[standards-jig] gateway handling of legacy contact lists

Sebastiaan Deckers cbas at rhymbox.com
Tue Dec 16 21:08:23 UTC 2003

Joe Hildebrand wrote:

>Imagine my knowing that your server implements these extensions, running a
>service on a server of mine purporting to be a gateway, and modifying your
>roster without your permission.
>In an S2S world, how do you do the authentication and authorization?
Dialback or other standard S2S mechanisms for authentication.

>How does the user delegate this authority?
By registering with the transport and subscribing to its presence.  
Currently the transport itself is in the user's roster as 
"yahoo.example.com" and "yahoo.example.com/registered" IIRC.

>Is it authority to change your whole roster, or just a portion of it that the gateway owns?
The service should only have access to a subset of the roster items.

>If it's just a portion, how do you denote that?
Only roster items of which the host portion of their address equals the 
service's address.  For example: someone at yahoo.example.com

That is the way it has always been, is it not?
Maybe I am missing something obvious, but this kind of transport control 
over the roster seems fine to me.

More information about the Standards mailing list