draft-ietf-xmpp-websocket-07.txt   draft-ietf-xmpp-websocket-08.txt 
XMPP Working Group L. Stout, Ed. XMPP Working Group L. Stout, Ed.
Internet-Draft &yet Internet-Draft &yet
Intended status: Standards Track J. Moffitt Intended status: Standards Track J. Moffitt
Expires: December 8, 2014 Mozilla Expires: January 23, 2015 Mozilla
E. Cestari E. Cestari
cstar industries cstar industries
June 6, 2014 July 22, 2014
An XMPP Sub-protocol for WebSocket An XMPP Sub-protocol for WebSocket
draft-ietf-xmpp-websocket-07 draft-ietf-xmpp-websocket-08
Abstract Abstract
This document defines a binding for the XMPP protocol over a This document defines a binding for the XMPP protocol over a
WebSocket transport layer. A WebSocket binding for XMPP provides WebSocket transport layer. A WebSocket binding for XMPP provides
higher performance than the current HTTP binding for XMPP. higher performance than the current HTTP binding for XMPP.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 8, 2014. This Internet-Draft will expire on January 23, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. XMPP Sub-Protocol . . . . . . . . . . . . . . . . . . . . . . 3 3. XMPP Sub-Protocol . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Handshake . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Handshake . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. WebSocket Messages . . . . . . . . . . . . . . . . . . . 4 3.2. WebSocket Messages . . . . . . . . . . . . . . . . . . . 4
3.3. XMPP Framing . . . . . . . . . . . . . . . . . . . . . . 4 3.3. XMPP Framing . . . . . . . . . . . . . . . . . . . . . . 5
3.3.1. Framed XML Stream . . . . . . . . . . . . . . . . . . 4 3.3.1. Framed XML Stream . . . . . . . . . . . . . . . . . . 5
3.3.2. Framed Stream Namespace . . . . . . . . . . . . . . . 5 3.3.2. Framed Stream Namespace . . . . . . . . . . . . . . . 5
3.3.3. Stream Frames . . . . . . . . . . . . . . . . . . . . 5 3.3.3. Stream Frames . . . . . . . . . . . . . . . . . . . . 5
3.4. Stream Initiation . . . . . . . . . . . . . . . . . . . . 6 3.4. Stream Initiation . . . . . . . . . . . . . . . . . . . . 6
3.5. Stream Errors . . . . . . . . . . . . . . . . . . . . . . 6 3.5. Stream Errors . . . . . . . . . . . . . . . . . . . . . . 7
3.6. Closing the Connection . . . . . . . . . . . . . . . . . 7 3.6. Closing the Connection . . . . . . . . . . . . . . . . . 7
3.6.1. see-other-uri . . . . . . . . . . . . . . . . . . . . 8 3.6.1. see-other-uri . . . . . . . . . . . . . . . . . . . . 8
3.7. Stream Restarts . . . . . . . . . . . . . . . . . . . . . 8 3.7. Stream Restarts . . . . . . . . . . . . . . . . . . . . . 9
3.8. Pings and Keepalives . . . . . . . . . . . . . . . . . . 8 3.8. Pings and Keepalives . . . . . . . . . . . . . . . . . . 9
3.9. Use of TLS . . . . . . . . . . . . . . . . . . . . . . . 9 3.9. Use of TLS . . . . . . . . . . . . . . . . . . . . . . . 9
3.10. Stream Management . . . . . . . . . . . . . . . . . . . . 9 3.10. Stream Management . . . . . . . . . . . . . . . . . . . . 10
4. Discovering the WebSocket Connection Method . . . . . . . . . 9 4. Discovering the WebSocket Connection Method . . . . . . . . . 10
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.1. WebSocket Subprotocol Name . . . . . . . . . . . . . . . 10 5.1. WebSocket Subprotocol Name . . . . . . . . . . . . . . . 11
5.2. URN Sub-Namespace . . . . . . . . . . . . . . . . . . . . 10 5.2. URN Sub-Namespace . . . . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12
6.1. Intermediary Services . . . . . . . . . . . . . . . . . . 11 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 7.1. Normative References . . . . . . . . . . . . . . . . . . 13
7.1. Normative References . . . . . . . . . . . . . . . . . . 11 7.2. Informative References . . . . . . . . . . . . . . . . . 13
7.2. Informative References . . . . . . . . . . . . . . . . . 12 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 14
Appendix A. XML Schema . . . . . . . . . . . . . . . . . . . . . 13 Appendix B. XML Schema . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
Applications using the Extensible Messaging and Presence Protocol To date, applications using the Extensible Messaging and Presence
(XMPP) (see [RFC6120] and [RFC6121]) on the Web currently make use of Protocol (XMPP) (see [RFC6120] and [RFC6121]) on the Web have made
BOSH (see [XEP-0124] and [XEP-0206]), an XMPP binding to HTTP. BOSH use of BOSH (see [XEP-0124] and [XEP-0206]), an XMPP binding to HTTP.
