[standards-jig] JEP-0016 now includes whitelisting

Jean-Louis Seguineau /EXC/TEC jean-louis.seguineau at antepo.com
Thu Aug 1 19:41:08 UTC 2002


Well, we now have zebra lists, and as you probably all know, zebra is the
only animal that has never been tamed by man :))

First a few comments on the latest JEP-0016

1/ In the section Protocol Detail, there is a mention of  "To fetch the
currently active list and the rules for each list, the client application
performs a simple blank get request." I haven't found an example of how this
should be used in the rest or the JEP. Do it mean that

<iq type="get" id="2">
  <query xmlns="jabber:iq:privacy">
    <active/>
  </query>
</iq>

will result in

<iq type="result" id="2">
  <query xmlns="jabber:iq:privacy">
    <active name="home"/>
    <list name="home">
      <item type="allow"/>
    </list>
    <list name="work">
      <item type="deny"/>
    </list>
 </query>
</iq>

and that

<iq type="get" id="2">
  <query xmlns="jabber:iq:privacy">
    <active name="home"/>
  </query>
</iq>

will result in

<iq type="result" id="2">
  <query xmlns="jabber:iq:privacy">
    <active name="home"/>
    <list name="home">
      <item jid="romeo at jabber.org" type="deny"/>
      <item jid="juliet at jabber.org" type="deny"/>
      <item type="allow"/>
    </list>
  </query>
</iq>

2/ The same section mention that "To remove items from the list, simply send
back the list tag with the various <item> elements missing." Does that mean
that to be able to include or remove somebody in a zebra list we would have
to first load the entire list then send back the list to the server for it
to work out the difference ?
Now let's work out a simple use case. I have been running my full fledged
multi megabyte RAM PC client at work, and I am now in the airport on my way
to some meeting. I fancy continuing to use my favorite IM with by J2ME phone
client (you know the kind of thing that must be squeezed in 30KB of
memory...) What will happen if I have to load my 200+ items zebra list just
to bar some spammer ? Not to mention that if my belove wireless carrier
charge me on air time or on kilobytes, it will be more than happy to have
all that traffic going through its network :)
The point I want to make is that whatever it takes, as this is server based
list control, this should be handled on the server. And servers are using
incremental storage, even in the case of XML were we can insert into an
existing document. I think we should have an incremental mechanism to
update/remove items in the list, something like :

Adding a single item
<iq type="set" id="3">
  <query xmlns="jabber:iq:privacy">
    <list name="home">
      <item jid="romeo at jabber.org" type="deny"/>
    </list>
  </query>
</iq>

Removing a single item
<iq type="set" id="3">
  <query xmlns="jabber:iq:privacy">
    <list name="home">
      <item jid="romeo at jabber.org"/>
    </list>
  </query>
</iq>

Doing so will have the adventage of using a seimlar paradigm to removing a
list by sending an empty list tag.

3/ Lastly, could we have a use case for "If the <item> element contains a
subscription attribute, it means that the rule applies to all jids in the
current users roster which have matching subscription elements" ? I humbly
admit not seeing what to use it for. Does it mean to imply that you can only
apply zebra listing to objects in your roster ?


I would finaly like to make further suggestion as to extension to this
namespace handling. If we want to add more granularity to the list, i.e. go
to a level of specifying what tiny element shoudl be checked, I feel that we
shoudl use existing packet structure for this. For example it could be
easily achieved by using the existing type attribute that both the <message>
and the <presence> tag. To filter out headline messages you could say
somthing
like:

<iq type="set" id="4">
    <query xmlns="jabber:iq:privacy">
        <item jid="jack at dalton.com" type="deny">
            <message type="headline"/>
        </item>
    </query>
</iq>

or to disallow certain presence requests

<iq type="set" id="4">
    <query xmlns="jabber:iq:privacy">
        <item jid="jack at dalton.com" type="allow">
            <presence type="subscribe"/>
            <presence type="unsubscribe"/>
        </item>
    </query>
</iq>

Doing this way will allow to reuse existing XML packet types without
creating additional tag handling.


That said, it's a hell of a good job. Thanks Peter.

----- Original Message -----
> Date: Wed, 31 Jul 2002 10:39:33 -0500 (CDT)
> From: Peter Saint-Andre <stpeter at jabber.org>
> To: standards-jig at jabber.org
> Subject: [standards-jig] JEP-0016 now includes whitelisting
> Reply-To: standards-jig at jabber.org
>
> I've received and published a new version of JEP-0016 (jabber:iq:privacy)
> from Peter Millard. This version now includes whitelisting! Check it out
> here:
>
> http://www.jabber.org/jeps/jep-0016.html
>
> Peter
>
> --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.html






More information about the Standards mailing list