[standards-jig] JEP:0015 Account Transfer

Iain Shigeoka iainshigeoka at yahoo.com
Sat Jan 26 07:45:45 UTC 2002


On 1/25/02 9:08 AM, "Casey Crabb" <debug at nafai.dyndns.org> wrote:

> On Fri, 2002-01-25 at 11:39, Iain Shigeoka wrote:
>> Ah.  I see.  For some odd reason that part didn't register with me.  I was a
>> bit fixated on the JEP.  This requirement of newaccount already existing,
>> significantly reduces the scope of what the transfer protocol does.  It
>> doesn't seem to be much of a threat.  :)
>> 
>> However, the JEP does not specify the protocol that way.  It definitely has
>> newaccount created on the server by the server hosting newaccount.  Thus the
>> old server is creating accounts on other servers, then transferring the
>> account.  I'll quote from the first line in the Protocol Example section:
>> 
>> The server would then try to go and create that account. If successful in
>> creating that account then it first transfers the roster of...
>> 
>> The JEP specifies that the server is doing everything including creating the
>> new account on the new server.   This creates the threat that I was worried
>> about.  If the process is as you state (the client must create new account
>> on the new server then have the old server transfer the account contents to
>> the new server) I think you need to edit the JEP to match...
>> 
>> Although without completely automating the process, the transfer protocol's
>> scope is greatly reduced and starts to bring up the question of if its worth
>> it to make standard protocol for it.  A client could do the same without any
>> new protocol...
>> 
>> -iain 
> I agree whole heartly: I need to update the summary/preview portion of
> the jep. I forgot completely.
> 
> However; a custom client cannot do this as the servers are the ones
> telling each other to modify the roster. The idea is that the end users
> shouldn't really see any difference. They(the user and the client that
> the user uses) would be notified (so that, for example, log files can be
> redirected as needed), but the users shouldn't have to do anything.
> Tertclient should still see fred as fred regardless if he's nolonger
> fred at floobin.cx but now is fred at jabber.org.
> 
> As far as I know there is no way in the protocol existing now to do
> this.

I'll try and comment when you've edited the JEP.  Please let me know when
you have.  I agree that seamless account transfers is a very handy feature.
I'm still concerned about the safety of doing it.

It would be just as handy to do auto transfers of email accounts, web site
accounts, etc but no similar standards have emerged (or even been suggested
as far as I know).  I think there are hidden dangers and practical concerns
still lingering...  It would be great if we could overcome or address them
though!

-iain


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the Standards mailing list