is based on the HTTP long polling technique, and it suffers from high BOSH is based on the HTTP long polling technique, and it suffers from
transport overhead compared to XMPP's native binding to TCP. In high transport overhead compared to XMPP's native binding to TCP. In
addition, there are a number of other known issues with long polling addition, there are a number of other known issues with long polling
[RFC6202], which have an impact on BOSH-based systems. [RFC6202], which have an impact on BOSH-based systems.
It would be much better in most circumstances to avoid tunneling XMPP It would be much better in most circumstances to avoid tunneling XMPP
over HTTP long polled connections and instead use the XMPP protocol over HTTP long polled connections and instead use the XMPP protocol
directly. However, the APIs and sandbox that browsers have provided directly. However, the APIs and sandbox that browsers have provided
do not allow this. The WebSocket protocol [RFC6455] exists to solve do not allow this. The WebSocket protocol [RFC6455] exists to solve
these kinds of problems and is a bidirectional protocol that provides these kinds of problems and is a bidirectional protocol that provides
a simple message-based framing layer over raw sockets, allowing for a simple message-based framing layer, allowing for more robust and
more robust and efficient communication in web applications. efficient communication in web applications.
The WebSocket protocol enables two-way communication between a client The WebSocket protocol enables two-way communication between a client
and a server, effectively emulating TCP at the application layer and and a server, effectively emulating TCP at the application layer and
therefore overcoming many of the problems with existing long-polling therefore overcoming many of the problems with existing long-polling
techniques for bidirectional HTTP. This document defines a WebSocket techniques for bidirectional HTTP. This document defines a WebSocket
sub-protocol for XMPP. sub-protocol for XMPP.
The WebSocket binding for XMPP is designed for use by browser-based
applications (e.g., XMPP clients written in JavaScript). These
applications typically are used to access the same information and
communication opportunities (e.g., the same XMPP "roster" of
contacts) as clients that access connect to an XMPP server over the
TCP binding defined in [RFC6120]. Although the only essential
difference is the underlying transport binding, relevant implications
(e.g., framing methods and discovery processes) are highlighted in
this specification.
2. Terminology 2. Terminology
The basic unit of framing in the WebSocket protocol is called a The basic unit of framing in the WebSocket protocol is called a
message. In XMPP, the basic unit is the stanza, which is a subset of message. In XMPP, the basic unit is the stanza, which is a subset of
the first-level children of each document in an XMPP stream (see the first-level children of each document in an XMPP stream (see
Section 9 of [RFC6120]). XMPP also has a concept of messages, which Section 9 of [RFC6120]). XMPP also has a concept of messages, which
are stanzas with a top-level element of <message/>. In this are stanzas with a top-level element of <message/>. In this
document, the word "message" will mean a WebSocket message, not an document, the word "message" will mean a WebSocket message, not an
XMPP message stanza, unless otherwise noted. XMPP message stanza, unless otherwise noted.
skipping to change at page 3, line 37 skipping to change at page 3, line 47
[RFC2119]. [RFC2119].
3. XMPP Sub-Protocol 3. XMPP Sub-Protocol
3.1. Handshake 3.1. Handshake
The XMPP sub-protocol is used to transport XMPP over a WebSocket The XMPP sub-protocol is used to transport XMPP over a WebSocket
connection. The client and server agree to this protocol during the connection. The client and server agree to this protocol during the
WebSocket handshake (see Section 1.3 of [RFC6455]). WebSocket handshake (see Section 1.3 of [RFC6455]).
During the WebSocket handshake, the client MUST include the During the WebSocket handshake, the client MUST include the value
value |xmpp| in the list of protocols for the |Sec-WebSocket- 'xmpp' in the list of protocols for the 'Sec-WebSocket-Protocol'
Protocol| header. The reply from the server MUST also contain |xmpp| header. The reply from the server MUST also contain 'xmpp' in its
in its own |Sec-WebSocket-Protocol| header in order for an XMPP sub- own 'Sec-WebSocket-Protocol' header in order for an XMPP sub-protocol
protocol connection to be established. connection to be established.
