- Standards

Synchronizing encryption keys accross different resources

by Schimon Jehudah

Greetings. Suppose that I want to access to data over PubSub which is encrypted with OpenPGP. I then would have the GPG key in order to access to that data. Should the key be also stored over a PubSub node and then be synchronized to resources that request it? What would be a good practice to do it? My use-case is of an annotation system which is based on Atom Over XMPP. Reference: https://forum.palemoon.org/viewtopic.php?f=5&t=31900 Regards, Schimon

5 months, 1 week

1
0
0 0

UPDATED: XEP-0421 (Occupant identifiers for semi-anonymous MUCs)

by Daniel Gultsch

Version 1.0.1 of XEP-0421 (Occupant identifiers for semi-anonymous MUCs) has been released. Abstract: This specification defines a method that allows clients to identify a MUC participant across reconnects and renames. It thus prevents impersonification of semi-anonymous users. Changelog: Fixed typo (XEP Editor (dg)) URL: https://xmpp.org/extensions/xep-0421.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

5 months, 1 week

1
0
0 0

UPDATED: XEP-0313 (Message Archive Management)

by Daniel Gultsch

Version 1.1.3 of XEP-0313 (Message Archive Management) has been released. Abstract: This document defines a protocol to query and control an archive of messages stored on a server. Changelog: Fixed typo (XEP Editor (dg)) URL: https://xmpp.org/extensions/xep-0313.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

5 months, 1 week

1
0
0 0

Renaming XEP-0472: Pubsub Social Feed

by Schimon Jehudah

Greetings. I would want to propose to replace the word "social" by another word. The reason for this, is because "social" would imply of theme "social network", even though this is not only for that theme. This means, that some developers would be reluctant to add support for XEP-0472 because they would be of the opinion that their software is not intended for social network theme. In order to avoid that misunderstanding, I suggest to rename the title. Please advise. Kind regards, Schimon. P.S. Mr. Webber, has proposed to name Atom Over XMPP (i.e. XEP-0277 and XEP-0472) as "Feeds" in the graphical interface of Cheogram. In addition, Arne of monocles chat, JC Brand and Nicolas (nioc) are alos in favour of adding support for Atom Over XMPP to their software. I maintain a list of projects of which I petition for Atom Over XMPP. gemini://woodpeckersnest.space/~schapps/journal/2024-05-30-publishing-over-xmpp.gmi

5 months, 1 week

2
2
0 0

Ad-hoc command error cases

by Guus der Kinderen

Hi! While adding tests for XEP-0133: Service Administration to the XMPP Interop Testing project, we ran into trouble. Specifically, it is unclear to me how an ad-hoc command failure is to be represented. Two XEPs are relevant: - XEP-0050: Ad-Hoc Commands - XEP-0133: Service Administration I don't think either is exactly clear in the definition of non-success scenarios. XEP-0050 Section 3.6 "Commands Successful/Failed" defines: > The status of command execution signals only if the command is executing, > has been completed, or been canceled. If completed, the "status" attribute > does not specify if it completed successfully or not. If a command > completes but fails, the responder MUST include at least one <note > type='error'/> with the <command status='completed'/> it returns. I do not believe that XEP-0050 specifies what the IQ type is (result or error) when a command execution is completed with a failure. XEP-0050 Section 4.4 "Possible Errors" defines command execution errors. All of the descriptions listed relate to conditions where the responding entity is prevented from starting to execute the command: it doesn't understand the action, the requesting entity doesn't have permissions to execute the command, and so on. In example 23, it is shown that these type of errors are used in an IQ type=error. XEP-0133 is less clear. Where errors are referenced in the descriptions of each command ("Unless an error occurs ...") they also seem to refer to scenario's where a command execution cannot start. To me, that's in line with XEP-0050. However, section 5 "Error Handling" specifies conditions that seem to are detected both _before_ but also _after_ execution of the command has started. Examples of that latter are: - <conflict/> The command cannot be completed because of a data or system conflict (e.g., a user already exists with that username). - No entity is allowed to perform the command (e.g., retrieve the CEO's roster). To me, these two are examples of what should be responded to with a <command status='completed'><note type='error'/></command>. The XEP(s) would benefit from having more explicit definitions with regards to these cases. Firstly, lets specify explicitly in XEP-0050 if a command of which the execution completed with an error is to be represented by an IQ stanza of type 'result' or 'error'. The XEP to me suggests 'result', but I don't think this is sufficiently clear from the text. For what it's worth, the implementations that I've seen (Openfire, Smack and Prosody), seem to use 'result'. Secondly, Section 5 of XEP-0133 arguably contradicts XEP-0050 - or at least adds confusion more than clarification. What added value does this section have over the error handling that is specified in XEP-0050? Perhaps referring to XEP-0133 is a good alternative to the existence of Section 5 in XEP-0133. Thirdly, the XEPs should have an example of a command that is completed-with-failure. The illustrative power of that would be very welcome. I would value your feedback on this. Kind regards, Guus

