[jdev] XEP-0060 Subscription Authorization
loproman at gmail.com
Thu Dec 6 00:13:53 CST 2007
Thank you Ralph and Peter. It sounds like I probably lucked out since I
intend to use the authorize mode. Do you know if the jabber.org server is
On Dec 4, 2007 6:26 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> Ralph Meijer wrote:
> > On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre wrote:
> >> Lindsay Oproman wrote:
> >>> [..]
> >> If the node is configured for an access model of "authorize" then each
> >> subscription request will need to be approved by the node owner, unless
> >> the implementation includes some logic to pre-approve subscription
> >> requests from all resources based on the bare JID (node at domain.tld).
> >> (Sounds like a good feature request.)
> > I think that XEP-0060 was designed to do access control on bare JIDs,
> > although we never made that explicit, apparently. You can see this in
> > various parts of the specification. For example, any resource can
> > manipulate the subscriptions and affiliations that are associated with
> > any resource of the bare JID and the bare JID itself.
> Good point.
> > I don't think making it explicit that all access control is done on the
> > bare JID should pose any issues. The only area that might be a concern
> > is doing publish-subscribe from within a MUC room, but this is a special
> > use case that we haven't given much attention anyway. I do have some
> > thoughts on it, were it necessary to pull that into this thread.
> Yes, that is "MEP".
> > For what it is worth, Idavoll assigns affiliations to, and does access
> > control based on, bare JIDs.
> I think that is right.
> If someone would like to propose some text, that would be great.
> Otherwise I'll work something up soon.
> Peter Saint-Andre
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev