[jdev] XEP-0060 Subscription Authorization

Peter Saint-Andre stpeter at stpeter.im
Mon Nov 19 14:05:00 CST 2007

Lindsay Oproman wrote:
> Hello, I apologize for the lag. I have been away on vacation. All I
> really want is for authorization of a topic to apply to any full JID
> associated with an authorized bare JID. The notifications should only
> go to resources that have explicitly subscribed using their full JID.
> For example, me at domain.com is authorized to a topic. I don't want the
> publisher to have to authorize me at domain.com/resource1 or
> me at domain.com/resource2 thereafter. However, suppose
> me at domain.com/resource2 has not subscribed to the topic. That resource
> should not receive a notification.
> It is my understanding that the current authorization mode requires
> the publisher to manually authorize each resource individually.

If the node is configured for an access model of "authorize" then each
subscription request will need to be approved by the node owner, unless
the implementation includes some logic to pre-approve subscription
requests from all resources based on the bare JID (node at domain.tld).
(Sounds like a good feature request.)

If the node is configured for an access model of "open", "presence",
"roster", or "whitelist", then no authorization is needed from the node
owner for a subscription request. So you can subscribe multiple times,
once from each resource (in some cases you need to be on an implicit
authorization list via presence subscription or whatever).

Are you specifically asking about the "authorize" access model?


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20071119/95c84ce6/attachment-0002.bin>

More information about the JDev mailing list