ian.paterson at clientside.co.uk
Thu Feb 15 08:17:20 CST 2007
Mridul's email didn't reach the council list, but here it is in full
with my answers.
FYI, Mridul implemented Sun's XEP-0124 connection manager (and Java
> 1) For the script syntax in 124, we might want to add the following :
> "It MUST be used over HTTPS or client and server MUST set cache
> control indicating response MUST NOT be cached."
> If we do not mandate this, responses could get cached or otherwise
> persisted somewhere - and since the url query is going to directly
> contain the body content, this would be a security and privacy issue.
Good point. I'll add that to the security considerations and the Script
Syntax example responses.
> 2) I thought 'jabber:client' was going to be imported into httpbind
> namespace ? In which case, example 6 could be modified to not require
> qualifying 'body' & we just need to change the 'xmlns'.
> Else we are breaking schema for all other examples ...
Yes, although I'm sure you understand that I don't want anything XMPP
specific in XEP-0124. If possible 'jabber:client' should be added to
httpbind in XEP-0206. I'll discuss the best way to do that with someone
who knows more about XML than we do. :-)
> Also, maybe we can also add a note that the json data needs to be
> escaped when it is embedded within another xml response like in
> Example 6 ... not sure if client side parsers unescape the data before
> returning it.
I also don't want anything JSON specific in XEP-0124! ;-)
> Thanks for clarifying on overactivity !
> If others in my team come across anything which needs clarification, I
> will send it across.
Thanks for your feedback. :-)
More information about the Council