[Standards-JIG] Roster block importing and synchronisation using JEP-0093
mikea at yuri.org.uk
Tue Sep 14 18:33:36 UTC 2004
Thanks for the comments. :)
> > This is my first stab at demonstrating the full case for using JEP-0093
> > for roster importing and syncronisation during the period of transition
> > from a legacy client to a jabber client.
> I realise I'm pointing this out to you twice now, and the first reply to
> both our post refering to this issue wasn't till *after* you posted this
> so it was impossible for you to incorporate this into your proposal, but
> for people who didn't read that I'll say it again.
> A gateway can't use presence packets to remove someone from the clients
> roster. It can only set the subscription state to "none". This is because
> in Jabber presence subscription related task are done in the presence
> stanza, and roster related stuff with jabber:iq:roster infoqueries. The
> only exception to this is when you remove a contact from your roster, then
> the *server* will make sure the subscription state of that contact will be
> set to "none".
Ok, I may be being naive or just plain dumb, but could you illustrate
this case as I don't understand what you are driving at here. Other than
to say if there was an item on the roster, then the client would 'auto-
As it happens I have had a similar experience in part with people de-
registering and not unsubscribing their contacts. Each time they log in
they send lots of probe presences which I have been tempted to reply to
with an 'unsubscribed'.
> Excisting clients would need to be modified to remove "none" contacts.
> However, I'd want that for my legacy contacts (after all this means I
> already *have* removed them!), not Jabber contacts. So you'd need to
> specify security rules for clients, to check for which contacts to do this
> and which ones they should not. Or just accept that you'll have "ghosts"
> in your list.
> Furthermore, I have a security concern. What happens I have someone
> subscribed to my legacy contact? Currently, the transport forces you
> through the "subscribed"-hack to have it shown in your roster that someone
> subscribes to your status. But in your proposal you state that it's
> allowed to not to add a contact that's send to you by JEP-0093. The
> *least* a transport concerned with the user's security should do is keep
> trying to ask for a subscription to the user each time the user logs in.
> For every legacy contact in the user's legacy roster there should be at
> least a "from" subscription to the user.
> This a concern because else you might have a user who can see your
> presence, without you knowing it or having any way to find out about it.
> Also, JEP-0093 doesn't define what a client should do if it chooses not to
> "accept" a contact/item in the list. I assume it does nothing, rather then
> send unsubscribe and unsubscribed presence stanzas to it. Do you really
> want people to know you rejected to put them on your list?
Yes, guilty as charged. Looks like I broke rule #1 - Always state your
I did assume that the unhandled items would be handled at the next login
by more prompting of the user, with a jabber:x:roster under the post
roster updating case.
More information about the Standards