- Standards

UPDATED: XEP-0455 (Service Outage Status)

by Daniel Gultsch

Version 0.3.0 of XEP-0455 (Service Outage Status) has been released. Abstract: This document defines an XMPP protocol extension that enables server administrators to communicate issues with the server to all users in a semantic manner. Changelog: Remove all in-band event signaling. (mp) URL: https://xmpp.org/extensions/xep-0455.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

7 months

1
0
0 0

UPDATED: XEP-0377 (Spam Reporting)

by Daniel Gultsch

Version 0.4.0 of XEP-0377 (Spam Reporting) has been released. Abstract: This document specifies a mechanism by which users can report spam and other abuse to a server operator or other spam service. Changelog: * Add spam report processing opt-in. * Add Guus der Kinderen as co-author. (gdk) URL: https://xmpp.org/extensions/xep-0377.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

7 months

1
0
0 0

Identifying username and password fields during Extensible IBR (XEP-0389)

by Badri

Hi everyone! I've been trying to design a "verify with one-time code during registration" flow using XEP-0389 (Extensible In-Band Registration). Specifically, this is for registration on the server itself (not on an external component) and I'm using the jabber:x:data challenge. However, I realised there's no standard way for the client to know what its username and password is once the registration is complete. The old IBR spec (XEP-0077) uses special <username/> and <password/> fields which the client can automatically save to avoid the user having to re-enter it. Since "username, password, and some additional verification step" sounds like a common use-case for IBR, should this be added to the spec in some way? Some options: 1. Extend the jabber:x:data challenge to say something like: servers MUST NOT use var='username' and var='password' for anything other than username and password, and clients MAY save those values locally if present to avoid forcing the user to re-enter them. 2. Alternatively, extend the jabber:x:data challenge to say it can optionally include <username/> and/or <password/> tags as siblings to the <x xmlns='jabber:x:data' type='form'> form itself. 3. Same as (2), but with a new challenge type to keep things simple for those who actually want just an ordinary Data Form. 4. Define a new challenge type something like jabber:iq:register consisting of only <username/> and <password/> fields from 0077 (not sure what to do about <email/>, but I don't see a need for it). This is different from just using 0077 directly because the server can issue this challenge as part of a flow *along with* other challenges like jabber:x:data or jabber:x:oob. The disadvantage is the server would have to issue an extra challenge (once for the username/password, and again for the email address or whatever other data it wants like phone number) rather than combining them in one form/challenge. However, this approach is arguably cleaner as it doesn't mix different kinds of things (data forms and specific standardised fields) together. Let me know what you think of the above. I hope I didn't miss something entirely! If there are existing implementations of XEP-0389, it would be helpful to see, although I don't find any on the XMPP software list. Best, Badri

7 months

3
2
0 0

Synchronizing encryption keys accross different resources

by Schimon Jehudah

Greetings. Suppose that I want to access to data over PubSub which is encrypted with OpenPGP. I then would have the GPG key in order to access to that data. Should the key be also stored over a PubSub node and then be synchronized to resources that request it? What would be a good practice to do it? My use-case is of an annotation system which is based on Atom Over XMPP. Reference: https://forum.palemoon.org/viewtopic.php?f=5&t=31900 Regards, Schimon

7 months, 1 week

1
0
0 0

UPDATED: XEP-0421 (Occupant identifiers for semi-anonymous MUCs)

by Daniel Gultsch

Version 1.0.1 of XEP-0421 (Occupant identifiers for semi-anonymous MUCs) has been released. Abstract: This specification defines a method that allows clients to identify a MUC participant across reconnects and renames. It thus prevents impersonification of semi-anonymous users. Changelog: Fixed typo (XEP Editor (dg)) URL: https://xmpp.org/extensions/xep-0421.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

7 months, 1 week

1
0
0 0

UPDATED: XEP-0313 (Message Archive Management)

by Daniel Gultsch

Version 1.1.3 of XEP-0313 (Message Archive Management) has been released. Abstract: This document defines a protocol to query and control an archive of messages stored on a server. Changelog: Fixed typo (XEP Editor (dg)) URL: https://xmpp.org/extensions/xep-0313.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

7 months, 1 week

1
0
0 0

Renaming XEP-0472: Pubsub Social Feed

by Schimon Jehudah

Greetings. I would want to propose to replace the word "social" by another word. The reason for this, is because "social" would imply of theme "social network", even though this is not only for that theme. This means, that some developers would be reluctant to add support for XEP-0472 because they would be of the opinion that their software is not intended for social network theme. In order to avoid that misunderstanding, I suggest to rename the title. Please advise. Kind regards, Schimon. P.S. Mr. Webber, has proposed to name Atom Over XMPP (i.e. XEP-0277 and XEP-0472) as "Feeds" in the graphical interface of Cheogram. In addition, Arne of monocles chat, JC Brand and Nicolas (nioc) are alos in favour of adding support for Atom Over XMPP to their software. I maintain a list of projects of which I petition for Atom Over XMPP. gemini://woodpeckersnest.space/~schapps/journal/2024-05-30-publishing-over-xmpp.gmi