Once the handshake is complete, WebSocket messages sent or received If a client receives a handshake response that does not include
will conform to the protocol defined in the rest of this document. 'xmpp' in the 'Sec-WebSocket-Protocol' header, then a XMPP sub-
protocol WebSocket connection was not established and the client MUST
close the WebSocket connection.
Once the handshake has successfully completed, WebSocket messages
sent or received MUST conform to the protocol defined in the rest of
this document.
The following is an example of a WebSocket handshake, followed by
opening an XMPP stream:
C: GET /xmpp-websocket HTTP/1.1 C: GET /xmpp-websocket HTTP/1.1
Host: example.com Host: example.com
Upgrade: websocket Upgrade: websocket
Connection: Upgrade Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com Origin: http://example.com
... ...
Sec-WebSocket-Protocol: xmpp Sec-WebSocket-Protocol: xmpp
Sec-WebSocket-Version: 13 Sec-WebSocket-Version: 13
skipping to change at page 4, line 41 skipping to change at page 5, line 7
xml:lang="en" xml:lang="en"
version="1.0" /> version="1.0" />
3.2. WebSocket Messages 3.2. WebSocket Messages
Data frame messages in the XMPP sub-protocol MUST be of the text type Data frame messages in the XMPP sub-protocol MUST be of the text type
and contain UTF-8 encoded data. and contain UTF-8 encoded data.
3.3. XMPP Framing 3.3. XMPP Framing
The WebSocket XMPP sub-protocol deviates from the standard method of The framing method for the binding of XMPP to WebSocket differs from
constructing and using XML streams as defined in [RFC6120] by the framing method for the TCP binding as defined in [RFC6120]; in
adopting the message framing provided by WebSocket to delineate the particular, the WebSocket binding adopts the message framing provided
stream open and close headers, stanzas, and other top-level stream by WebSocket to delineate the stream open and close headers, stanzas,
elements. and other top-level stream elements.
3.3.1. Framed XML Stream 3.3.1. Framed XML Stream
The start of a framed XML stream is marked by the use of an opening The start of a framed XML stream is marked by the use of an opening
"stream header" which is an <open/> element with the appropriate "stream header" which is an <open/> element with the appropriate
attributes and namespace declarations (see Section 3.3.2). The attributes and namespace declarations (see Section 3.3.2). The
attributes of the <open/> element are the same as those of the attributes of the <open/> element are the same as those of the
<stream/> element defined defined for the 'http://etherx.jabber.org/ <stream/> element defined defined for the 'http://etherx.jabber.org/
streams' namespace in [RFC6120] and with the same semantics and streams' namespace in [RFC6120] and with the same semantics and
restrictions. restrictions.
skipping to change at page 5, line 34 skipping to change at page 5, line 48
that receives the offending stream header MUST close the stream with that receives the offending stream header MUST close the stream with
an error, which MUST be <invalid-namespace> (see Section 4.9.3.10 of an error, which MUST be <invalid-namespace> (see Section 4.9.3.10 of
[RFC6120]). [RFC6120]).
3.3.3. Stream Frames 3.3.3. Stream Frames
The individual frames of a framed XML stream have a one-to-one The individual frames of a framed XML stream have a one-to-one
correspondence with WebSocket messages, and MUST be parsable as correspondence with WebSocket messages, and MUST be parsable as
standalone XML documents, complete with all relevant namespace and standalone XML documents, complete with all relevant namespace and
language declarations. The inclusion of XML declarations, however, language declarations. The inclusion of XML declarations, however,
is NOT RECOMMENDED as WebSocket messages are already mandated to be is NOT RECOMMENDED, as WebSocket messages are already mandated to be
UTF-8 encoded and therefore would only add a constant size overhead UTF-8 encoded. Inclusions of declarations would only add a constant
to each message. size overhead to each message.
The first character of each frame MUST be a '<' character. The first character of each frame MUST be a '<' character.
Every XMPP stanza or other XML element (including the stream open and Every XMPP stanza or other XML element (including the stream open and
close headers) sent directly over the XML stream MUST be sent in its close headers) sent directly over the XML stream MUST be sent in its
own frame. own frame.