5 months, 2 weeks

2
1
0 0

Which one to use: `authorization-identity` or `authorization-identifier`

by Andrzej Telezynski

Hello, I am confused about those two elements: `authorization-identity` and `authorization-identifier`. Are they equivalent? They seem to be used in the same context. Grepping the XEPS repo shows both are used: $ grep -rl authorization-identity ./xep-0484.xml ./inbox/xep-fast.xml ./inbox/sasl2.xml ./xep-0386.xml $ grep -rl authorization-identifier ./xep-0480.xml ./inbox/xep-downgrade-prevention.xml ./inbox/xep-scram-upgrade.xml ./inbox/sasl2.xml ./xep-0198.xml ./xep-0388.xml ./xep-0474.xml What confuses me is that they both are used in the same context, f. ex.: "XEP-0386: Bind 2" has `authorization-identity` in successful Bind response: https://xmpp.org/extensions/xep-0386.html#example-4 <success xmlns='urn:xmpp:sasl:2'> <authorization-identity>user(a)example.com/AwesomeXMPP.4232f4d4 </authorization-identity> <bound xmlns='urn:xmpp:bind:0'> <metadata xmlns='urn:xmpp:mam:2'> <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' /> <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' /> </metadata> </bound> </success> But "XEP-0388: Extensible SASL Profile" uses `authorization-identifier` https://xmpp.org/extensions/xep-0388.html#example-7 <success xmlns='urn:xmpp:sasl:2'>  <additional-data> dj1tc1ZIcy9CeklPSERxWGVWSDdFbW1EdTlpZDg9 </additional-data> <authorization-identifier>user(a)example.org</authorization-identifier> </success> Is it valid to use `authorization-identifier` in all those cases? What about other XEPS that use `authorization-identity` f. ex. "XEP-0484: Fast Authentication Streamlining Tokens" ? https://xmpp.org/extensions/xep-0484.html#example-3 It seems that clients need to expect both variants anyway. I am hoping for some advice or clarification, maybe I have missed something. Thanks, Andrzej -- *Come see us at: *Alchemy Conf 2-3 Apr | ElixirConf EU 15-16 May | Code BEAM Lite Stockholm 2 Jun | Lambda Days 12-13 Jun | *Learn more >> <https://www.erlang-solutions.com/events/>* Erlang Solutions cares about your data and privacy; please find all details about the basis for communicating with you and the way we process your data in our Privacy Policy. <https://www.erlang-solutions.com/privacy-policy.html> You can update your email preferences or unsubscribe from all lists here. <https://forms.erlangsolutions.com/email-preference?epc_hash=pZxDpeyjOBLTF6P…>

5 months, 2 weeks

3
3
0 0

[XEP-0433] (Extended Channel Search): Search Form Fields

by Goffi

Hi, I'm currently implementing XEP-0433 (Extended Channel Search), nice work thanks. I have a couple of feedback: 1. I see in example 3 (https://xmpp.org/extensions/xep-0433.xml#example-3) a `min_users` field which is not described in https://xmpp.org/extensions/ xep-0433.xml#table-1, would it be possible to add it? 2. I think that it would be nice to specify recommended default values in the table. 3. The "sort" field is redundant and less powerful than XEP-0413 (Order-By), is there any reason to not use the later? 4. I feel that it would be useful to indicate somewhere the minimum of characters expected in a search query, so client doesn't send useless requests. Maybe via disco? Thanks! Goffi

5 months, 3 weeks

1
0
0 0

New XEP proposal: Spaces

by Nicolas Cedilnik

Hello everyone, I just submitted https://github.com/xsf/xeps/pull/1426 with a rendered version at https://nicoco.fr/inbox/spaces.html This is an attempt at a minimal "spaces XEP". I remember reading a document a long time ago which looked impressively complete but did not turn into a XEP proposal. I suspect this is because the document attempted to cover everything, and there are very different use-cases for spaces, with different permissions models, ranging from fully public to completely private through "some rooms are public but some require being part of a subteam" etc. I tried a different approach here, attempting to lay the foundation of what is the minimum to cluster several groupchats without relying on a dedicated MUC service just for that. The slidge-based gateways for discord, mattermost and matrix already implement listing the "servers", "teams" and "spaces" of these networks via adhoc commands. I would very much like to make this a bit more generic (and standardised!) in slidge "core", the gateway library (and also expose in the disco#info of each room which "space" it is a child of). About the name, I called it "server-side spaces" because I think what Gajim already does with its workspaces is great and should be standardized at some point too, that would be another XEP, maybe "client(or user)-side spaces", later. I already gathered a little feedback from the xsf@ room, and incorporated it in the present submission. Looking forward to reading your feedback. -- nicoco

6 months

5
10
0 0

Commenting system based on XMPP

by Schimon Jehudah

Greeetings, ladies and gentlemen! First of all, I would want to congratulate Mr. Nicolas Cedilnik (nicoco) for creating a plugin to the publishing system Pelican. Reference: https://codeberg.org/nicoco/pelican-pubsub Second, I would want to create an HTML based commenting system service, and I would be glad to receive your consultancy on how to design it. By that, I mean, to which PubSub nodes should comments be published to. And then I will create a system based upon FastAPI and Slixmpp. P.S. Currently, there are three or four brands that provide commenting systems in a centralized fashion. Kind regards, Schimon

6 months

2
1
0 0

XSF membership application period Q2 2025

by Alexander Gnauck

I have setup the membership application Wiki page for the application period Q2 2025 Applications are encouraged from developers and others who are actively involved in the Jabber/XMPP community. To apply, create a page about yourself on the Wiki: https://wiki.xmpp.org/web/Membership_Applications_Q2_2025 If you don't have a wiki account, send your full name, preferred nickname and email address to me or one of the other Sysops: https://wiki.xmpp.org/web/Sysops Apply now!!! Thanks, Alex

6 months, 1 week

1
0
0 0

2025

2024

2023