[Council] XEP-0124/0206

[Ian Paterson]

Hi,

Mridul's email didn't reach the council list, but here it is in full 
with my answers.
FYI, Mridul implemented Sun's XEP-0124 connection manager (and Java 
client IIRC).


Mridul wrote:
> Hi,
>
> 1)  For the script syntax in 124, we might want to add the following :
> "It MUST be used over HTTPS or client and server MUST set cache 
> control indicating response MUST NOT be cached."
> If we do not mandate this, responses could get cached or otherwise 
> persisted somewhere - and since the url query is going to directly 
> contain the body content, this would be a security and privacy issue.

Good point. I'll add that to the security considerations and the Script 
Syntax example responses.

> 2) I thought 'jabber:client' was going to be imported into httpbind 
> namespace ? In which case, example 6 could be modified to not require 
> qualifying 'body' & we just need to change the 'xmlns'.
> Else we are breaking schema for all other examples ...

Yes, although I'm sure you understand that I don't want anything XMPP 
specific in XEP-0124. If possible 'jabber:client' should be added to 
httpbind in XEP-0206. I'll discuss the best way to do that with someone 
who knows more about XML than we do. :-)

> Also, maybe we can also add a note that the json data needs to be 
> escaped when it is embedded within another xml response like in 
> Example 6 ... not sure if client side parsers unescape the data before 
> returning it.

I also don't want anything JSON specific in XEP-0124! ;-)

> Thanks for clarifying on overactivity !
> If others in my team come across anything which needs clarification, I 
> will send it across.

Thanks for your feedback. :-)

> Regards,
> Mridul

- Ian