Example of a WebSocket message that contains an independently Example of a WebSocket message that contains an independently
parsable XML document: parsable XML document:
skipping to change at page 6, line 22 skipping to change at page 6, line 34
-- OR -- -- OR --
<error xmlns="http://etherx.jabber.org/streams"> <error xmlns="http://etherx.jabber.org/streams">
<host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</error> </error>
3.4. Stream Initiation 3.4. Stream Initiation
The first message sent after the WebSocket opening handshake MUST be The first message sent after the WebSocket opening handshake MUST be
from the initiating entity, and MUST be an <open/> element qualified from the initiating entity, and MUST be an <open/> element qualified
by the "urn:ietf:params:xml:ns:xmpp-framing" namespace and with the by the 'urn:ietf:params:xml:ns:xmpp-framing' namespace and with the
same attributes mandated for the <stream> opening tag as described in same attributes mandated for the <stream> opening tag as described in
Section 4.7 of [RFC6120]. Section 4.7 of [RFC6120].
The receiving entity MUST respond with either an <open /> element The receiving entity MUST respond with either an <open /> element
(whose attributes match those described in Section 4.7 of [RFC6120]) (whose attributes match those described in Section 4.7 of [RFC6120])
or a <close /> element (see Section 3.6.1). or a <close /> element (see Section 3.6.1).
An example of a successful stream initiation exchange: An example of a successful stream initiation exchange:
C: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing" C: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing"
skipping to change at page 6, line 46 skipping to change at page 7, line 9
S: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing" S: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing"
from="example.com" from="example.com"
id="++TR84Sm6A3hnt3Q065SnAbbk3Y=" id="++TR84Sm6A3hnt3Q065SnAbbk3Y="
xml:lang="en" xml:lang="en"
version="1.0" /> version="1.0" />
Clients MUST NOT multiplex XMPP streams over the same WebSocket. Clients MUST NOT multiplex XMPP streams over the same WebSocket.
3.5. Stream Errors 3.5. Stream Errors
Stream level errors in XMPP are terminal. Should such an error Stream level errors in XMPP are fatal. Should such an error occur,
occur, the server MUST send the stream error as a complete element in the server MUST send the stream error as a complete element in a
a message to the client. message to the client.
If the error occurs during the opening of a stream, the server MUST If the error occurs during the opening of a stream, the server MUST
send the initial open element response, followed by the stream level send the initial open element response, followed by the stream level
error in a second WebSocket message frame. The server MUST then error in a second WebSocket message frame. The server MUST then
close the connection as specified in Section 3.6. close the connection as specified in Section 3.6.
3.6. Closing the Connection 3.6. Closing the Connection
The closing process for the XMPP sub-protocol mirrors that of the The closing process for the XMPP sub-protocol mirrors that of the
XMPP TCP binding as defined in Section 4.4 of [RFC6120], except that XMPP TCP binding as defined in Section 4.4 of [RFC6120], except that
skipping to change at page 8, line 9 skipping to change at page 8, line 35
If the WebSocket connection is closed or broken without the XMPP If the WebSocket connection is closed or broken without the XMPP
stream having been closed first, then the XMPP stream is considered stream having been closed first, then the XMPP stream is considered
implicitly closed and the XMPP session ended; however, if the use of implicitly closed and the XMPP session ended; however, if the use of
stream management resumption was negotiated (see [XEP-0198]), the stream management resumption was negotiated (see [XEP-0198]), the
server SHOULD consider the XMPP session still alive for a period of server SHOULD consider the XMPP session still alive for a period of
time based on server policy as specified in [XEP-0198]. time based on server policy as specified in [XEP-0198].
3.6.1. see-other-uri 3.6.1. see-other-uri
If the server wishes at any point to instruct the client to move to a If the server (or a connection manager intermediary) wishes at any
different WebSocket endpoint (e.g. for load balancing purposes), the point to instruct the client to move to a different WebSocket
server MAY send a <close/> element and set the "see-other-uri" endpoint (e.g., for load balancing purposes), then a <close/> element
attribute to the URI of the new connection endpoint (which MAY be for is sent with the 'see-other-uri' attribute set to the URI of the new
a different transport method, such as BOSH (see [XEP-0124] and connection endpoint (which MAY be for a different transport method,
[XEP-0206]). such as BOSH (see [XEP-0124] and [XEP-0206])).
