[jdev] XEP-0100 and roster/legacy contact list sync

Richard Dobson richard at dobson-i.net
Wed Dec 5 04:08:25 CST 2007

Peter Saint-Andre wrote:
> Richard Dobson wrote:
>> Tomasz Sterna wrote:
>>> So this is basically the same idea I got and proposed here:
>>> http://jabberd2.xiaoka.com/wiki/ComponentProtocol#Enchancements ?
>> Almost, mine isn't tied to the component protocol, its just a normal
>> thing that works over S2S links as well as internally within the server,
>> its hardly revolutionary though, its just reusing things we already have
>> for a wider variety of uses.
> Except that how do you know someone is not trying to poison your roster?

Because you have a trust/permission granting mechanism on top of this 
before the transport can do anything (also if in my case you are running 
the transport yourself you can trust that it wont poison the roster even 
more), and also the transport can only see and manipulate contacts that 
originate at its own domain so it limits the scope for poisoning. This 
is virtually the same idea as the one where you request the section of 
the roster from the transport except in this case you are modifying your 
own roster caching the current transport one so you don't need to keep 
re-requesting it and you immediately have all the transport contacts 
there at the time you login.


More information about the JDev mailing list