XEP-0386: Bind 2

Abstract
This specification provides a single-request replacement for several activities an XMPP client needs to do at startup.
Authors
  • Kevin Smith
  • Matthew Wild
Copyright
© 1999 – 2021 XMPP Standards Foundation. SEE LEGAL NOTICES.
Status

Deferred

WARNING: This document has been automatically Deferred after 12 months of inactivity in its previous Experimental state. Implementation of the protocol described herein is not recommended for production systems. However, exploratory implementations are encouraged to resume the standards process.
Type
Standards Track
Version
0.4.0 (2022-10-07)
Document Lifecycle
  1. Experimental
  2. Deferred
  3. Proposed
  4. Stable
  5. Final

1. Introduction

Every session on XMPP generally has a unique routable identifier, known as a "resource". Many details and rules about resources in XMPP can be found in RFC 6120 [1]. This core RFC also describes how to "bind" a resource identifier to a session. This is a key part of session establishment for practically all XMPP clients. This specification describes an alternative protocol for resource binding than the one described in RFC 6120, based on Extensible SASL Profile (XEP-0388) [2].

As XMPP has grown more feature-rich over time, more steps have been introduced that clients are likely to perform at startup, e.g. resource binding, archive synchronisation, enabling Carbons. Some of these introduce race conditions - e.g. if a client synchronises the archive before enabling Carbons, it can miss stanzas sent between these events, or if it enables Carbons before synchronising the archive it can receive duplicate messages. It may also cause duplicate messages by combining archive synchronisation and receipt of offline messages, or by receipt of messages addressed to the full JID between resource binding and archive synchronisation. Therefore, this document provides a mechanism for atomically performing these operations to avoid these race conditions. It also allows the server to provide information to a client that is generally useful about the state of the user's account.

2. Requirements

3. Use Cases

3.1 Discovering support

If a server supports Bind 2, it MUST advertise this within the SASL2 <inline/> element in the stream features, with a feature named 'bind' in the namespace 'urn:xmpp:bind:0'.

Clients do not advertise support for Bind 2.

Bind 2 supports inline negotiation of certain features specific to a session. The features supported by the server for such inline negotiation MUST be included in an <inline/> child element within the bind feature element. Each feature is listed as a <feature/> child element with a 'var' attribute indicating the extension's defined service discovery feature name or namespace.

Example 1. Server advertises support in stream features
<stream:features>
  <authentication xmlns='urn:xmpp:sasl:2'>
    <mechanism>SCRAM-SHA-1</mechanism>
    <mechanism>SCRAM-SHA-1-PLUS</mechanism>
    <inline>
      <bind xmlns='urn:xmpp:bind:0'>
        <inline>
          <feature var="urn:xmpp:carbons:2" />
          <feature var="urn:xmpp:csi:0" />
          <feature var="urn:xmpp:sm:3" />
        </inline>
      </bind>
      <sm xmlns='urn:xmpp:sm:3'/>
    </inline>
  </authentication>
</stream:features>

Bind 2 is never supported without SASL2, and so servers without support for SASL2 MUST NOT advertise the feature. Servers supporting SASL2 and Bind 2 may continue to offer legacy resource binding to clients.

3.2 Performing the bind

To request resource binding, the client MUST include a <bind/> element, qualified by the 'urn:xmpp:bind:0' namespace, in its SASL2 <authenticate/> request.

The <bind/> element MAY contain the following child elements:

Additionally, the <bind/> element MAY contain one or more child elements in other namespaces, representing features that the client requests to be automatically enabled for its new session.

