We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byChristopher Walton
Modified over 2 years ago
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to XMPP Joe Hildebrand
© 2010 Cisco Systems, Inc. All rights reserved. 2 What is XMPP? eXtensible Messaging and Presence Protocol Bi-directional streaming XML Core: IETF RFC 3920, Extensions: XMPP Standards Foundation (XSF) –Membership-based –Elected technical council –Unit of work: XMPP Extension Protocol (XEP) –Process: Experimental, Proposed, Draft, Final Goals: –Simple clients –Federate everything
© 2010 Cisco Systems, Inc. All rights reserved. 3 XMPP Architecture Addressing Scheme: –JID = Jabber ID –Node: identity, e.g. user name –Domain: DNS domain name –Resource: device identifier identifies a person Client talks to local server –Wherever the user account is hosted –Tied to directory if desired –Organizational policy enforced Servers talk to other servers –DNS lookup on domain portion of address –Dialback, MTLS for security –One connection for many conversations
© 2010 Cisco Systems, Inc. All rights reserved Arlington VA XML Refresher Element Attribute Namespace Language Text
© 2010 Cisco Systems, Inc. All rights reserved. 5 XMPP Streams Client connects TCP socket to server Client sends stream start tag: Server sends stream start tag back: Each child element of stream a stanza Note: NOT an element
© 2010 Cisco Systems, Inc. All rights reserved. 6 Stream features After stream start, server sends feature list: DIGEST-MD5 zlib Client can negotiate any of these features
© 2010 Cisco Systems, Inc. All rights reserved. 7 Security Stuff Start-TLS –Prove the identity of the server –Prove the identity of the user (optional) –Encryption –Data integrity SASL (RFC 4422)RFC 4422 –Authentication –Optional encryption (rarely used) –Pluggable (e.g. passwords, Kerberos, X.509, SAML, etc.)
© 2010 Cisco Systems, Inc. All rights reserved. 8 Stanzas All have to='JID' and from='JID' addresses –To gives destination –From added by local server Each stanza routed separately All contents of stanza passed along Extend with any XML from your namespace Different types for delivery semantics : one direction, one recipient : one direction, publish to many : "info/query", request/response
© 2010 Cisco Systems, Inc. All rights reserved. 9 Message Example: Wherefore art thou, Romeo? Types: chat, groupchat, headline, error Body: plain text XHTML IM: XEP-0071XEP-0071
© 2010 Cisco Systems, Inc. All rights reserved. 10 Presence Example: dnd Meeting 1 Show: chat, available, away, xa, dnd Status: Human-readable text Priority: Which resource "most available"?
© 2010 Cisco Systems, Inc. All rights reserved. 11 IQ Request Example: Type: get, set, result, error ID: track the corresponding response Query/Namespace: what type of request?
© 2010 Cisco Systems, Inc. All rights reserved. 12 IQ Response (Roster) Example: Friends Type: response ID matches request Subscription state: none, to, from, both
© 2010 Cisco Systems, Inc. All rights reserved. 13 Subscribing to Presence Send a subscription request: Approving a request: Every time you change a subscription, you get a "roster push":
© 2010 Cisco Systems, Inc. All rights reserved. 14 Extensibility Example: Message Use a new namespace Key: if you don't understand it, ignore it Example, CAP, XEP-0127: KSTO T14:57:00-07:00 Met SEVERE THUNDERSTORM... XEP-0127
© 2010 Cisco Systems, Inc. All rights reserved. 15 Extensibility Example: Presence Keep presence stanzas small Example: Entity Capabilities, XEP-0115: XEP-0115 Ver attribute is hash of all features of this client Hash -> Feature list is cached
© 2010 Cisco Systems, Inc. All rights reserved. 16 XMPP Extensions Many already exist: Add new ones –Custom: use a namespace you control, make up protocol –Standardized: write a XEP. It's straightforward, and we'll help
© 2010 Cisco Systems, Inc. All rights reserved. 17 Federation: DNS Starts with: non-local domain in to address Look up this DNS SRV record: _xmpp-server._tcp.domain Example: jabber.com: jabber.com. Priority: Which one to try first if multiple Weight: Within a priority, what percentage chance? Port: TCP port number Target: Machine to connect to
