[Standards-JIG] Re: Roster Subscription Synchronisation
stpeter at jabber.org
Thu Sep 16 17:53:04 UTC 2004
In article <20040916064332.GC21799 at dev.xaoza.net>, trejkaz at xaoza.net
> The way I see it right now, even if it were implemented as a client thing,
> wait won't go away. Whereas the bleeding edge clients will get the fix quite
> soon, users on the clients who aren't so daring will still have to wait
> to get the feature, and those users will continue to complain about the same
> problem until every client in existence has implemented the change.
> If it were done purely on the server side, only a few servers would need
> code (along with the transports, naturally,) and it should have a greater
> payoff, earlier.
So a user would authorize an entity (e.g., a gateway) as "trusted" in
some fashion and the user's server would automatically act on roster
additions, deletions, and modifications suggested by the entity? It
seems that the user would still need to know which entity is initiating
each action so that it can determine whether to continue trusting that
entity. For example, imagine that you tell your server that you trust
the following three entities to suggest roster changes:
1. aim.example.org (a gateway to AIM)
2. groups.example.com (a shared groups server for your company)
3. stpeter at jabber.org (for the "JSF Members" list)
Now you start getting new roster items, old items disappear, names and
groups are changed, etc. How do you know who suggested those changes?
Perhaps there is a way to limit which roster groups an entity may change
(e.g., stpeter at jabber.org, who is inherently untrustworthy anyway, can
suggest changes only in your roster's "JSF Members" group). But it seems
that you may want to know that groups.example.com suggested to add
FoxyLady at aim.example.org (what's to stop it from doing so?), because you
may not trust that entity to add appropriate roster items in the future.
So perhaps we need to include an "originator" JID (perhaps via JEP-0131)
in the roster push you receive from the server (we can't set the 'from'
address of the roster push to aim.example.org since that violates some
of the protections in XMPP IM).
Other questions arise: what if two entities have recommended that you
add the same item to your roster, and one calls pgmillard at jabber.org
"pgm" while another calls that JID "Peter Millard" (where "calls" means
the value of the 'name' attribute). Which one rules if we don't check
with the user?
You see, we open an interesting can of worms when we start to mess
around with rosters.
Speaking of which, I will soon submit a proposal for revising JEP-0093.
More information about the Standards