AsEvery session on XMPP generally has a unique routable identifier, known as a "resource". Many details and rules about resources in XMPP can be found in RFC 6120 [1]. This core RFC also describes how to "bind" a resource identifier to a session. This is a key part of session establishment for practically all XMPP clients. This specification describes an alternative protocol for resource binding than the one described in RFC 6120, based on Extensible SASL Profile (XEP-0388) [2].
As XMPP has grown more feature-rich over time, more steps have been introduced that clients are likely to perform at startup, e.g. resource binding, archive synchronisation, enabling Carbons. Some of these introduce race conditions - e.g. if a client synchronises the archive before enabling Carbons, it can miss stanzas sent between these events, or if it enables Carbons before synchronising the archive it can receive duplicate messages. It may also cause duplicate messages by combining archive synchronisation and receipt of offline messages, or by receipt of messages addressed to the full JID between resource binding and archive synchronisation. ThisTherefore, this document provides a mechanism for atomically performing these operations to avoid these race conditions. It also providesallows the server to provide information to a client that is generally useful about the state of the archiveuser's account.
There have been other suggestions of further enhancements to the stream startup process in XEP-0388 (SASL2), and it is expected that in the future some protocol here will be reframed in terms of these facilities, but the core premise of the XEP (that these features are needed, and need enabling together) remains. It may be desirable to make the enabling of features extensible, such that the client can request which features are needed, together, but the current approach should serve as a suitable basis for discussion. The returning of unread message state to the client relies on the archive having these data, which is a topic for another specification.A client doesIf a server supports Bind 2, it MUST advertise this within the SASL2 <inline/> element in the stream features, with a feature named 'bind' in the namespace 'urn:xmpp:bind:0'.
Clients do not advertise support for bindBind 2.0
Bind 2 supports inline negotiation of certain features specific to a session. If aThe features supported by the server supportsfor such inline negotiation MUST be included in an <inline/> child element within the bind 2feature element.0, it MUST advertise this in the stream features with a Each feature named 'bind' in theis listed as a <feature/> child element with a 'var' attribute indicating the extension's defined service discovery feature name or namespace 'urn:xmpp:bind2:0'.
<stream:features> <authentication xmlns='urn:xmpp:sasl:2'> <mechanism>SCRAM-SHA-1</mechanism> <mechanism>SCRAM-SHA-1-PLUS</mechanism> <inline> <bind xmlns='urn:xmpp:bind2:0''urn:xmpp:bind:0'> <inline> <feature var="urn:xmpp:carbons:2" /> <bind xmlnsfeature var='urn:ietf:params:xml:ns:xmpp-bind'"urn:xmpp:csi:0" /> <feature var="urn:xmpp:sm:3" /> </inline> </bind> <sm xmlns='urn:xmpp:sm:3'/> </inline> </authentication> </stream:features>
Bind 2 is never supported without SASL2, and so servers without support for SASL2 MUST NOT advertise the feature. Servers supporting SASL2 and Bind 2 may continue to offer legacy resource binding to clients.
After authenticationTo request resource binding, athe client performs a MUST include a <bind 2/> element, qualified by the 'urn:xmpp:bind:0' namespace, in its SASL2 <authenticate/> request.0 by sending an
The <bind/> element 'bind' in the samespace 'urn:xmpp:bind2:0'MAY contain the following child elements:
Additionally, the <bind/> element MAY contain one or more child elements in other namespaces, representing features that the client requests to be automatically enabled for its new session.
<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1'> <initial-response>[base64 encoded SASL data]</initial-response> <bind xmlns='urn:xmpp:bind2:0'/'urn:xmpp:bind:0'> <tag>AwesomeXMPP</tag> </bind> </authenticate>
<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1'>
<initial-response>[base64 encoded SASL data]</initial-response>
<bind xmlns='urn:xmpp:bind:0'>
<tag>AwesomeXMPP</tag>
<enable xmlns='urn:xmpp:carbons:2'/>
<enable xmlns='urn:xmpp:sm:3'/>
<inactive xmlns='urn:xmpp:csi:0'/>
</bind>
</authenticate>
If the client included a <bind/> element in its SASL2 <authenticate/> then the server MUST process the bind request after authentication is successful (including any necessary subsequent SASL2 tasks), but before sending the <success/> response. Following the usual rules of SASL2, the bind request MUST NOT be processed (i.e. it should be ignored) if the authentication is not successful.
Note: If the client included a <resume/> element in its SASL2 negotiation, that MUST be processed first by the server. If that resumption is successful, the server MUST skip resource binding (a resumed session already has a resource bound) and MUST entirely ignore the <bind/> request. If resumption of the previous stream fails, the server MUST include the XEP-0198 failure in the response, and then MUST proceed to process the bind request to establish a new session for the client.
Upon processing the bind request, the server MUST perform several operations, including:
Upon successful binding of a resource, the server SHOULD terminate any earlier sessions from the same client (identified by the <user-agent> 'id' attribute in its SASL2 authentication request).
If the client provided a <tag/> element in its bind request, the text content of that element SHOULD be included as-is in the final resource identifier, subject to the necessary validation for resource identifiers. This tag can help with client identification and debugging. The RECOMMENDED format is to include the client tag as a prefix of the server-generated identifier, separated by a single '/' character: [client tag]/[server generated identifier]. For example, AwesomeXMPP/rQ7Lwut0CcxW6.
Servers MAY choose to assign stable resource identifiers to clients, i.e. ensuring the same client will receive the same resource identifier for every bind request it makes. If a server or deployment provides resource identifier stability, the generated identifier SHOULD remain stable for every bind request with the same <tag/> and SASL2 <user-agent> id. The SASL2 <user-agent> id itself MUST NOT be exposed by the server in the generated resource identifier.