Example 2. Client provides a resource bind request
<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1'>
  <initial-response>[base64 encoded SASL data]</initial-response>
  <bind xmlns='urn:xmpp:bind:0'>
    <tag>AwesomeXMPP</tag>
  </bind>
</authenticate>
Example 3. Client provides a resource bind request, additionally requesting some session features
<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1'>
  <initial-response>[base64 encoded SASL data]</initial-response>
  <bind xmlns='urn:xmpp:bind:0'>
    <tag>AwesomeXMPP</tag>
    <enable xmlns='urn:xmpp:carbons:2'/>
    <enable xmlns='urn:xmpp:sm:3'/>
    <inactive xmlns='urn:xmpp:csi:0'/>
  </bind>
</authenticate>

If the client included a <bind/> element in its SASL2 <authenticate/> then the server MUST process the bind request after authentication is successful (including any necessary subsequent SASL2 tasks), but before sending the <success/> response. Following the usual rules of SASL2, the bind request MUST NOT be processed (i.e. it should be ignored) if the authentication is not successful.

Note: If the client included a <resume/> element in its SASL2 negotiation, that MUST be processed first by the server. If that resumption is successful, the server MUST skip resource binding (a resumed session already has a resource bound) and MUST entirely ignore the <bind/> request. If resumption of the previous stream fails, the server MUST include the XEP-0198 failure in the response, and then MUST proceed to process the bind request to establish a new session for the client.

Upon processing the bind request, the server MUST perform several operations, including:

Upon successful binding of a resource, the server SHOULD terminate any earlier sessions from the same client (identified by the <user-agent> 'id' attribute in its SASL2 authentication request).

3.2.1 Resource identifier generation

If the client provided a <tag/> element in its bind request, the text content of that element SHOULD be included as-is in the final resource identifier, subject to the necessary validation for resource identifiers. This tag can help with client identification and debugging. The RECOMMENDED format is to include the client tag as a prefix of the server-generated identifier, separated by a single '/' character: [client tag]/[server generated identifier]. For example, AwesomeXMPP/rQ7Lwut0CcxW6.

Servers MAY choose to assign stable resource identifiers to clients, i.e. ensuring the same client will receive the same resource identifier for every bind request it makes. If a server or deployment provides resource identifier stability, the generated identifier SHOULD remain stable for every bind request with the same <tag/> and SASL2 <user-agent> id. The SASL2 <user-agent> id itself MUST NOT be exposed by the server in the generated resource identifier.

After processing the bind request as described above, the server MUST respond with the SASL <success/> element, including the client's full JID in the <authorization-identity/> element, and a <bound/> element qualified by the 'urn:xmpp:bind:0' namespace, as in the following example:

Example 4. Server responds after processing the bind
<success xmlns='urn:xmpp:sasl:2'>
  <authorization-identity>user@example.com/AwesomeXMPP.4232f4d4</authorization-identity>
  <bound xmlns='urn:xmpp:bind:0'>
    <metadata xmlns='urn:xmpp:mam:2'>
      <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' />
      <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' />
    </metadata>
  </bound>
</success>

The server SHOULD include a <metadata/> element as defined by XEP-0313, describing the state of the user's message archive at the precise time of resource binding. This helps the client determine what queries it may need to perform to synchronise messages.

Interactions with certain other extensions are hereby defined in this document:

The <bound/> response MUST also contain any defined responses to other enabled features, if any, though details of these are beyond the scope of this specification.

4. Security Considerations

This specification mostly combines existing protocols together. Security considerations defined in those XEPs should be heeded as normal.

The additional facility provided here to provide information on the user's archive is provided post-authentication and is only providing the user's data to the user.

Implementations must adhere to the security considerations defined in XEP-0388 regarding the inclusion of SASL2 requests and inline feature negotiation in TLS 0-RTT ("early data") extensions. That is, they MUST NOT be sent or processed, except when appropriate mitigations are in place (which are beyond the scope of this document, but may be defined by others).

As it forms part of the resource identifier and therefore the full JID of the session, the 'tag' value provided by the client (if any), may be visible to other XMPP entities on the network that the client communicates with or that have access to the user's presence. The simple name of the client can provide value to users, operators and developers diagnosing issues, and it generally will not reveal more information than would be already available through service discovery. Unless they are operating in fully trusted environments, clients MUST NOT use identifiers that might reveal private information about a user or their system (such as hostnames).

