[Standards-JIG] Request for commentary: How to best implement a PEP
node which contains multiple items?
nickp at bu.edu
Mon Dec 25 20:25:45 CST 2006
Hello, a few months ago I submitted an XEP for file sharing between
Jabber users. After a busy semester I have resumed work on the XEP,
namely by implementing it with PEP support. One question that I've run
into is the issue of how the PEP node should contain files. Here is a
list of some of the options that I've considered, seeking your
commentary on which one looks like the best implementation that still
follows the rules of PEP/Pubsub.
Situation: Juliet wants to publish a list of files to her friends as a
PEP node (or several PEP nodes, if option 2 or 3 are used). Here are the
ways I've thought of organizing the nodes:
1) One monolithic PEP node containing all files (where each file is an
"item" as defined in the PEP spec)
Good: Simple. Follows existing PEP spec to the letter
Bad: Doesn't allow any granularity as far as which users can see which
files. Access is provided on an all-or-nothing basis, since PEP
determines permissions per node, rather than per item within the node.
2) Many PEP nodes, each can contain any number of files
Good: Versatile. User can define different arbitrary lists (one list per
PEP node), and can set permissions on a per-list basis.
Bad: Does PEP support multiple nodes of the same type? If not, should it?
3) Many PEP nodes, where each represents a single file
Good: Total granularity of who can access which files.
Bad: Same as #2. Might also be a little bandwidth intensive if many
files are being shared. If several get updated, all subscribers are
notified for EACH FILE, with no grouping.
I'm leaning towards option 2, as it balances between the best of both
worlds, but the PEP spec is vague as to whether the server can hold
multiple nodes of the same type, so it might not be legal with the
current spec. However, I haven't read the PubSub spec too closely, so it
might be legal via that.
In addition to the above options, there is also this question: Should
the list of shared files be stored on the PEP server, or should it be
kept on the sharing client? If the list is stored on the server, then
the server effectively has knowledge of all clients' shared files, which
users may consider to be a breach of privacy.
To avoid this, I thought of using the PEP node(s) as merely pointers to
the actual file list, which is stored on the sharing client and sent to
permitted users when requested directly. However, this brings up an
issue with synchronization of permissions between the sharing client and
the PEP server (ensuring that both agree as to which users have access
to which lists).
Thanks for whatever thoughts you have!
More information about the Standards-JIG