| Communication protocol | |
 | |
| Purpose | Instant messaging |
|---|---|
| Introduction | 1999; 26 years ago (1999) |
| OSI layer | Application layer |
| Port(s) | TCP 5222, 5269, 8010 |
| RFC(s) | RFC 6120 (Core), RFC 6121 (IM & Presence), RFC 7622 (Address Format), RFC 3922 (CPIM), RFC 3923 (Encryption) |
| Website | xmpp |
Extensible Messaging and Presence Protocol (abbreviationXMPP, originally namedJabber[1]) is anopencommunication protocol designed forinstant messaging (IM),presence information, andcontact list maintenance.[2] Based onXML (Extensible Markup Language), it enables thenear-real-time exchange of structured data between two or more network entities.[3] Designed to beextensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm ofmessage-oriented middleware, including signalling forVoIP, video,file transfer,gaming and other uses.
Unlike most commercial instant messaging protocols, XMPP is defined in anopen standard in theapplication layer. The architecture of the XMPP network is similar toemail; anyone can run their own XMPP server and there is no central master server. Thisfederatedopen system approach allows users to interoperate with others on any server using a 'JID' user account, similar to an email address. XMPP implementations can be developed using any software license and many server, client, and library implementations are distributed asfree and open-source software. Numerousfreeware andcommercial software implementations also exist.
Originally developed by theopen-source community, the protocols were formalized as an approved instant messaging standard in 2004 and have been continuously developed with new extensions and features. Various XMPP client software are available on both desktop and mobile platforms and devices - by 2003 the protocol was used by over ten million people worldwide on the network, according to theXMPP Standards Foundation.[4][needs update]
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
Although the protocol has other uses, the primary application isFederatedInstant Messaging, to deliver a standardInstant Messaging and Presence Protocol, outlined below.
A client Alice ("alice@example.com") has a message for some other user, Beth ("beth@example.com"), and uses XMPP to convey this to the example.com server. If Beth is online, the server delivers the message instantly, otherwise it will be held for delivery later. If Beth is offline, this status is visible to Alice.
If the message is for a user on another server, Charles ("charles@example.net"), then the example.com server connects using XMPP to pass the message to the example.net server. The message is then similarly delivered or held, and Alice is informed of the status.
Following the initial message delivery, the end clients are in a "chat" and each party is subsequently informed of changes to the other's status.
The XMPP client communicates with the server over an SSL-encrypted TCP stream on port 5222. XMPP servers communicate with each other over an SSL-encrypted TCP stream on port 5269.[5]
The XMPP network architecture is reminiscent of theSimple Mail Transfer Protocol (SMTP), aclient–server model; clients do not talk directly to one another as it is decentralized - anyone can run a server. By design, there is no central authoritative server as there is with messaging services such asAIM,WLM,WhatsApp orTelegram. Some confusion often arises on this point as there is a public XMPP server being run atjabber.org, to which many users subscribe. However, anyone may run their own XMPP server on their own domain.
Every user on the network has a unique XMPP address, calledJabber ID.[6] The JID is structured like anemail address with a username and adomain name (orIP address[7]) for the server where that user resides, separated by anat sign (@) - for example, “alice@example.com“: herealice is the username andexample.com the server with which the user is registered.
Since a user may wish to log in from multiple locations, they may specify aresource. A resource identifies a particular client belonging to the user (for example home, work, or mobile). This may be included in the JID by appending a slash followed by the name of the resource. For example, the full JID of a user's mobile account could beusername@example.com/mobile.
Each resource may have specified a numerical value calledpriority. Messages simply sent tousername@example.com will go to the client with highest priority, but those sent tousername@example.com/mobile will goonly to the mobile client. The highest priority is the one with largest numerical value.
JIDs without a username part are also valid, and may be used for system messages and control of special features on the server. A resource remains optional for these JIDs as well.
The means to route messages based on a logical endpoint identifier - the JID, instead of by an explicit IP Address present opportunities to use XMPP as anOverlay network implementation on top of different underlay networks.[8]
The original and "native" transport protocol for XMPP isTransmission Control Protocol (TCP), using open-ended XML streams over long-lived TCP connections. As an alternative to the TCP transport, the XMPP community has also developed anHTTP transport for web clients as well as users behind restrictedfirewalls. In the original specification, XMPP could use HTTP in two ways:polling[9] andbinding. The polling method, now deprecated, essentially implies messages stored on a server-side database are being fetched (and posted) regularly by an XMPP client by way of HTTP 'GET' and 'POST' requests. The binding method, implemented usingBidirectional-streams Over Synchronous HTTP (BOSH),[10] allows servers to push messages to clients as soon as they are sent. This push model of notification is more efficient than polling, where many of the polls return no new data.
Because the client uses HTTP, most firewalls allow clients to fetch and post messages without any hindrances. Thus, in scenarios where the TCP port used by XMPP is blocked, a server can listen on the normal HTTP port and the traffic should pass without problems. Various websites let people sign into XMPP via a browser. Furthermore, there are open public servers that listen on standard http (port 80) and https (port 443) ports, and hence allow connections from behind most firewalls. However, the IANA-registered port for BOSH is actually 5280, not 80.
