[Standards] Jabber (PEP) for social network?

[JD Conley]

> Probably the root of the question is that could a pubsub service (or a
> pep service) use a 'roster' or 'group' access policy if it's outside
> the domain?
> 
> Or should every communication provider capable of this feature install
> a PEP-component, and then using caps for events?

AFAIK, with the current state of things, no, they cannot. Some sort of a
federation/trust protocol needs to be developed for this to happen. I
know we were informally talking about this at the interop event last
year, but I'm not sure if anything came of it.

Basically it would be something that'd have to be supported in the
server and maybe client implementations with some sort of a token passed
through so the user can authorize the federation.

I think it would be something like:

1) User registers with your service using her JID.
2) Your service contacts her domain and asks for federation rights on
the roster.
3) Her domain's server contacts her (via XMPP, email, etc?) and asks if
it is OK for your service to see her roster.
	3a) Optionally your service and her major domain (say gtalk)
have a business trust relationship in place so you already have
federation rights.

The required scope of the federation is still pretty undefined. However,
I think for the most part you'd want the ability to:

1) Request a user's roster. 
2) Receive roster updates (just like the user would) so you can
intelligently manage security in near-real time.
3) Send messages on behalf of the user (i.e. manage your own PubSub
service) OR publish things to the user's PEP node.

-JD