After processing the bind request as described above, the server MUST respond with the SASL <success/> element, including the client's full JID in the <authorization-identity/> element, and a <bound xmlns='urn:xmpp:bind2:0'/> element qualified by the 'urn:xmpp:bind:0' namespace, as in the following example:
<jidsuccess xmlns='urn:xmpp:sasl:2'>nurse@shakespeare <authorization-identity>user@example.litcom/abtet29a9fuAwesomeXMPP.4232f4d4</jidauthorization-identity> <latest-idbound xmlns='urn:xmpp:bind:0'>balisoseb <metadata xmlns='urn:xmpp:mam:2'> <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' /> <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' /> </latest-idmetadata> <unreads> <unread jid='romeo@shakespeare.lit' read-id='onuheuhoeu', unread-count='3'/> <unread jid='juliet@shakespeare.lit' read-id='koeunhth29', unread-count='43'/> </unreads> </bound> Servers SHOULD support the <unreads/success> feature, but if they do not then the
The server SHOULD include a <unreadsmetadata/> element MUST be elidedas defined by XEP-0313, to distinguish between an empty element (no unreaddescribing the state of the user's message archive at the precise time of resource binding. This helps the client determine what queries it may need to perform to synchronise messages) and a missing feature.
3Interactions with certain other extensions are hereby defined in this document:
A server supportingThe <bound/> response MUST also contain any defined responses to other enabled features, if any, though details of these are beyond the scope of this specification MUST allow the following initial commands to be pipelined: Initial client stream header SASL Authentication* Post-authentication stream header Bind 2.0 [ * pipelining will clearly not work for multi-stage SASL mechanisms, but the initial stage MUST be capable of being pipelined after the stream header, and the post-authentication stream header MUST be able to be pipelined after the final authentication element] In this way, a client is able to (if using 'xmpps' for avoiding starttls, to be defined elsewhere), on second and subsequent login cache the presence of bind 2.0 in stream features from a previous session, and pipeline the entire stream initialisation process by sending the stream header, followed by auth, followed by a stream header, followed by a bind 2.0 in a single chunk.
Note: also enable acks? discuss on standards@This specification is mostly a reworking ofcombines existing protocol/featuresprotocols together. Security considerations defined in those XEPs should be heeded as normal.
The additional facility provided here is to provide information on the user's archive; as this facility is provided post-authentication and is only providing the user's data to the user, it doesn't introduce new security considerations.
Implementations must adhere to the security considerations defined in XEP-0388 regarding the inclusion of SASL2 requests and inline feature negotiation in TLS 0-RTT ("early data") extensions. That is, they MUST NOT be sent or processed, except when appropriate mitigations are in place (which are beyond the scope of this document, but may be defined by others).
As it forms part of the resource identifier and therefore the full JID of the session, the 'tag' value provided by the client (if any), may be visible to other XMPP entities on the network that the client communicates with or that have access to the user's presence. The simple name of the client can provide value to users, operators and developers diagnosing issues, and it generally will not reveal more information than would be already available through service discovery. Unless they are operating in fully trusted environments, clients MUST NOT use identifiers that might reveal private information about a user or their system (such as hostnames).
None.
The urn:xmpp:bind2:0urn:xmpp:bind:0 namespace must be registered..
Thanks to Daniel Gultsch, Philipp Hörist, Thilo Molitor and Andrzej Wójcik for their valuable support with feedback, suggestions and implementations.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).
The HTML representation (you are looking at) is maintained by the XSF. It is based on the YAML CSS Framework, which is licensed under the terms of the CC-BY-SA 2.0 license.
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <https://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <editor@xmpp.org>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
1. RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/rfc6120>.
2. XEP-0388: Extensible SASL Profile <https://xmpp.org/extensions/xep-0388.html>.
3. XEP-0280: Message Carbons <https://xmpp.org/extensions/xep-0280.html>.
4. XEP-0313: Message Archive Management <https://xmpp.org/extensions/xep-0313.html>.
5. XEP-0198: Stream Management <https://xmpp.org/extensions/xep-0198.html>.
Note: Older versions of this specification might be available at https://xmpp.org/extensions/attic/
Various changes, made in parallel with working client and server implementation experience, and SASL2 updates.
More tightly define the integration with XEP-0388 and several session feature XEPs: XEP-0198, XEP-0280, XEP-0352.
Replace the custom latest-id element with the new metadata element from XEP-0313, which also provides richer information.
Drop unread tracking, as this is a deep topic not directly related to resource binding. Instead the details of integration with other extensions have been better defined and demonstrated, to allow such functionality when it is fully defined and exists.
Adjust proposed namespace on aesthetic grounds and consistency with SASL2's approach. As this protocol may become part of the new preferred connection flow for a long time to come, it makes no sense to include the redundant and potentially confusing '2' when there is no conflict without it. Similarly, the '.0' has been dropped from the XEP's title, as it isn't really a version number.
Allow the client some influence over the resulting resource identifier, and define a standard format for these combined identifiers.
Specify that servers should terminate old sessions from a client when it binds a new resource.
First draft accepted by the XMPP Council.
@report{smith2017bind2,
title = {Bind 22},
author = {Smith, Kevin and Wild, Matthew},
type = {XEP},
number = {0386},
version = {0.4.0},
authorinstitution = {Smith, Kevin},
type = {XEP},
number = {0386},
version = {0.3.0},
institution = {XMPP Standards Foundation},
url = {https://xmpp.org/extensions/xep-0386.html},
date = {2017-02-08/20192022-0110-31}07},
}END