[jdev] XEP-0060 Subscription Authorization
stpeter at stpeter.im
Tue Dec 4 20:26:53 CST 2007
Ralph Meijer wrote:
> On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre wrote:
>> Lindsay Oproman wrote:
>> If the node is configured for an access model of "authorize" then each
>> subscription request will need to be approved by the node owner, unless
>> the implementation includes some logic to pre-approve subscription
>> requests from all resources based on the bare JID (node at domain.tld).
>> (Sounds like a good feature request.)
> I think that XEP-0060 was designed to do access control on bare JIDs,
> although we never made that explicit, apparently. You can see this in
> various parts of the specification. For example, any resource can
> manipulate the subscriptions and affiliations that are associated with
> any resource of the bare JID and the bare JID itself.
> I don't think making it explicit that all access control is done on the
> bare JID should pose any issues. The only area that might be a concern
> is doing publish-subscribe from within a MUC room, but this is a special
> use case that we haven't given much attention anyway. I do have some
> thoughts on it, were it necessary to pull that into this thread.
Yes, that is "MEP".
> For what it is worth, Idavoll assigns affiliations to, and does access
> control based on, bare JIDs.
I think that is right.
If someone would like to propose some text, that would be great.
Otherwise I'll work something up soon.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
More information about the JDev