Clients MUST NOT accept suggested endpoints with a lower security Clients MUST NOT accept suggested endpoints with a lower security
context (e.g. moving from a "wss://" endpoint to a "ws://" or "http:/ context (e.g., moving from a 'wss://' endpoint to a 'ws://' or 'http:
/" endpoint). //' endpoint).
An example of the server closing a stream and instructing the client An example of the server closing a stream and instructing the client
to connect at a different WebSocket endpoint: to connect at a different WebSocket endpoint:
S: <close xmlns="urn:ietf:params:xml:ns:xmpp-framing" S: <close xmlns="urn:ietf:params:xml:ns:xmpp-framing"
see-other-uri="wss://otherendpoint.example/xmpp-bind" /> see-other-uri="wss://otherendpoint.example/xmpp-bind" />
3.7. Stream Restarts 3.7. Stream Restarts
Whenever a stream restart is mandated, both the server and client Whenever a stream restart is mandated (see Section 4.3.3 of
streams are implicitly closed and new streams MUST be opened, using [RFC6120]), both the server and client streams are implicitly closed
the same process as in Section 3.4. The client MUST send a new and new streams MUST be opened, using the same process as in
stream <open/> element and MUST NOT send a closing <close/> element. Section 3.4.
The client MUST send a new stream <open/> element and MUST NOT send a
closing <close/> element.
An example of restarting the stream after successful SASL An example of restarting the stream after successful SASL
negotiation: negotiation:
S: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" /> S: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
[Streams implicitly closed] [Streams implicitly closed]
C: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing" C: <open xmlns="urn:ietf:params:xml:ns:xmpp-framing"
to="example.com" to="example.com"
version="1.0" /> version="1.0" />
3.8. Pings and Keepalives 3.8. Pings and Keepalives
Traditionally, XMPP servers and clients often send "whitespace Traditionally, XMPP servers and clients often send "whitespace
keepalives" (see Section 4.6.1 of [RFC6120]) between stanzas to keepalives" (see Section 4.6.1 of [RFC6120]) between stanzas to
maintain an XML stream. However, for the XMPP sub-protocol, each maintain an XML stream. However, for the XMPP sub-protocol each
message is required to start with a '<' character, and as such message is required to start with a '<' character, and, as such,
whitespace keepalives MUST NOT be used. whitespace keepalives MUST NOT be used.
As alternatives, the XMPP Ping extension [XEP-0199] and the XMPP As alternatives, the XMPP Ping extension [XEP-0199] and the XMPP
Stream Management extension [XEP-0198] provide pinging mechanisms. Stream Management extension [XEP-0198] provide pinging mechanisms.
The use of either of these extensions (or both) MAY be used to Either of these extensions (or both) MAY be used to determine the
determine the state of the connection. state of the connection.
Clients and servers MAY also use WebSocket ping control frames for Clients and servers MAY also use WebSocket ping control frames for
this purpose, but note that some environments, such as browsers, do this purpose, but note that some environments, such as browsers, do
not provide access for generating or monitoring ping control frames. not provide access for generating or monitoring ping control frames.
3.9. Use of TLS 3.9. Use of TLS
TLS cannot be used at the XMPP sub-protocol layer because the sub- TLS cannot be used at the XMPP sub-protocol layer because the sub-
protocol does not allow for raw binary data to be sent. Instead, protocol does not allow for raw binary data to be sent. Instead,
when TLS is used, it MUST be enabled the WebSocket layer using secure when TLS is used, it MUST be enabled at the WebSocket layer using
WebSocket connections via the |wss| URI scheme. (See Section 10.6 of secure WebSocket connections via the 'wss' URI scheme. (See
[RFC6455].) Section 10.6 of [RFC6455].)
Because TLS is to be provided outside of the XMPP sub-protocol layer, Because TLS is to be provided outside of the XMPP sub-protocol layer,
a server MUST NOT advertise TLS as a stream feature (see Section 4.6 a server MUST NOT advertise TLS as a stream feature (see Section 4.6
of [RFC6120]), and a client MUST ignore any advertised TLS stream of [RFC6120]) when using the XMPP sub-protocol. Likewise, a client
feature, when using the XMPP sub-protocol. MUST ignore any advertised TLS stream feature when using the XMPP
sub-protocol.
3.10. Stream Management 3.10. Stream Management
In order to alleviate the problems of temporary disconnections, the In order to alleviate the problems of temporary disconnections, the
XMPP Stream Management extension [XEP-0198] MAY be used to confirm client MAY use the XMPP Stream Management extension [XEP-0198] to
when stanzas have been received by the server. confirm when stanzas have been received by the server.