© 2010 Cisco Systems, Inc. All rights reserved. 18 Federation: Security Old-style: dialback –Connect back to domain claimed by initiator –Check secret claimed by initiator –"Someone said they were example.com; was that you?" New-style: Mutual TLS –Initiator presents "client" certificate –Responder presents "server" certificate –Both certificates signed by trusted CA All stanzas must have from with correct domain
© 2010 Cisco Systems, Inc. All rights reserved. 19 Bandwidth minimization TLS compression –Not implemented in all SSL/TLS stacks –Some want compression w/o encryption XEP-0138: Stream Compression XEP-0138 –Defines zlib mechanism (2-3x or more compression) –Others can be added –Concern: battery drain vs. radio transmission XEP-0198: Stanza Acknowledgements XEP-0198 –Quick reconnects –Avoid re-synchronizing state on startup Partial rosters Privacy lists Others being pursued
© 2010 Cisco Systems, Inc. All rights reserved. 20 Latency Most critical on startup –Several handshakes and stream restarts –Can be minimized by client assuming server configuration –Example: don't wait for Once running –Stanza size matters: try to stay under 8kB, take larger blocks out of band if possible –Configure federation to keep links open, first stanza will be slow –Beware of DoS protection, "karma"
© 2010 Cisco Systems, Inc. All rights reserved. 21 Reading List RFCs RFC –3920: Core3920 –3921: IM & Presence3921 –5122: XMPP URIs5122 XEP highlights XEP –4: Forms4 –30: Disco30 –45: Chat rooms45 –60: Pub/Sub60 –71: XHTML71 –115: Capabilities115 –163: PEP163
© 2010 Cisco Systems, Inc. All rights reserved. 22 Q and A
© 2010 Cisco Systems, Inc. All rights reserved. 23
1 A Tutorial on Web Security for E-Commerce. 2 Web Concepts for E-Commerce Client/Server Applications Communication Channels TCP/IP.
Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.
1 IETF Security Tutorial Radia Perlman Intel Labs July 2010
Microsoft ® Lync™ 2010 Instant Messaging and Presence Experience Module 07 Microsoft Corporation.
SIP Tutoiral A Tutorial on SIP Jonathan Rosenberg Chief Scientist.
Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
Introduction Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP)
Copyright 2011 John Wiley & Sons, Inc5 - 1 Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
1 OSI Transport Layer IT305: Computer Networks – Chapter 4.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
IRIS: an Intelligent Network capability set for Next Generation Networks Tony Rutkowski VeriSign Andrew Newton
Copyright 2005 John Cowan under GPL 1 RESTful Web Services An introduction to building Web Services without tears (i.e., without SOAP or WSDL) John Cowan.
Copyright © 2005, Alex Conn. All Rights Reserved. How Devices Shift Usage ParadigmsExpectations in a Converging Technology Arena Alex Paul Conn,
1 A Cloud Reference Framework … for discussion only … Please send comments and suggestions to Bhumip Khasnabish Friday,
Silberschatz, Galvin and Gagne ©2010 Operating System Concepts Essentials – 8 th Edition Chapter 16: Windows 7.
1 Liberty Specifications Tutorial Alexandre Stervinou Technical Consultant, RSA Security
1 GREY BOX TESTING Web Apps & Networking Session 1 Boris Grinberg
1 © 2007 Avaya Inc. All rights reserved. Understanding SIPs Role in Intelligent Communications Tom Doria Director – Avaya P2P Technical Business Development.
Tecnologia dei Servizi Grid e cloud computing - Lezione 005b 0 Lezione 5B - 18 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato.
CTO Office - Standards & System Management Architecture 1 Rick Landau CTO Office, Standards & System Management Architecture Sept 2007 Understanding Web.
LIS650 lecture 6 http and apache Thomas Krichel
LIS901N lecture 5: http URI and apache Thomas Krichel
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 5 1 Chapter 5: Implement Path Control CCNP ROUTE: Implementing IP.
SIP and Services 1 Blindsiders May 99 Lucent Technologies - Proprietary SIP A Platform for Providing Integrated Services Jonathan Rosenberg Bell Laboratories.
An Introduction to Distributed Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002
1 Computer Systems & Architecture Lesson 3 5. Designing the Architecture.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco PublicSCTE_IP_Basics 1 Dan Baum Systems Engineer Cisco [date] Understanding the Internet Protocol.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 9 Applications Copyright © 2010, Elsevier Inc. All rights Reserved.
© 2016 SlidePlayer.com Inc. All rights reserved.