[jdev] Idavoll 2
stpeter at jabber.org
Tue Apr 12 11:25:24 CDT 2005
On Tue, Apr 12, 2005 at 09:26:56AM +0200, Ralph Meijer wrote:
> While working on Idavoll last week, I discovered that when another resource of
> the same JID that was subscribed requests the items, you get a not-authorized.
> Maybe it would be better to check against the bare JID (without resource)?
So the subscriber is <node at host/resource>? If so, then it seems correct
for Idavoll to refuse access. If the subscriber is node at host, then it is
probably right to allow access from any resource. (It's always a bit
dangerous to make assumptions about what an entity is based on the JID,
e.g., node at host could be jdev at conference.jabber.org, I suppose.)
> Being an owner does not automatically allow you to get items. That's probably
> not desirable, but it isn't really clear from the spec.
Well, let's clarify that, then! :-)
> Also, should publishers
> that are not subscribed be allowed to get items?
Hmm. Is that kind of special-casing a problem in the code?
It does seem reasonable that owners and publishers would be allowed to
get items, but of course they could simply subscribe, too.
More information about the JDev