TheXMPP Standards Foundation or XSF (formerly the Jabber Software Foundation) is active in developing open XMPP extensions, so calledXEP.[11] However, extensions can also be defined by any individual, software project, or organization. To maintain interoperability, common extensions are managed by the XSF. XMPP applications beyond IM include:chat rooms,network management,content syndication, collaboration tools,file sharing, gaming, remote systems control and monitoring,geolocation,middleware andcloud computing, VoIP, and identity services.
Building on its capability to support discovery across localnetwork domains, XMPP is well-suited forcloud computing where virtual machines, networks, and firewalls would otherwise present obstacles to alternative service discovery and presence-based solutions. Cloud computing and storage systems rely on various forms of communication over multiple levels, including not only messaging between systems to relay state but also the migration or distribution of larger objects, such as storage or virtual machines. Along with authentication and in-transit data protection, XMPP can be applied at a variety of levels and may prove ideal as an extensible middleware orMessage-oriented middleware (MOM) protocol.
Since XML is text based, normal XMPP has a higher network overhead compared to purely binary solutions. This issue was being addressed by the experimental XEP-0322 Efficient XML Interchange (EXI) Format, where XML is serialized in an efficient binary manner, especially in schema-informed mode. This XEP is currently deferred.
In-band binary data transfer is limited.Binary data must be firstbase64 encoded before it can be transmitted in-band. Therefore, any significant amount of binary data (e.g.,file transfers) is best transmittedout-of-band, using in-band messages to coordinate. In most cases this is dealt with by using an attachment to a message and the widely implemented XEP-0363 HTTP File Upload mechanism. Voice and Video chat can be done via theJingle XMPP Extension Protocol, XEP-0166.
Using the extension calledJingle, XMPP can provide an open means to supportmachine-to-machine orpeer-to-peer communications across a diverse set of networks. This feature is mainly used forIP telephony (VoIP).
XMPP supports conferences with multiple users, using the specification Multi-User Chat (MUC) (XEP-0045). From the point of view of a normal user, it is comparable toInternet Relay Chat (IRC).
XMPP servers can be isolated (e.g., on a companyintranet), and secure authentication (SASL) and point-to-point encryption (TLS) have been built into the core XMPP specifications.
Off-the-Record Messaging (OTR) is an extension of XMPP enabling encryption of messages and data. It has since been replaced by a better extension, multi-end-to-multi-end encryption (OMEMO, XEP-0384) end-to-end encryption between users. This gives a higher level of security, by encrypting all data from the source client and decrypting again at the target client; the server operator cannot decrypt the data they are forwarding.
Messages can also be encrypted withOpenPGP, for example with the softwareGajim.
While severalservice discovery protocols exist today (such aszeroconf or theService Location Protocol), XMPP provides a solid base for the discovery of services residing locally or across a network, and the availability of these services (via presence information), as specified by XEP-0030 DISCO.[12]
One of the original design goals of the early Jabber open-source community was enabling users to connect to multiple instant messaging systems (especially non-XMPP systems) through a single client application. This was done through entities calledtransports orgateways to other instant messaging protocols likeICQ, AIM orYahoo Messenger, but also to protocols such asSMS,IRC oremail. Unlikemulti-protocol clients, XMPP provides this access at the server level by communicating via special gateway services running alongside an XMPP server. Any user can "register" with one of these gateways by providing the information needed to log on to that network, and can then communicate with users of that network as though they were XMPP users. Thus, such gateways function as client proxies (the gateway authenticates on the user's behalf on the non-XMPP service). As a result, any client that fully supports XMPP can access any network with a gateway without extra code in the client, and without the need for the client to have direct access to the Internet. However, the client proxy model may violateterms of service on the protocol used (although such terms of service are not legally enforceable in several countries) and also requires the user to send their IM username and password to the third-party site that operates the transport (which may raise privacy and security concerns).
Another type of gateway is a server-to-server gateway, which enables a non-XMPP server deployment to connect to native XMPP servers using the built in interdomain federation features of XMPP. Such server-to-server gateways are offered by several enterprise IM software products, including:
XMPP is implemented by many clients, servers, and code libraries.[16] These implementations are provided under a variety of software licenses.
Numerous XMPP server software exist, some well known ones includeejabberd andProsody.
A large number of XMPP client software exist on various modern and legacy platforms, including both graphical and command line based clients. According to the XMPP website, some of the most popular software includeConversations, Cheogram, Monocles and Quicksy (Android), Dino (BSD,Windows,Unix,Linux), Converse.js (web browser,Linux,Windows,macOS),[17]Gajim (Windows,Linux),[17] Monal (macOS,iOS), and Swift.IM (macOS, Windows, Linux). Lately, Monal has been forked as a Quicksy release foriOS.
Other clients include: Bombus,ChatSecure,Coccinella,Miranda NG,[17]Pidgin,Psi,[17]Tkabber,Trillian, andXabber.
There are thousands of XMPP servers worldwide, many public ones as well as private individuals or organizations running their own servers without commercial intent. Numerous websites show a list of public XMPP servers where users may register at (for example on the XMPP.net website).
