[Standards-JIG] NEW: JEP-0140 (Shared Groups)

maqi at jabberstudio.org maqi at jabberstudio.org
Thu Jul 29 08:46:39 UTC 2004


On Mon, 26 Jul 2004, JEP Editor wrote:

> Version 0.1 of JEP-0140 (Shared Groups) has been released.
> Abstract: This JEP defines a protocol profile for centrally defined and
> administered roster groups.
> Changelog: Initial version. (psa)
> URL: http://www.jabber.org/jeps/jep-0140.html

"It is the receiving application's responsibility to add the
newly-published roster item to the recipient's roster" - if the client
really directly inserts contacts distributed via PubSub into the user's
roster, this is a problem as any malicious server can insert arbitrary
contacts then (as there's no way for a client to check whether the users
is really subscribed to a pubsub node).

All in all, I think this JEP doesn't cover a significant number of the
typical shared groups use cases (even prepopulated rosters can't be done
with it). Plus it needs client support currently (which could be solved by
using the Roster Exchange protocol for distribution of contacts which
would also solve the security problems).

Anyone interested should also read
http://www.jabber.org/wiki/index.php/Shared%20Roster%20Groups

Regards



More information about the Standards mailing list