[standards-jig] gateway handling of legacy contact lists
cbas at rhymbox.com
Tue Dec 16 21:08:23 UTC 2003
Joe Hildebrand wrote:
>Imagine my knowing that your server implements these extensions, running a
>service on a server of mine purporting to be a gateway, and modifying your
>roster without your permission.
>In an S2S world, how do you do the authentication and authorization?
Dialback or other standard S2S mechanisms for authentication.
>How does the user delegate this authority?
By registering with the transport and subscribing to its presence.
Currently the transport itself is in the user's roster as
"yahoo.example.com" and "yahoo.example.com/registered" IIRC.
>Is it authority to change your whole roster, or just a portion of it that the gateway owns?
The service should only have access to a subset of the roster items.
>If it's just a portion, how do you denote that?
Only roster items of which the host portion of their address equals the
service's address. For example: someone at yahoo.example.com
That is the way it has always been, is it not?
Maybe I am missing something obvious, but this kind of transport control
over the roster seems fine to me.
More information about the Standards