[jdev] Fine permissions tuning for PubSub

Goffi goffi at goffi.org
Mon Jun 25 21:28:12 UTC 2012

Hi Sergey,

> I am fine with a possibility to tune permissions per item

Cool :)

> but there are
> some nuances. For example, what if user posts an item to a foreign node
> (i.e. node where the user is not an owner). It will be strange to
> restrict an access for such item.

I know, and as I said in my blog post, I have simplified for my tests by 
saying creator = owner = publisher. So if the publisher is not the 
owner, there are some question about which roster to use, how to keep 
roster private, etc.
AFAIK, there is no good way at the moment to access remotly (and 
securely) the roster of an entity.

> I think we should not insert an item configuration form in the<item>
> but in<publish>.

That's right, I was thinking too the item node was not the best place, 
but I wanted to tie to it. We can put the configuration in <publish> 
indeed, and identify the item with its id.

> On the other hand, I think that it is time to invent new XEP to allow to
> implement such protocols as PEP or "Private XML storage" as separate
> components. It will facilitate migration from server to server and will
> increase speed of implementing new technologies.
I hope things will move a bit in the pubsub part of XMPP, as we need 
severals things for modern softwares (per item permissions, better 
decentralisation, polished microblogging, etc).

Thank for your feedback


More information about the JDev mailing list