to the Receiving Server that the Originating Server supports dialback.
Note: This key is not examined by the Receiving Server, since the Receiving Server does not keep information about the Originating Server between sessions. Note: Passed here are the hostnames, the original identifier from the Receiving Server's stream header to the Originating Server in Step 3, and the key that the Originating Server sent to the Receiving Server in Step 4.
Based on this information, as well as shared secret information within the Authoritative Server's network, the key is verified. Any verifiable method MAY be used to generate the key. The result of the foregoing is that the Receiving Server has verified the identity of the Originating Server, so that the Originating Server can send, and the Receiving Server can accept, XML stanzas over the "initial stream" i.
In order to verify the identities of the entities using the "response stream" i. Both of these checks help to prevent spoofing related to particular stanzas. In addition, there are five common attributes for these kinds of stanza. In the 'jabber:client' namespace, a stanza SHOULD possess a 'to' attribute, although a stanza sent from a client to a server for handling by that server e. If the value of the 'to' attribute is invalid or cannot be contacted, the entity discovering that fact usually the sender's or recipient's server MUST return an appropriate error to the sender, setting the 'from' attribute of the error stanza to the value provided in the 'to' attribute of the offending stanza.
When a server receives an XML stanza within the context of an authenticated stream qualified by the 'jabber:client' namespace, it MUST do one of the following:. If generated, both of these conditions MUST result in closure of the stream and termination of the underlying TCP connection; this helps to prevent a denial of service attack launched from a rogue client.
When a server generates a stanza from the server itself for delivery to a connected client e. When a client receives a stanza that does not include a 'from' attribute, it MUST assume that the stanza is from the server to which the client is connected.
Both of these conditions MUST result in closure of the stream and termination of the underlying TCP connection; this helps to prevent a denial of service attack launched from a rogue server. The optional 'id' attribute MAY be used by a sending entity for internal tracking of stanzas that it sends and receives especially for tracking the request-response interaction inherent in the semantics of IQ stanzas.
The 'type' attribute specifies detailed information about the purpose or context of the message, presence, or IQ stanza. The only 'type' value common to all three stanzas is "error"; see Stanza Errors Stanza Errors. The value of the 'xml:lang' attribute specifies the default language of any such human-readable XML character data, which MAY be overridden by the 'xml:lang' attribute of a specific child element. If a stanza does not possess an 'xml:lang' attribute, an implementation MUST assume that the default language is that specified for the stream as defined under Stream Attributes Stream Attributes above.
Note: Many of the following implementations support the older Google Talk protocol and are being upgraded to support Jingle as it is defined in the specifications; contact the project developers for details. In addition to standard chatroom features such as room topics and invitations, the protocol defines a strong room control model, including the ability to kick and ban users, to name room moderators and administrators, to require membership or passwords in order to join the room, etc.
External Components - the following standalone components can be used with a wide variety of XMPP servers:. PubSub is a protocol extension for generic publish-subscribe functionality, specified in XEP The protocol enables XMPP entities to create nodes topics at a pubsub service and publish information at those nodes; an event notification with or without payload is then broadcasted to all entities that have subscribed to the node.
Pubsub therefore adheres to the classic Observer design pattern and can serve as the foundation for a wide variety of applications, including news feeds, content syndication, rich presence, geolocation, workflow systems, network management systems, and any other application that requires event notifications. Some of the more popular payloads are listed below, especially for rich presence related to IM users:. These allow messages to be exchanged with other users.
This can also be done simultaneously on different devices: With XMPP, you can be online on your phone and your desktop computer simultaneously and access your conversations. You can choose an XMPP client that you like or even develop your own if you can program - there is no company binding. XMPP is particularly popular with WhatsApp critics because it is a free, independent and privacy-friendly alternative.
Create an account on trashserver. Please use ide. Load Comments. What's New. Most popular in Web Technologies. Convert a string to an integer in JavaScript How to create footer to stay at the bottom of a Web page? How to execute PHP code using command line?
Web 1.
0コメント