7 months, 2 weeks

2
2
0 0

Ad-hoc command error cases

by Guus der Kinderen

Hi! While adding tests for XEP-0133: Service Administration to the XMPP Interop Testing project, we ran into trouble. Specifically, it is unclear to me how an ad-hoc command failure is to be represented. Two XEPs are relevant: - XEP-0050: Ad-Hoc Commands - XEP-0133: Service Administration I don't think either is exactly clear in the definition of non-success scenarios. XEP-0050 Section 3.6 "Commands Successful/Failed" defines: > The status of command execution signals only if the command is executing, > has been completed, or been canceled. If completed, the "status" attribute > does not specify if it completed successfully or not. If a command > completes but fails, the responder MUST include at least one <note > type='error'/> with the <command status='completed'/> it returns. I do not believe that XEP-0050 specifies what the IQ type is (result or error) when a command execution is completed with a failure. XEP-0050 Section 4.4 "Possible Errors" defines command execution errors. All of the descriptions listed relate to conditions where the responding entity is prevented from starting to execute the command: it doesn't understand the action, the requesting entity doesn't have permissions to execute the command, and so on. In example 23, it is shown that these type of errors are used in an IQ type=error. XEP-0133 is less clear. Where errors are referenced in the descriptions of each command ("Unless an error occurs ...") they also seem to refer to scenario's where a command execution cannot start. To me, that's in line with XEP-0050. However, section 5 "Error Handling" specifies conditions that seem to are detected both _before_ but also _after_ execution of the command has started. Examples of that latter are: - <conflict/> The command cannot be completed because of a data or system conflict (e.g., a user already exists with that username). - No entity is allowed to perform the command (e.g., retrieve the CEO's roster). To me, these two are examples of what should be responded to with a <command status='completed'><note type='error'/></command>. The XEP(s) would benefit from having more explicit definitions with regards to these cases. Firstly, lets specify explicitly in XEP-0050 if a command of which the execution completed with an error is to be represented by an IQ stanza of type 'result' or 'error'. The XEP to me suggests 'result', but I don't think this is sufficiently clear from the text. For what it's worth, the implementations that I've seen (Openfire, Smack and Prosody), seem to use 'result'. Secondly, Section 5 of XEP-0133 arguably contradicts XEP-0050 - or at least adds confusion more than clarification. What added value does this section have over the error handling that is specified in XEP-0050? Perhaps referring to XEP-0133 is a good alternative to the existence of Section 5 in XEP-0133. Thirdly, the XEPs should have an example of a command that is completed-with-failure. The illustrative power of that would be very welcome. I would value your feedback on this. Kind regards, Guus

7 months, 2 weeks

2
1
0 0

Which one to use: `authorization-identity` or `authorization-identifier`

by Andrzej Telezynski

Hello, I am confused about those two elements: `authorization-identity` and `authorization-identifier`. Are they equivalent? They seem to be used in the same context. Grepping the XEPS repo shows both are used: $ grep -rl authorization-identity ./xep-0484.xml ./inbox/xep-fast.xml ./inbox/sasl2.xml ./xep-0386.xml $ grep -rl authorization-identifier ./xep-0480.xml ./inbox/xep-downgrade-prevention.xml ./inbox/xep-scram-upgrade.xml ./inbox/sasl2.xml ./xep-0198.xml ./xep-0388.xml ./xep-0474.xml What confuses me is that they both are used in the same context, f. ex.: "XEP-0386: Bind 2" has `authorization-identity` in successful Bind response: https://xmpp.org/extensions/xep-0386.html#example-4 <success xmlns='urn:xmpp:sasl:2'> <authorization-identity>user(a)example.com/AwesomeXMPP.4232f4d4 </authorization-identity> <bound xmlns='urn:xmpp:bind:0'> <metadata xmlns='urn:xmpp:mam:2'> <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' /> <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' /> </metadata> </bound> </success> But "XEP-0388: Extensible SASL Profile" uses `authorization-identifier` https://xmpp.org/extensions/xep-0388.html#example-7 <success xmlns='urn:xmpp:sasl:2'>  <additional-data> dj1tc1ZIcy9CeklPSERxWGVWSDdFbW1EdTlpZDg9 </additional-data> <authorization-identifier>user(a)example.org</authorization-identifier> </success> Is it valid to use `authorization-identifier` in all those cases? What about other XEPS that use `authorization-identity` f. ex. "XEP-0484: Fast Authentication Streamlining Tokens" ? https://xmpp.org/extensions/xep-0484.html#example-3 It seems that clients need to expect both variants anyway. I am hoping for some advice or clarification, maybe I have missed something. Thanks, Andrzej -- *Come see us at: *Alchemy Conf 2-3 Apr | ElixirConf EU 15-16 May | Code BEAM Lite Stockholm 2 Jun | Lambda Days 12-13 Jun | *Learn more >> <https://www.erlang-solutions.com/events/>* Erlang Solutions cares about your data and privacy; please find all details about the basis for communicating with you and the way we process your data in our Privacy Policy. <https://www.erlang-solutions.com/privacy-policy.html> You can update your email preferences or unsubscribe from all lists here. <https://forms.erlangsolutions.com/email-preference?epc_hash=pZxDpeyjOBLTF6P…>

7 months, 3 weeks

3
3
0 0

[XEP-0433] (Extended Channel Search): Search Form Fields

by Goffi

Hi, I'm currently implementing XEP-0433 (Extended Channel Search), nice work thanks. I have a couple of feedback: 1. I see in example 3 (https://xmpp.org/extensions/xep-0433.xml#example-3) a `min_users` field which is not described in https://xmpp.org/extensions/ xep-0433.xml#table-1, would it be possible to add it? 2. I think that it would be nice to specify recommended default values in the table. 3. The "sort" field is redundant and less powerful than XEP-0413 (Order-By), is there any reason to not use the later? 4. I feel that it would be useful to indicate somewhere the minimum of characters expected in a search query, so client doesn't send useless requests. Maybe via disco? Thanks! Goffi

7 months, 3 weeks

1
0
0 0

2025

2024

2023

Standards