In particular, the use of session resumption in [XEP-0198] MAY be In particular, the client MAY use session resumption in [XEP-0198] to
used to allow for recreating the same stream session state after a recreate the same stream session state after a temporary network
temporary network unavailability or after navigating to a new URL in unavailability or after navigating to a new URL in a browser.
a browser.
4. Discovering the WebSocket Connection Method 4. Discovering the WebSocket Connection Method
Section 3 of [RFC6120] defines a procedure for connecting to an XMPP Section 3 of [RFC6120] defines a procedure for connecting to an XMPP
server, including ways to discover the TCP/IP address and port of the server, including ways to discover the TCP/IP address and port of the
server. When using the WebSocket binding as specified in this server using Domain Name System service (DNS SRV) records [RFC2782].
document (instead of the TCP binding as specified in [RFC6120]), a When using the WebSocket binding as specified in this document
client needs an alternative way to discover information about the (instead of the TCP binding as specified in [RFC6120]), a client
server's connection methods, since web browsers and other WebSocket- needs an alternative way to discover information about the server's
capable software applications typically cannot obtain such connection methods, since web browsers and other WebSocket-capable
information from the Domain Name System. software applications typically cannot obtain such information from
the DNS.
The alternative lookup process uses Web Host Metadata [RFC6415] and The alternative lookup process uses Web Host Metadata [RFC6415] and
Web Linking [RFC5988], where the link relation type is "urn:xmpp:alt- Web Linking [RFC5988], where the link relation type is "urn:xmpp:alt-
connections:websocket" as described in Discovering Alternate XMPP connections:websocket" as described in Discovering Alternate XMPP
Connection Methods [XEP-0156]. An example follows. Connection Methods [XEP-0156]. Conceptually, the host-meta lookup
process used for the WebSocket binding is analogous to the DNS SRV
lookup process used for the TCP binding. The process is as follows.
<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'> 1. Send a request over secure HTTP to the path "/.well-known/host-
<Link rel="urn:xmpp:alt-connections:websocket" meta" at an HTTP origin [RFC6454] that matches the XMPP service
href="wss://webcm.example.net:443/ws" /> domain (e.g., a URL of "https://im.example.org/.well-known/host-
</XRD> meta" if the XMPP service domain is "im.example.org").
2. Retrieve a host-meta document specifying a link relation type of
"urn:xmpp:alt-connections:websocket", such as:
<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
<Link rel="urn:xmpp:alt-connections:websocket"
href="wss://im.example.org:443/ws" />
</XRD>
Servers MAY expose discovery information using host-meta documents, Servers MAY expose discovery information using host-meta documents,
and clients MAY use such information to determine the WebSocket and clients MAY use such information to determine the WebSocket
endpoint for a server. endpoint for a server.
Use of web-host metadata MAY be used to establish trust between the In cases where the XMPP service domain does not match the web origin
XMPP server domain and the WebSocket endpoint, particularly in multi- of the WebSocket endpoint, the Web-host metadata MAY be used to
tenant situations where the same WebSocket endpoint is serving establish trust between the XMPP server domain and the WebSocket
multiple XMPP domains. endpoint as long as the host-meta request and response occurred over
secure HTTP; this is especially relevant in multi-tenant situations
where the same WebSocket endpoint is serving multiple XMPP domains
(e.g., the XMPP service domains for both "example.com" and
"im.example.org" might be serviced by the same WebSocket endpoint at
"hosting.example.net"). See Section 6 for related discussion.
5. IANA Considerations 5. IANA Considerations
5.1. WebSocket Subprotocol Name 5.1. WebSocket Subprotocol Name
This specification requests IANA to register the WebSocket XMPP sub- This specification requests IANA to register the WebSocket XMPP sub-
protocol under the "WebSocket Subprotocol Name" Registry with the protocol under the "WebSocket Subprotocol Name" Registry with the
following data: following data:
Subprotocol Identifier: xmpp Subprotocol Identifier: xmpp
skipping to change at page 11, line 11 skipping to change at page 12, line 11
defined by RFC XXXX. defined by RFC XXXX.
Registrant Contact: IESG <iesg@ietf.org> Registrant Contact: IESG <iesg@ietf.org>
6. Security Considerations 6. Security Considerations
Since application level TLS cannot be used (see Section 3.9), Since application level TLS cannot be used (see Section 3.9),
applications need to protect the privacy of XMPP traffic at the applications need to protect the privacy of XMPP traffic at the
WebSocket or other appropriate layer. WebSocket or other appropriate layer.