5. IANA Considerations

None.

6. XMPP Registrar Considerations

The urn:xmpp:bind:0 namespace must be registered..

7. Acknowledgements

Thanks to Daniel Gultsch, Philipp Hörist, Thilo Molitor and Andrzej Wójcik for their valuable support with feedback, suggestions and implementations.


Appendices

Appendix A: Document Information

Series
XEP
Number
0386
Publisher
XMPP Standards Foundation
Status
Deferred
Type
Standards Track
Version
0.4.0
Last Updated
2022-10-07
Approving Body
XMPP Council
Dependencies
XMPP Core, XMPP IM, XEP-0313, XEP-0280
Supersedes
None
Superseded By
None
Short Name
bind2
Source Control
HTML

This document in other formats: XML  PDF

Appendix B: Author Information

Kevin Smith
Email
kevin.smith@isode.com
JabberID
kevin.smith@isode.com
Matthew Wild
Email
mwild1@gmail.com
JabberID
me@matthewwild.co.uk

Copyright

This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF).

Permissions

Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.

Disclaimer of Warranty

## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##

Limitation of Liability

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.

IPR Conformance

This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).

Visual Presentation

The HTML representation (you are looking at) is maintained by the XSF. It is based on the YAML CSS Framework, which is licensed under the terms of the CC-BY-SA 2.0 license.

Appendix D: Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Appendix E: Discussion Venue

The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.

Discussion on other xmpp.org discussion lists might also be appropriate; see <https://xmpp.org/community/> for a complete list.

Errata can be sent to <editor@xmpp.org>.

Appendix F: Requirements Conformance

The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".

Appendix G: Notes

1. RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/rfc6120>.

2. XEP-0388: Extensible SASL Profile <https://xmpp.org/extensions/xep-0388.html>.

3. XEP-0280: Message Carbons <https://xmpp.org/extensions/xep-0280.html>.

4. XEP-0313: Message Archive Management <https://xmpp.org/extensions/xep-0313.html>.

5. XEP-0198: Stream Management <https://xmpp.org/extensions/xep-0198.html>.

Appendix H: Revision History

Note: Older versions of this specification might be available at https://xmpp.org/extensions/attic/

  1. Version 0.4.0 (2022-10-07)

    Various changes, made in parallel with working client and server implementation experience, and SASL2 updates.

    More tightly define the integration with XEP-0388 and several session feature XEPs: XEP-0198, XEP-0280, XEP-0352.

    Replace the custom latest-id element with the new metadata element from XEP-0313, which also provides richer information.

    Drop unread tracking, as this is a deep topic not directly related to resource binding. Instead the details of integration with other extensions have been better defined and demonstrated, to allow such functionality when it is fully defined and exists.

    Adjust proposed namespace on aesthetic grounds and consistency with SASL2's approach. As this protocol may become part of the new preferred connection flow for a long time to come, it makes no sense to include the redundant and potentially confusing '2' when there is no conflict without it. Similarly, the '.0' has been dropped from the XEP's title, as it isn't really a version number.

    Allow the client some influence over the resulting resource identifier, and define a standard format for these combined identifiers.

    Specify that servers should terminate old sessions from a client when it binds a new resource.

    mw
  2. Version 0.3.0 (2019-01-31)
    Begrudingly allow non-unread-tracking servers, mention SASL2.
    kis
  3. Version 0.2.0 (2018-02-08)
    Defer due to lack of activity.
    XEP Editor (jc)
  4. Version 0.1.0 (2017-02-08)

    First draft accepted by the XMPP Council.

    XEP Editor: ssw

Appendix I: Bib(La)TeX Entry

@report{smith2017bind2,
  title = {Bind 2},
  author = {Smith, Kevin and Wild, Matthew},
  type = {XEP},
  number = {0386},
  version = {0.4.0},
  institution = {XMPP Standards Foundation},
  url = {https://xmpp.org/extensions/xep-0386.html},
  date = {2017-02-08/2022-10-07},
}

END