Re: [IOT] An implementer's review of the IoT XEPs

On 14.11.2016 10:03, Peter Waher wrote: The question still remains: Do the XEPs envision friendship to be defined as a full presence subscription between the two involved entities. Which I think would very problematic because unsolicited presence stanzas should be avoided (and have caused a lot of trouble in XMPP's past). Usually a thing is not interested in the presence status of its friends, Therefore I suggest to define friendship as follows: "E is a friend of T, iff E is subscribed to T's presence" (where E is an entity, and T is a thing). Note that this does not disallow T to subscribe to E's presence. It is just not required for E to be a friend of T. The XEPs should explicit mention that friendship recommendations are used by the provisioning server (PS) to deliver the owners decision to the thing. And how do you envision the requestor (R) to be notified? I've implemented it in Smack so that the thing forwards the friendship recommendation to R. Because I don't want R to act on friendship recommendations send from the PS, as it's not clear for R which PS is authoritative. But even with this unspecified mechanism, I need nine stanzas to complete friendship and a cache of the last pending friendship requests in R. My suggestion would be to have PS sending a friendship-decision-pending response to T, on which T simply does nothing. This reduces the required stanzas to complete friendship to six and removes the client from the burden to keep track of pending friendship requests. Please note that this and the previous point (definition of friendship) are two of my main concerns about the current XEPs that I'd like to address first. I'd like to use the upcoming Summit (and SIG meetings) to discuss them. True, but there are efforts to split PubSub into smaller XEPs. The XEPs are very long, which makes it very hard to digest. I think from the ones I've looked at (Discovery, Provisioning, Data, Control), half of what is written in there could be moved into an add-on XEP containing the advanced features. The other half would then be a minimal baseline profile which would make it easy to get started with, solve probably 80% of the use cases and gave implementers a quicker "success" experience. No. No. I was trying to describe the ideal pattern/scheme in XMPP used to retrieve N data, where every datum is packed in a single stanza: The requester sends the IQ-request, on which the sender starts sending data1 to dataN in message stanzas, and after sending dataN, the IQ-result is send. This pattern is also used in MAM. Currently the data xep does: IQ-request → IQ-result → data1 → … → dataN-withFin No it does not. Ok, but why not simply re-use XEP-0082 as existing building block? Now I have to implement yet another data/time parser for XEP-0323 just because it varies slightly from a widely established XEP. https://www.w3.org/2001/XMLSchema-datatypes Have a look at XEP-0122's 'datatype' attribute. Ideally the IoT Data XEP would re-use the same attribute and its definition. But unsubscribing does not remove the roster entry. But yes, there are some points where roster and presence interact. Never the less the sentence should be "if the device is not subscribed to the provisioning server, then the device should send a subscription request" Ahh, ok. That's a good design approach I support! I suggest to make it clear that a thing is defined by it's bare JID, and never by its full JID, or in other words, there can never be two or more things with the same bare JID. Possible, but everything breaks down if you assume the possibility of spoofed XMPP addresses. It sure is possible if something is not configured correctly, especially considering a federation between multiple independent parties. But if you need absolute confidentially, then use crypto. I wouldn't call XEP-0325 lightweight. Not sure about that. Smack has pretty good support for data forms. IoT control would have been easier to implement if I would have based it on data forms and not had to implement everything from scratch. And that's not possible with data forms? Especially if both data and control would be based on them? Ahh, now it gets interesting. First, please consider putting that rationale for not using data forms in XEP-0325. Otherwise be prepared to get asked that very same question over and over again. And secondly: Was it ever evaluated if data forms could be extended by that functionality (executing commands on multiple nodes, or multiple commands in the same request)? I could imagine that such a data forms add-on feature could be beneficial in other areas too. Care to elaborate? Then please make it clear in the XEP that the PS will require the potential-soon-to-be-owner to enter the exact same values used by the thing to register itself with the PS. But what if the thing wants to provide more metadata values (there a dozens different types already defined), but only have the owner enter one or two? I think the default on-boarding procedure could be much simplified by keeping the same security: Simply let the thing generate a secure token and have the owner present that token as proof of ownership. How the bytes of the token are transported and retrieved from the thing (QR code, via an app, …) can be decided by the manufacturer. (This reminds me a bit of the easy-onboarding efforts in XMPP: https://wiki.xmpp.org/web/Easy_Onboarding ) - Florian