[Standards-JIG] Re: Roster Subscription Synchronisation

Peter Saint-Andre stpeter at jabber.org
Thu Sep 16 17:53:04 UTC 2004


In article <20040916064332.GC21799 at dev.xaoza.net>, trejkaz at xaoza.net 
wrote:

> The way I see it right now, even if it were implemented as a client thing, 
> the
> wait won't go away.  Whereas the bleeding edge clients will get the fix quite
> soon, users on the clients who aren't so daring will still have to wait 
> forever
> to get the feature, and those users will continue to complain about the same
> problem until every client in existence has implemented the change.
> 
> If it were done purely on the server side, only a few servers would need 
> extra
> code (along with the transports, naturally,) and it should have a greater
> payoff, earlier.
> 
> TX

So a user would authorize an entity (e.g., a gateway) as "trusted" in 
some fashion and the user's server would automatically act on roster 
additions, deletions, and modifications suggested by the entity? It 
seems that the user would still need to know which entity is initiating 
each action so that it can determine whether to continue trusting that 
entity. For example, imagine that you tell your server that you trust 
the following three entities to suggest roster changes:

1. aim.example.org (a gateway to AIM)
2. groups.example.com (a shared groups server for your company)
3. stpeter at jabber.org (for the "JSF Members" list)

Now you start getting new roster items, old items disappear, names and 
groups are changed, etc. How do you know who suggested those changes? 
Perhaps there is a way to limit which roster groups an entity may change 
(e.g., stpeter at jabber.org, who is inherently untrustworthy anyway, can 
suggest changes only in your roster's "JSF Members" group). But it seems 
that you may want to know that groups.example.com suggested to add 
FoxyLady at aim.example.org (what's to stop it from doing so?), because you 
may not trust that entity to add appropriate roster items in the future. 
So perhaps we need to include an "originator" JID (perhaps via JEP-0131) 
in the roster push you receive from the server (we can't set the 'from' 
address of the roster push to aim.example.org since that violates some 
of the protections in XMPP IM).

Other questions arise: what if two entities have recommended that you 
add the same item to your roster, and one calls pgmillard at jabber.org 
"pgm" while another calls that JID "Peter Millard" (where "calls" means 
the value of the 'name' attribute). Which one rules if we don't check 
with the user?

You see, we open an interesting can of worms when we start to mess 
around with rosters.

Speaking of which, I will soon submit a proposal for revising JEP-0093.

Stay tuned...

/psa




More information about the Standards mailing list