[jdev] Owner Status to a federated user.

Dave Cridland dave at cridland.net
Fri Aug 23 06:45:31 UTC 2013

On 23 Aug 2013 00:33, "Pravin Sinha" <pks_chennai at yahoo.com> wrote:
> Hi,
> I understand that some(could be all) of these are  more implementation
specific, but was wondering if there is a related guidelines/xep.
> - Should  an xmpp server allow a federated user(via Server to server
federation) create a chat room on local chat room server? At the least, I
see the possibility of attacks where the federated users may create
uncontrollable number of chat rooms and even though some policy could be
enforced, but what is the normal trend?

I'm not sure what the normal trend is, but some servers at least allow
restriction of room creation to either local users or a white list. There
are certainly abuse cases that need this.

> - Suppose the room is created by a local user and he tries to change the
affiliation of federated server's user as owner, should that be allowed?
What are the possible problems(if any)?

I think all servers allow this unconditionally. There's a concern that a
remote server can spoof its own users, but that applies to most cases of
federated users, so I don't think that's a social case here.

> Thanks,
> Pravin
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130823/5f63c1d7/attachment.html>

More information about the JDev mailing list