|
CLIENTID is an open standard extension to the IMAP and SMTP protocols, normally used in conjunction with email authentication. By having the email client present an identifier that represents the software or client device attempting to connect, it allows the email server, or a user on an email server that supports CLIENTID to set policies based on the CLIENTID TOKEN that is provided. This information can be used for matching against ACL's or can be used as an additional token in legacy authentication methods, to provide a form of multi factor authentication. It's design is such that the email can act pass this information along transparently without human intervention, while retaining backwards compatability with older systems that do not yet support CLIENTID. CLIENTID is a semi-unique token, typically a UUID or other unique string chosen by the email client vendor and/or software, of a given CLIENTID TYPE. The CLIENTID TYPE is a string that is meant to represent the vendor's chose of CLIENTID token, which is also a string (See latest RFC's for more details) Typically passed as part of the email authentication handshakes, and only if the connection is secured (eg TLS or SSL) if the server advertises support for CLIENTID, the email client would present the CLIENTID token prior to performing authentication. The server can choose to act based on the CLIENTID token presented (eg an ACL may determine whether the token is permitted) or pass this information on to the authentication layer, which can determine if the use of the authentication credentials is permitted from that specific users' device based on internal logic, eg a person's email and password can only be presented from that person's personal devices, as previously set out by the user. Or, the system can simply alert the person that his email and address are being accessed from a new device. Designed to help prevent unauthorized persons who have access (stolen/leaked/phished) to a person's email and password with that information alone. Example Usage Support is available in IMAP and SMTP, this example is for an SMTP authentication over a secure connection (eg SSL on port 465) C: S: 220 server.example.com ESMTP ready C: EHLO client.example.net S: 250-server.example.com S: 250-AUTH LOGIN S: 250 CLIENTID C: CLIENTID UUID 23bf83be-aad7-46aa-9e0f-39191ccf402f S: 250 OK C: AUTH LOGIN dGVzdAB0ZXN0ADEyMzQ= S: 235 Authentication successful
|
|
|