Several large public IM services natively use or used XMPP, includingLiveJournal's "LJ Talk",[18]Nimbuzz, andHipChat. Various hosting services, such asDreamHost, enable hosting customers to choose XMPP services alongside more traditional web and email services. Specialized XMPP hosting services also exist in form ofcloud so that domain owners need not directly run their own XMPP servers, includingCiscoWebex Connect, Chrome.pl, Flosoft.biz, i-pobox.net, and hosted.im.
The majority of these services areFederated - so that users of one service can communicate with users of another service.
XMPP is also used in deployments of non-IM services, including smart grid systems such asdemand response applications, message-oriented middleware, and as a replacement forSMS to provide text messaging on manysmartphone clients.
Some of the largest messaging providers use, or have been using, various forms of XMPP based protocols in their backend systems without necessarily exposing this fact to their end users.[19][20] One example isGoogle, which in August 2005 introducedGoogle Talk, a combination VoIP and IM system that uses XMPP for instant messaging and as a base for a voice and file transfer signaling protocol calledJingle. The initial launch did not includeserver-to-server communications; Google enabled that feature on January 17, 2006.[21] Google later added video functionality to Google Talk, also using the Jingle protocol for signaling. In May 2013, Google announced XMPP compatibility would be dropped from Google Talk for server-to-server federation, although it would retain client-to-server support.[22] Google Talk has since been dropped from Google's line of products.
In January 2008, AOL introduced experimental XMPP support for itsAOL Instant Messenger (AIM) service,[23] allowing AIM users to communicate using XMPP. However, in March 2008, this service was discontinued.[citation needed] As of May 2011, AOL offers limited XMPP support.[24]
In February 2010, the social-networking siteFacebook opened up itschat feature to third-party applications via XMPP.[25] Some functionality was unavailable through XMPP, and support was dropped in April 2014.[26] Similarly, in December 2011, Microsoft released an XMPP interface to itsMicrosoft Messenger service.[27]Skype, its de facto successor, also provided limited XMPP support.[28]Apache Wave is another example.[29]
XMPP is thede facto standard for private chat in gaming related platforms such asOrigin,[30] andPlayStation, as well as the now discontinuedXfire andRaptr.[31] Two notable exceptions areSteam[32] andXbox LIVE; both use their ownproprietary messaging protocols.
Jeremie Miller began working on the Jabber technology in 1998 and released the first version of thejabberd server on January 4, 1999.[33] The early Jabber community focused on open-source software, mainly the jabberd server, but its major outcome proved to be the development of the XMPP protocol.
TheInternet Engineering Task Force (IETF) formed an XMPPworking group in 2002 to formalize the core protocols as an IETF instant messaging and presence technology. The early Jabberprotocol, as developed in 1999 and 2000, formed the basis for XMPP as published in RFC 3920 and RFC 3921 in October 2004 (the primary changes during formalization by the IETF's XMPP Working Group were the addition ofTLS for channel encryption andSASL for authentication). The XMPP Working group also produced specifications RFC 3922 and RFC 3923. In 2011, RFC 3920 and RFC 3921 were superseded by RFC 6120 and RFC 6121 respectively, with RFC 6122 specifying the XMPP address format. In 2015, RFC 6122 was superseded by RFC 7622. In addition to these core protocols standardized at the IETF, theXMPP Standards Foundation (formerly the Jabber Software Foundation) is active in developing open XMPP extensions.
The first IM service based on XMPP was Jabber.org,[17] which has operated continuously and offered free accounts since 1999.[34] From 1999 until February 2006, the service used jabberd as its server software, at which time it migrated toejabberd (both of which arefree software application servers). In January 2010, the service migrated to theproprietary M-Link server software produced by Isode Ltd.[35]
In September 2008,Cisco Systems acquired Jabber, Inc., the creators of the commercial product Jabber XCP.[36]
TheXMPP Standards Foundation (XSF) develops and publishes extensions to XMPP through a standards process centered onXMPP Extension Protocols (XEPs, previously known as Jabber Enhancement Proposals - JEPs). The following extensions are in especially wide use:
XMPP features such as federation across domains, publish/subscribe, authentication and its security even for mobile endpoints are being used to implement theInternet of Things. Several XMPP extensions are part of the experimental implementation: Efficient XML Interchange (EXI) Format;[44] Sensor Data;[45] Provisioning;[46] Control;[47] Concentrators;[48] Discovery.[49]
These efforts are documented on a page in the XMPP wiki dedicated to Internet of Things[50] and the XMPP IoT mailing list.[51]
TheIETF XMPP working group has produced a series ofRequest for Comments (RFC) documents:
The most important and most widely implemented of these specifications are:
XMPP has often been regarded as a competitor toSIMPLE, based onSession Initiation Protocol (SIP), as the standard protocol for instant messaging and presence notification.[52][53]
The XMPP extension for multi-user chat[38] can be seen as a competitor toIRC, although IRC is far simpler, has far fewer features, and is far more widely used.[citation needed]
The XMPP extensions for publish–subscribe[39] provide many of the same features as theAdvanced Message Queuing Protocol (AMQP).
