[Council] meeting log 2006-11-29, PEP

Ian Paterson ian.paterson at clientside.co.uk
Fri Dec 1 12:42:32 CST 2006


Peter Saint-Andre wrote:
> Ralph Meijer wrote:
>   
>> On Thu, 2006-11-30 at 09:48 +0000, Ian Paterson wrote:
>>     
>>> Hi,
>>>
>>> I'm +1 for PEP enabling multiple nodes under one namespace. This will be 
>>> useful for some use cases (e.g. several blog feeds per person).
>>>
>>> However, IMHO we *also* need to keep the possibility of well-known node 
>>> names (and well-known item IDs). Well-known is good because it eliminates 
>>> unnecessary discovery steps.
>>>       
>> Well, if you allow multiple nodes under one namespace, this doesn't
>> work. There can be only one node at a well-known node, so you need to
>> discover the node's identity to see if it is a leaf or collection.
>>     
>
> I think the phrase "multiple nodes under one namespace" is a bit
> confusing. What we're talking about here is the ability to maintain and
> publish to multiple nodes with the same payload type.
>   

Yes.

>> Another example might be if Peter sends me a signature and the fingerprint 
>> of his public key, but I have no copy of his public key, then it is easiest 
>> for me to make a straight request for the public key 
>> (node:'urn:xmpp:pubkeys', id='thefingerprint'). I can only do this if PEP 
>> allows the pubkeys XEP to specify well-known node names and item ID values.
>> Note: For these two example use cases we need to be able to persist more 
>> than one publish event. i.e. persist multiple items independently of when 
>> they were published. Do people think this requirement could be added to PEP?
>>     
> I don't quite follow the need for well-known ID values -- I guess you'd
> use the same node ("rsakey" or whatever) to publish the pubkey and the
> signature and the fingerprint, and you'd want the recipient to be able
> to retrieve each one separately?

This isn't about publishing signatures or fingerprints. The signature 
and fingerprint were sent in a message. In this example only public keys 
are being published.

Each of the clients Aunt Tillie uses is likely to publish a different 
RSA key for her (think SSH without any manual transportation of private 
keys between the client machines you use). If the client she is using 
provides your client with the fingerprint of the key it is using, then 
how does your client tell the generic PEP service that it only wants to 
retrieve the RSA key with that fingerprint? In other words, what would 
be the best way for your client to specify both the namespace 
("http://www.w3.org/2000/09/xmldsig#") and the fingerprint in it's request?

>>> Finally, can I please also get people's feedback on the idea for PEP and/or 
>>> pubsub posted to the list on Nov 19th:
>>>       
>> As the particular node would only have be created once in the lifetime
>> of the user account, I don't think we should do this.
>>
>> If you meant to do access control on item level, I tend to say feature
>> creep.
>>     
>
> Didn't we talk about that before and pull away from it?
>   

Sorry I don't remember. Perhaps there are new motivations now? (See my 
reply to Ralph.)

- Ian



More information about the Council mailing list