Browser based applications are not able to inspect and verify at the Browser-based applications are not able to inspect and verify, at the
application layer the certificate used for the WebSocket connection application layer, the certificate used for the WebSocket connection
to ensure that it corresponds to the domain specified as the "to" to ensure that it corresponds to the domain specified as the 'to'
address of the XMPP stream. For hosts whose domain matches the address of the XMPP stream. There are two cases:
origin for the WebSocket connection, that check is already performed
by the browser. However, in situations where the domain of the XMPP
server might not match the origin for the WebSocket endpoint
(especially multi-tenant hosting situations), the web host metadata
method (see [RFC6415] and [XEP-0156]) MAY be used to delegate trust
from the XMPP server domain to the WebSocket origin.
When presented with a new WebSocket endpoint via the "see-other-uri" 1. If the XMPP service domain matches the origin for the WebSocket
connection, the relevant check is already performed by the
browser. For example, the XMPP service domain might be
"foo.example" and the WebSocket endpoint discovered for the link
relation type of "urn:xmpp:alt-connections:websocket" might be
"wss://foo.example/websocket". As long as the certificate
provided over WebSocket or HTTPS is verified according to the
rules defined for secure HTTP [RFC2818], then the browser will
report the successful establishment of a secure connection to the
application. (However, as noted, the application is still not
able to independently inspect and verify the certificate, and
needs to trust the browser; this is a limitation of existing
browser technologies, and thus cannot be worked around by
WebSocket applications.)
2. In situations where the domain of the XMPP server does not match
the web origin of the WebSocket endpoint (such as multi-tenant
hosting situations, the host-meta process described under
Section 4) MAY be used to delegate trust from the XMPP server
domain to the WebSocket origin, as long as the host-meta request
and response occurred over secure HTTP (with appropriate
certificate verification as defined in [RFC2818]).
When presented with a new WebSocket endpoint via the 'see-other-uri'
attribute of a <close/> element, clients MUST NOT accept the attribute of a <close/> element, clients MUST NOT accept the
suggestion if the security context of the new endpoint is lower than suggestion if the security context of the new endpoint is lower than
the current one in order to prevent downgrade attacks from a "wss://" the current one in order to prevent downgrade attacks from a 'wss://'
endpoint to "ws://". endpoint to 'ws://'.
The Security Considerations for both WebSocket (see Section 10 of The Security Considerations for both WebSocket (see Section 10 of
[RFC6455] and XMPP (see Section 13 of [RFC6120]) apply to the [RFC6455]) and XMPP (see Section 13 of [RFC6120]) apply to the
WebSocket XMPP sub-protocol. WebSocket XMPP sub-protocol.
6.1. Intermediary Services
If the XMPP over WebSocket endpoint is provided as an intermediary
service between a backend XMPP service and the client, then it SHOULD
encrypt its connection to the backend XMPP service using any
available and appropriate technologies, such as TLS and StartTLS.
If data privacy is desired, a client SHOULD encrypt its messages
using an application specific end-to-end encryption technology, as
there is no way for the client to ensure that the XMPP over WebSocket
service is using an encryped connection to the backend XMPP service.
Methods for doing so are beyond the scope of this specification.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC5988] Nottingham, M., "Web Linking", RFC 5988, October 2010.
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 6120, March 2011. Protocol (XMPP): Core", RFC 6120, March 2011.
[RFC6415] Hammer-Lahav, E. and B. Cook, "Web Host Metadata", RFC
6415, October 2011.
[RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC [RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC
6455, December 2011. 6455, December 2011.
7.2. Informative References 7.2. Informative References
[RFC5988] Nottingham, M., "Web Linking", RFC 5988, October 2010. [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
February 2000.
[RFC6121] Saint-Andre, P., "Extensible Messaging and Presence [RFC6121] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Instant Messaging and Presence", RFC Protocol (XMPP): Instant Messaging and Presence", RFC
6121, March 2011. 6121, March 2011.
[RFC6202] Loreto, S., Saint-Andre, P., Salsano, S., and G. Wilkins, [RFC6202] Loreto, S., Saint-Andre, P., Salsano, S., and G. Wilkins,
"Known Issues and Best Practices for the Use of Long "Known Issues and Best Practices for the Use of Long
Polling and Streaming in Bidirectional HTTP", RFC 6202, Polling and Streaming in Bidirectional HTTP", RFC 6202,
April 2011. April 2011.
[RFC6415] Hammer-Lahav, E. and B. Cook, "Web Host Metadata", RFC [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, December
6415, October 2011. 2011.
[XEP-0124] [XEP-0124]
Paterson, I., Smith, D., Saint-Andre, P., Moffitt, J., and Paterson, I., Smith, D., Saint-Andre, P., Moffitt, J., and
L. Stout, "Bidirectional-streams Over Synchronous HTTP L. Stout, "Bidirectional-streams Over Synchronous HTTP
(BOSH)", XSF XEP 0124, November 2013. (BOSH)", XSF XEP 0124, November 2013.
[XEP-0156] [XEP-0156]
Hildebrand, J., Saint-Andre, P., and L. Stout, Hildebrand, J., Saint-Andre, P., and L. Stout,
"Discovering Alternative XMPP Connection Methods", XSF XEP "Discovering Alternative XMPP Connection Methods", XSF XEP
0156, January 2014. 0156, January 2014.
skipping to change at page 13, line 12 skipping to change at page 14, line 24
Paterson, I., Saint-Andre, P., and L. Stout, "XMPP Over Paterson, I., Saint-Andre, P., and L. Stout, "XMPP Over
BOSH", XSF XEP 0206, November 2013. BOSH", XSF XEP 0206, November 2013.
[XML-SCHEMA] [XML-SCHEMA]
Thompson, H., Maloney, M., Mendelsohn, N., and D. Beech, Thompson, H., Maloney, M., Mendelsohn, N., and D. Beech,
"XML Schema Part 1: Structures Second Edition", World Wide "XML Schema Part 1: Structures Second Edition", World Wide
Web Consortium Recommendation REC-xmlschema-1-20041028, Web Consortium Recommendation REC-xmlschema-1-20041028,
October 2004, October 2004,
<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>. <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
Appendix A. XML Schema Appendix A. Acknowledgements
The authors wish to thank the following individuals for their
feedback: Andreas Guth, Bjoern Hoerhmann, Dave Cridland, Florian
Zeitz, Kurt Zeilenga, Matt Miller, Matthew Wild, Paul Aurich, Sergey
Dobrov, Waqas Hussain.
Dan Romascanu reviewed the document on behalf of the General Area
Review Team.
During IESG review, Barry Leiba Benoit Claise, Dan Romasanu, Jari
Arkko, Juergen Schoenwaelder, Spencer Dawkins, Stephen Farrell, Ted
Lemon, Kathleen Moriarty, Pete Resnick caught several issues that
needed to be addressed.
The authors gratefully acknowledge the assistance of Peter Saint-
Andre as document shepherd, Ben Campbell and Joe Hildebrand as the
working group chairs, and Richard Barnes as the sponsoring Area
Director.
Appendix B. XML Schema
The following schema formally defines the 'urn:ietf:params:xml:ns The following schema formally defines the 'urn:ietf:params:xml:ns
:xmpp-framing' namespace used in this document, in conformance with :xmpp-framing' namespace used in this document, in conformance with
W3C XML Schema [XML-SCHEMA]. Because validation of XML streams and W3C XML Schema [XML-SCHEMA]. Because validation of XML streams and
stanzas is optional, this schema is not normative and is provided for stanzas is optional, this schema is not normative and is provided for
descriptive purposes only. descriptive purposes only.
<?xml version='1.0' encoding='UTF-8'?> <?xml version='1.0' encoding='UTF-8'?>
<xs:schema <xs:schema
xmlns:xs='http://www.w3.org/2001/XMLSchema' xmlns:xs='http://www.w3.org/2001/XMLSchema'
targetNamespace='urn:ietf:params:xml:ns:xmpp-framing' targetNamespace='urn:ietf:params:xml:ns:xmpp-framing'
xmlns='urn:ietf:params:xml:ns:xmpp-framing' xmlns='urn:ietf:params:xml:ns:xmpp-framing'
elementFormDefault='unqualified'> elementFormDefault='unqualified'>
<xs:element name='open'> <xs:element name='open'>
<xs:complexType> <xs:complexType>
<xs:simpleContent> <xs:simpleContent>
<xs:extension base='empty'> <xs:extension base='empty'>
 End of changes. 41 change blocks. 
121 lines changed or deleted 191 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/